Merge tag 'md-6.9-20240408' of https://git.kernel.org/pub/scm/linux/kernel/git/song/md into block-6.9

Pull MD fix from Song: "This change, by Yu Kuai, fixes a UAF in a corner case." * tag 'md-6.9-20240408' of https://git.kernel.org/pub/scm/linux/kernel/git/song/md: raid1: fix use-after-free for original bio in raid1_write_request()
author: Jens Axboe <axboe@kernel.dk> 2024-04-08 21:49:27 -0600
committer: Jens Axboe <axboe@kernel.dk> 2024-04-08 21:49:27 -0600
commit: 013ee5a6234d4c574dedd60c4887a4bcc9ecc749 (patch)
tree: 7d3f5ac01441d0c1bf08a50efd34a8ef37fee73e
parent: b561ea56a26415bf44ce8ca6a8e625c7c390f1ea (diff)
parent: fcf3f7e2fc8a53a6140beee46ec782a4c88e4744 (diff)
download: linux-013ee5a6234d4c574dedd60c4887a4bcc9ecc749.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index be8ac24f50b6a..7b8a71ca66dde 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1558,7 +1558,7 @@ static void raid1_write_request(struct mddev *mddev, struct bio *bio,
 		for (j = 0; j < i; j++)
 			if (r1_bio->bios[j])
 				rdev_dec_pending(conf->mirrors[j].rdev, mddev);
-		free_r1bio(r1_bio);
+		mempool_free(r1_bio, &conf->r1bio_pool);
 		allow_barrier(conf, bio->bi_iter.bi_sector);
 
 		if (bio->bi_opf & REQ_NOWAIT) {
author	Jens Axboe <axboe@kernel.dk>	2024-04-08 21:49:27 -0600
committer	Jens Axboe <axboe@kernel.dk>	2024-04-08 21:49:27 -0600
commit	013ee5a6234d4c574dedd60c4887a4bcc9ecc749 (patch)
tree	7d3f5ac01441d0c1bf08a50efd34a8ef37fee73e
parent	b561ea56a26415bf44ce8ca6a8e625c7c390f1ea (diff)
parent	fcf3f7e2fc8a53a6140beee46ec782a4c88e4744 (diff)
download	linux-013ee5a6234d4c574dedd60c4887a4bcc9ecc749.tar.gz