diff options
author | NeilBrown <neilb@suse.de> | 2010-10-06 20:54:46 -0400 |
---|---|---|
committer | NeilBrown <neilb@suse.de> | 2010-10-06 20:54:46 -0400 |
commit | 7571ae887d3b96d8e7ce63d43828866c6a91cdc6 (patch) | |
tree | ecdc5d71d3d957604a172c23ef9943438ccee949 /drivers/md | |
parent | 7c6d45e665d5322401e4439060bbf758b08422d4 (diff) |
md/raid1: avoid overflow in raid1 resync when bitmap is in use.
bitmap_start_sync returns - via a pass-by-reference variable - the
number of sectors before we need to check with the bitmap again.
Since commit ef4256733506f245 this number can be substantially larger,
2^27 is a common value.
Unfortunately it is an 'int' and so when raid1.c:sync_request shifts
it 9 places to the left it becomes 0. This results in a zero-length
read which the scsi layer justifiably complains about.
This patch just removes the shift so the common case becomes safe with
a trivially-correct patch.
In the next merge window we will convert this 'int' to a 'sector_t'
Reported-by: "George Spelvin" <linux@horizon.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Diffstat (limited to 'drivers/md')
-rw-r--r-- | drivers/md/raid1.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index ad83a4dcadc3..fba4d2feaeb4 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c | |||
@@ -1912,7 +1912,7 @@ static sector_t sync_request(mddev_t *mddev, sector_t sector_nr, int *skipped, i | |||
1912 | !test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery)) | 1912 | !test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery)) |
1913 | break; | 1913 | break; |
1914 | BUG_ON(sync_blocks < (PAGE_SIZE>>9)); | 1914 | BUG_ON(sync_blocks < (PAGE_SIZE>>9)); |
1915 | if (len > (sync_blocks<<9)) | 1915 | if ((len >> 9) > sync_blocks) |
1916 | len = sync_blocks<<9; | 1916 | len = sync_blocks<<9; |
1917 | } | 1917 | } |
1918 | 1918 | ||