[PATCH 000 of 2] md: Introduction

[PATCH 000 of 2] md: Introduction

[NeilBrown]

Two patches to fix two possibly Oopses in md/raid
Both are suitable for 2.6.17.

Both involve indexing off the end of the array, and only cause a
problem if the ends up hitting a non-mapped page.

The first only affects raid0 is fairly rare put possible circumstances.

The second can affect all users of bio_split: linear, raid0, raid10

Thanks to Don Dupuis for hitting these bugs!

 [PATCH 001 of 2] md: Fix possible oops when starting a raid0 array
 [PATCH 002 of 2] md: Make sure bi_max_vecs is set properly in bio_split

[PATCH 001 of 2] md: Fix possible oops when starting a raid0 array

[NeilBrown]

This loop that sets up the hash_table has problems.

Careful examination will show that the last time through, everything
but the first line is pointless.  This is because all it does is
change 'cur' and 'size' and neither of these are used after
the loop.  This should ring warning bells...
That last time through the loop, 
        size += conf->strip_zone[cur].size
can index off the end of the strip_zone array.
Depending on what it finds there, it might exit the loop cleanly, 
or it might spin going further and further beyond the array until
it hits an unmapped address.

This patch rearranges the code so that the last, pointless, iteration
of the loop never happens.  i.e. the one statement of the last loop
that is needed is moved the the end of the previous loop - or to
before the loop starts - and the loop counter starts from 1
instead of 0.


Cc: "Don Dupuis" <dondster@gmail.com>
Signed-off-by: Neil Brown <neilb@suse.de>

### Diffstat output
 ./drivers/md/raid0.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff ./drivers/md/raid0.c~current~ ./drivers/md/raid0.c
--- ./drivers/md/raid0.c~current~	2006-05-22 15:33:05.000000000 +1000
+++ ./drivers/md/raid0.c	2006-05-22 15:35:01.000000000 +1000
@@ -331,13 +331,14 @@ static int raid0_run (mddev_t *mddev)
 		goto out_free_conf;
 	size = conf->strip_zone[cur].size;
 
-	for (i=0; i< nb_zone; i++) {
-		conf->hash_table[i] = conf->strip_zone + cur;
+	conf->hash_table[0] = conf->strip_zone + cur;
+	for (i=1; i< nb_zone; i++) {
 		while (size <= conf->hash_spacing) {
 			cur++;
 			size += conf->strip_zone[cur].size;
 		}
 		size -= conf->hash_spacing;
+		conf->hash_table[i] = conf->strip_zone + cur;
 	}
 	if (conf->preshift) {
 		conf->hash_spacing >>= conf->preshift;

[PATCH 002 of 2] md: Make sure bi_max_vecs is set properly in bio_split

[NeilBrown]

Else a subsequence bio_clone might make a mess.

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: "Don Dupuis" <dondster@gmail.com>
Cc: Jens Axboe <axboe@suse.de>
### Diffstat output
 ./fs/bio.c |    3 +++
 1 file changed, 3 insertions(+)

diff ./fs/bio.c~current~ ./fs/bio.c
--- ./fs/bio.c~current~	2006-05-22 16:12:46.000000000 +1000
+++ ./fs/bio.c	2006-05-22 16:12:16.000000000 +1000
@@ -1103,6 +1103,9 @@ struct bio_pair *bio_split(struct bio *b
 	bp->bio1.bi_io_vec = &bp->bv1;
 	bp->bio2.bi_io_vec = &bp->bv2;
 
+	bp->bio1.bi_max_vecs = 1;
+	bp->bio2.bi_max_vecs = 1;
+
 	bp->bio1.bi_end_io = bio_pair_end_1;
 	bp->bio2.bi_end_io = bio_pair_end_2;
 

Re: [PATCH 002 of 2] md: Make sure bi_max_vecs is set properly in bio_split

[Jens Axboe]

On Mon, May 22 2006, NeilBrown wrote:
> 
> Else a subsequence bio_clone might make a mess.
> 
> Signed-off-by: Neil Brown <neilb@suse.de>
> Cc: "Don Dupuis" <dondster@gmail.com>
> Cc: Jens Axboe <axboe@suse.de>
> ### Diffstat output
>  ./fs/bio.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff ./fs/bio.c~current~ ./fs/bio.c
> --- ./fs/bio.c~current~	2006-05-22 16:12:46.000000000 +1000
> +++ ./fs/bio.c	2006-05-22 16:12:16.000000000 +1000
> @@ -1103,6 +1103,9 @@ struct bio_pair *bio_split(struct bio *b
>  	bp->bio1.bi_io_vec = &bp->bv1;
>  	bp->bio2.bi_io_vec = &bp->bv2;
>  
> +	bp->bio1.bi_max_vecs = 1;
> +	bp->bio2.bi_max_vecs = 1;
> +
>  	bp->bio1.bi_end_io = bio_pair_end_1;
>  	bp->bio2.bi_end_io = bio_pair_end_2;
>  

Obviously correct, thanks Neil.

-- 
Jens Axboe