linux/drivers/md
NeilBrown 589a594be1 md: protect against NULL reference when waiting to start a raid10.
When we fail to start a raid10 for some reason, we call
md_unregister_thread to kill the thread that was created.

Unfortunately md_thread() will then make one call into the handler
(raid10d) even though md_wakeup_thread has not been called.  This is
not safe and as md_unregister_thread is called after mddev->private
has been set to NULL, it will definitely cause a NULL dereference.

So fix this at both ends:
 - md_thread should only call the handler if THREAD_WAKEUP has been
   set.
 - raid10 should call md_unregister_thread before setting things
   to NULL just like all the other raid modules do.

This is applicable to 2.6.35 and later.

Cc: stable@kernel.org
Reported-by: "Citizen" <citizen_lee@thecus.com>
Signed-off-by: NeilBrown <neilb@suse.de>
2010-12-09 17:02:14 +11:00
..
bitmap.c md: unplug writes to external bitmaps. 2010-10-29 16:40:32 +11:00
bitmap.h md: use sector_t in bitmap_get_counter 2010-10-28 17:32:26 +11:00
dm-bio-record.h dm: preserve bi_io_vec when resubmitting bios 2009-04-02 19:55:23 +01:00
dm-crypt.c dm: implement REQ_FLUSH/FUA support for bio-based dm 2010-09-10 12:35:38 +02:00
dm-delay.c dm delay: support discard 2010-08-12 04:14:13 +01:00
dm-exception-store.c dm snapshot: test chunk size against both origin and snapshot 2010-08-12 04:13:51 +01:00
dm-exception-store.h dm snapshot: test chunk size against both origin and snapshot 2010-08-12 04:13:51 +01:00
dm-io.c dm: implement REQ_FLUSH/FUA support for bio-based dm 2010-09-10 12:35:38 +02:00
dm-ioctl.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
dm-kcopyd.c block: unify flags for struct bio and struct request 2010-08-07 18:20:39 +02:00
dm-linear.c dm: use dm_target_offset macro 2010-08-12 04:14:11 +01:00
dm-log-userspace-base.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dm-log-userspace-transfer.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dm-log-userspace-transfer.h dm log: userspace add luid to distinguish between concurrent log instances 2009-09-04 20:40:34 +01:00
dm-log.c dm: implement REQ_FLUSH/FUA support for bio-based dm 2010-09-10 12:35:38 +02:00
dm-mpath.c dm mpath: support discard 2010-08-12 04:14:32 +01:00
dm-mpath.h dm mpath: remove is_active from struct dm_path 2008-10-10 13:36:58 +01:00
dm-path-selector.c dm: path selector use module refcount directly 2009-04-02 19:55:27 +01:00
dm-path-selector.h dm mpath: add start_io and nr_bytes to path selectors 2009-06-22 10:12:27 +01:00
dm-queue-length.c dm mpath: add queue length load balancer 2009-06-22 10:12:27 +01:00
dm-raid1.c dm: implement REQ_FLUSH/FUA support for bio-based dm 2010-09-10 12:35:38 +02:00
dm-region-hash.c dm: implement REQ_FLUSH/FUA support for bio-based dm 2010-09-10 12:35:38 +02:00
dm-round-robin.c dm mpath: add start_io and nr_bytes to path selectors 2009-06-22 10:12:27 +01:00
dm-service-time.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dm-snap-persistent.c workqueues: s/ON_STACK/ONSTACK/ 2010-10-26 16:52:14 -07:00
dm-snap-transient.c dm snapshot: move cow ref from exception store to snap core 2009-12-10 23:52:12 +00:00
dm-snap.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
dm-stripe.c dm: implement REQ_FLUSH/FUA support for bio-based dm 2010-09-10 12:35:38 +02:00
dm-sysfs.c Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
dm-table.c Consolidate min_not_zero 2010-09-10 20:07:38 +02:00
dm-target.c dm: error return error for discards 2010-08-12 04:14:14 +01:00
dm-uevent.c dm table: remove dm_get from dm_table_get_md 2010-03-06 02:29:52 +00:00
dm-uevent.h
dm-zero.c dm: zero silently drop discards 2010-08-12 04:14:12 +01:00
dm.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
dm.h dm: linear support discard 2010-08-12 04:14:08 +01:00
faulty.c md: use separate bio pool for each md device. 2010-10-28 17:36:15 +11:00
Kconfig Merge branch 'async' of macbook:git/btrfs-unstable 2010-08-09 10:36:44 +01:00
linear.c md: implment REQ_FLUSH/FUA support 2010-09-10 12:35:38 +02:00
linear.h md/linear: use call_rcu to free obsolete 'conf' structures. 2009-06-18 08:49:42 +10:00
Makefile Merge branch 'async' of macbook:git/btrfs-unstable 2010-08-09 10:36:44 +01:00
md.c md: protect against NULL reference when waiting to start a raid10. 2010-12-09 17:02:14 +11:00
md.h md: use separate bio pool for each md device. 2010-10-28 17:36:15 +11:00
multipath.c md: implment REQ_FLUSH/FUA support 2010-09-10 12:35:38 +02:00
multipath.h md: remove mddev_to_conf "helper" macro 2009-06-16 16:54:21 +10:00
raid0.c md: implment REQ_FLUSH/FUA support 2010-09-10 12:35:38 +02:00
raid0.h md: fix handling of array level takeover that re-arranges devices. 2010-06-24 13:33:24 +10:00
raid1.c md/raid1: really fix recovery looping when single good device fails. 2010-11-24 16:39:46 +11:00
raid1.h md/raid1: discard unused variable. 2010-10-29 16:40:33 +11:00
raid5.c md: use separate bio pool for each md device. 2010-10-28 17:36:15 +11:00
raid5.h md: implment REQ_FLUSH/FUA support 2010-09-10 12:35:38 +02:00
raid10.c md: protect against NULL reference when waiting to start a raid10. 2010-12-09 17:02:14 +11:00
raid10.h md: fix handling of array level takeover that re-arranges devices. 2010-06-24 13:33:24 +10:00