From fbb8b6ef114c7c298a6e20bf271c7b16978d0a70 Mon Sep 17 00:00:00 2001 From: Neil Brown Date: Sat, 26 Aug 2006 17:33:27 +0200 Subject: Fix a potential NULL dereference in md/raid1 At the point where this 'atomic_add' is, rdev could be NULL, as seen by the fact that we test for this in the very next statement. Further is it is really the wrong place of the add. We could add to the count of corrected errors once the are sure it was corrected, not before trying to correct it. Signed-off-by: Neil Brown Signed-off-by: Adrian Bunk --- drivers/md/raid1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index 5d88329e3c7..f0b7caa4a87 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1467,7 +1467,6 @@ static void raid1d(mddev_t *mddev) d = conf->raid_disks; d--; rdev = conf->mirrors[d].rdev; - atomic_add(s, &rdev->corrected_errors); if (rdev && test_bit(In_sync, &rdev->flags)) { if (sync_page_io(rdev->bdev, @@ -1490,6 +1489,9 @@ static void raid1d(mddev_t *mddev) s<<9, conf->tmppage, READ) == 0) /* Well, this device is dead */ md_error(mddev, rdev); + else + atomic_add(s, &rdev->corrected_errors); + } } } else { -- cgit v1.2.3-18-g5258