From: NeilBrown Date: Thu, 7 Oct 2010 00:54:46 +0000 (+1100) Subject: md/raid1: avoid overflow in raid1 resync when bitmap is in use. X-Git-Tag: firefly_0821_release~7613^2~3799^2~2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=7571ae887d3b96d8e7ce63d43828866c6a91cdc6;p=firefly-linux-kernel-4.4.55.git md/raid1: avoid overflow in raid1 resync when bitmap is in use. bitmap_start_sync returns - via a pass-by-reference variable - the number of sectors before we need to check with the bitmap again. Since commit ef4256733506f245 this number can be substantially larger, 2^27 is a common value. Unfortunately it is an 'int' and so when raid1.c:sync_request shifts it 9 places to the left it becomes 0. This results in a zero-length read which the scsi layer justifiably complains about. This patch just removes the shift so the common case becomes safe with a trivially-correct patch. In the next merge window we will convert this 'int' to a 'sector_t' Reported-by: "George Spelvin" Signed-off-by: NeilBrown --- diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index ad83a4dcadc3..fba4d2feaeb4 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1912,7 +1912,7 @@ static sector_t sync_request(mddev_t *mddev, sector_t sector_nr, int *skipped, i !test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery)) break; BUG_ON(sync_blocks < (PAGE_SIZE>>9)); - if (len > (sync_blocks<<9)) + if ((len >> 9) > sync_blocks) len = sync_blocks<<9; }