aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.de>2006-05-23 01:35:26 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-05-23 13:35:31 -0400
commit5c4c33318d26620fa552f15bbb6d0f9775a1b4df (patch)
treed1d39bca5beb51dfcbb47d4b0c47a56214d4448b
parentf2d395865faa2a7cd4620b07178e58cbb160ba08 (diff)
[PATCH] md: fix possible oops when starting a raid0 array
This loop that sets up the hash_table has problems. Careful examination will show that the last time through, everything but the first line is pointless. This is because all it does is change 'cur' and 'size' and neither of these are used after the loop. This should ring warning bells... That last time through the loop, size += conf->strip_zone[cur].size can index off the end of the strip_zone array. Depending on what it finds there, it might exit the loop cleanly, or it might spin going further and further beyond the array until it hits an unmapped address. This patch rearranges the code so that the last, pointless, iteration of the loop never happens. i.e. the one statement of the last loop that is needed is moved the the end of the previous loop - or to before the loop starts - and the loop counter starts from 1 instead of 0. Cc: "Don Dupuis" <dondster@gmail.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--drivers/md/raid0.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index 678f4dbbea1d..cb8c6317e4e5 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -331,13 +331,14 @@ static int raid0_run (mddev_t *mddev)
331 goto out_free_conf; 331 goto out_free_conf;
332 size = conf->strip_zone[cur].size; 332 size = conf->strip_zone[cur].size;
333 333
334 for (i=0; i< nb_zone; i++) { 334 conf->hash_table[0] = conf->strip_zone + cur;
335 conf->hash_table[i] = conf->strip_zone + cur; 335 for (i=1; i< nb_zone; i++) {
336 while (size <= conf->hash_spacing) { 336 while (size <= conf->hash_spacing) {
337 cur++; 337 cur++;
338 size += conf->strip_zone[cur].size; 338 size += conf->strip_zone[cur].size;
339 } 339 }
340 size -= conf->hash_spacing; 340 size -= conf->hash_spacing;
341 conf->hash_table[i] = conf->strip_zone + cur;
341 } 342 }
342 if (conf->preshift) { 343 if (conf->preshift) {
343 conf->hash_spacing >>= conf->preshift; 344 conf->hash_spacing >>= conf->preshift;