Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp235197rwd; Fri, 26 May 2023 18:40:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4DnqWYnGABaurbN4g3oe+kHqsyP0yJzC2BphlxjdeACEWQCfdbxekQDA/Zola1eLYWv08K X-Received: by 2002:a17:903:22c9:b0:1b0:1fd:c231 with SMTP id y9-20020a17090322c900b001b001fdc231mr6025314plg.38.1685151626939; Fri, 26 May 2023 18:40:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685151626; cv=none; d=google.com; s=arc-20160816; b=JbdCl47gxmQGKwmcDNOrI7OBe1U09//Z8nNCtQL+5rTPIxqQgVBY8gH/Or9O0nge0k Q4td3Oe73UHXLBALdVR48FRl+1Wksu7RvHtuJm2lbQvVavayegPEOT+bTE3G6BgcYMn5 8q35kbartQ7jqZnWruMSQi659er57qJFYFhjfEkJSImwQLhCOqFjdoc2svHzjsN6lAtd +YMNFgDBmHihhy6GhaUosMcZQjvvxsUKtDBNk3vU8GM1HJMB99bd1v5scaygRbLoVCni 7TIxLhy/1arnshnVRV6zQeeM38gvs4AdTY/KpwojWCQWltxQk4n8igWJWOW/wwTBjjgT mtjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject; bh=GwwjSE73R8Yl0L/XTfLlGogKD9P7UaTQCrqkFVmd8Ac=; b=MaBZsnLvqiX0GWVHTMQPVmOcOdvvVmo5ew19VVzNDSGjm65pCuplJZLhccHstwVUFI Dvd7zuWzMF+uGQutLjUjBZy3j11q+CURIK2KvgoozpsubqKMGVtfMzIjw+fisKbczwg6 Ckls8l0q3P5rk786Hr3pIJOlT/rmwazm3mtQ9gpadEfJ0RZ7YS2db/bgj7QRxtI0ZJuA k63vlgi426aAtPkLnsiLDeDHP7xuCxy6zkDcdIdl/qsFxYjFrF0Z8XuMIVHnNSf+Y04y k4iIUQ97l/DkVKhRXHgL5yegXQLPlTHHq/OWvsYyChNsyp6wP48IPPFLFCyNwA5/ji/o yagA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p8-20020a170902a40800b001ab18eacb8csi1218784plq.526.2023.05.26.18.40.11; Fri, 26 May 2023 18:40:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236705AbjE0BRv (ORCPT + 99 others); Fri, 26 May 2023 21:17:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57694 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229762AbjE0BRu (ORCPT ); Fri, 26 May 2023 21:17:50 -0400 Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F22AED9; Fri, 26 May 2023 18:17:49 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.153]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4QSkRt22VNz4f3mHm; Sat, 27 May 2023 09:17:46 +0800 (CST) Received: from [10.174.176.73] (unknown [10.174.176.73]) by APP4 (Coremail) with SMTP id gCh0CgCH77I5WnFk4f4tKQ--.29659S3; Sat, 27 May 2023 09:17:47 +0800 (CST) Subject: Re: [PATCH v2 1/4] md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request To: Song Liu , linan666@huaweicloud.com Cc: bingjingc@synology.com, allenpeng@synology.com, alexwu@synology.com, shli@fb.com, neilb@suse.de, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linan122@huawei.com, yi.zhang@huawei.com, houtao1@huawei.com, yangerkun@huawei.com, "yukuai (C)" References: <20230526074551.669792-1-linan666@huaweicloud.com> <20230526074551.669792-2-linan666@huaweicloud.com> From: Yu Kuai Message-ID: <5d836b41-2dff-e829-2e18-97ea4565b5bc@huaweicloud.com> Date: Sat, 27 May 2023 09:17:45 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-CM-TRANSID: gCh0CgCH77I5WnFk4f4tKQ--.29659S3 X-Coremail-Antispam: 1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUYv7AC8VAFwI0_Gr0_Xr1l1xkIjI8I6I8E 6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28Cjx kF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4x0Y4vE2Ix0cI8I cVCY1x0267AKxVW8Jr0_Cr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87 Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE 6c02F40Ex7xfMcIj6xIIjxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72 CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4II rI8v6xkF7I0E8cxan2IY04v7Mxk0xIA0c2IEe2xFo4CEbIxvr21l42xK82IYc2Ij64vIr4 1l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK 67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI 8IcVAFwI0_JFI_Gr1lIxAIcVC0I7IYx2IY6xkF7I0E14v26F4j6r4UJwCI42IY6xAIw20E Y4v20xvaj40_Wr1j6rW3Jr1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x 0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7VUbXdbUUUUUU== X-CM-SenderInfo: 51xn3trlr6x35dzhxuhorxvhhfrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS, NICE_REPLY_A,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, 在 2023/05/27 5:38, Song Liu 写道: > On Fri, May 26, 2023 at 12:47 AM wrote: } > > To make sure I understand the issue correctly: > > The null-ptr-deref only happens when the Faulty bit was set after the > last check and before this check below, right? Yes, you're right. Thanks, Kuai > >> - if (mreplace && test_bit(Faulty, &mreplace->flags)) >> - mreplace = NULL; >> /* Unless we are doing a full sync, or a replacement >> * we only need to recover the block if it is set in >> * the bitmap > > Thanks, > Song >