summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.de>2010-10-07 11:54:46 +1100
committerNeilBrown <neilb@suse.de>2010-10-07 11:54:46 +1100
commit7571ae887d3b96d8e7ce63d43828866c6a91cdc6 (patch)
treeecdc5d71d3d957604a172c23ef9943438ccee949
parent7c6d45e665d5322401e4439060bbf758b08422d4 (diff)
md/raid1: avoid overflow in raid1 resync when bitmap is in use.
bitmap_start_sync returns - via a pass-by-reference variable - the number of sectors before we need to check with the bitmap again. Since commit ef4256733506f245 this number can be substantially larger, 2^27 is a common value. Unfortunately it is an 'int' and so when raid1.c:sync_request shifts it 9 places to the left it becomes 0. This results in a zero-length read which the scsi layer justifiably complains about. This patch just removes the shift so the common case becomes safe with a trivially-correct patch. In the next merge window we will convert this 'int' to a 'sector_t' Reported-by: "George Spelvin" <linux@horizon.com> Signed-off-by: NeilBrown <neilb@suse.de>
-rw-r--r--drivers/md/raid1.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index ad83a4dcadc..fba4d2feaeb 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1912,7 +1912,7 @@ static sector_t sync_request(mddev_t *mddev, sector_t sector_nr, int *skipped, i
!test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery))
break;
BUG_ON(sync_blocks < (PAGE_SIZE>>9));
- if (len > (sync_blocks<<9))
+ if ((len >> 9) > sync_blocks)
len = sync_blocks<<9;
}