* [PATCH] imsm: FIX: map coping causes mdmon crash
@ 2011-01-31 16:05 Adam Kwolek
2011-01-31 23:38 ` NeilBrown
0 siblings, 1 reply; 2+ messages in thread
From: Adam Kwolek @ 2011-01-31 16:05 UTC (permalink / raw)
To: neilb; +Cc: linux-raid, dan.j.williams, ed.ciechanowski, wojciech.neubauer
Too big map was copied (outside allocated memory) and this causes
mdmon crash for 2 raid0 arrays in container.
Map of correct (smaller) size should be copied,
to not overwrite any internal data.
Signed-off-by: Adam Kwolek <adam.kwolek@intel.com>
---
super-intel.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/super-intel.c b/super-intel.c
index 0c988d6..3de4132 100644
--- a/super-intel.c
+++ b/super-intel.c
@@ -5074,6 +5074,7 @@ static void imsm_progress_container_reshape(struct intel_super *super)
struct imsm_super *mpb = super->anchor;
int prev_disks = -1;
int i;
+ int copy_map_size;
for (i = 0; i < mpb->num_raid_devs; i++) {
struct imsm_dev *dev = get_imsm_dev(super, i);
@@ -5094,6 +5095,7 @@ static void imsm_progress_container_reshape(struct intel_super *super)
* i.e it needs a migr_state
*/
+ copy_map_size = sizeof_imsm_map(map);
prev_num_members = map->num_members;
map->num_members = prev_disks;
dev->vol.migr_state = 1;
@@ -5104,7 +5106,7 @@ static void imsm_progress_container_reshape(struct intel_super *super)
set_imsm_ord_tbl_ent(map, i, i);
map2 = get_imsm_map(dev, 1);
/* Copy the current map */
- memcpy(map2, map, sizeof_imsm_map(map));
+ memcpy(map2, map, copy_map_size);
map2->num_members = prev_num_members;
/* calculate new size
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] imsm: FIX: map coping causes mdmon crash
2011-01-31 16:05 [PATCH] imsm: FIX: map coping causes mdmon crash Adam Kwolek
@ 2011-01-31 23:38 ` NeilBrown
0 siblings, 0 replies; 2+ messages in thread
From: NeilBrown @ 2011-01-31 23:38 UTC (permalink / raw)
To: Adam Kwolek
Cc: linux-raid, dan.j.williams, ed.ciechanowski, wojciech.neubauer
On Mon, 31 Jan 2011 17:05:48 +0100 Adam Kwolek <adam.kwolek@intel.com> wrote:
> Too big map was copied (outside allocated memory) and this causes
> mdmon crash for 2 raid0 arrays in container.
> Map of correct (smaller) size should be copied,
> to not overwrite any internal data.
>
> Signed-off-by: Adam Kwolek <adam.kwolek@intel.com>
Applied, thanks.
NeilBrown
> ---
>
> super-intel.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/super-intel.c b/super-intel.c
> index 0c988d6..3de4132 100644
> --- a/super-intel.c
> +++ b/super-intel.c
> @@ -5074,6 +5074,7 @@ static void imsm_progress_container_reshape(struct intel_super *super)
> struct imsm_super *mpb = super->anchor;
> int prev_disks = -1;
> int i;
> + int copy_map_size;
>
> for (i = 0; i < mpb->num_raid_devs; i++) {
> struct imsm_dev *dev = get_imsm_dev(super, i);
> @@ -5094,6 +5095,7 @@ static void imsm_progress_container_reshape(struct intel_super *super)
> * i.e it needs a migr_state
> */
>
> + copy_map_size = sizeof_imsm_map(map);
> prev_num_members = map->num_members;
> map->num_members = prev_disks;
> dev->vol.migr_state = 1;
> @@ -5104,7 +5106,7 @@ static void imsm_progress_container_reshape(struct intel_super *super)
> set_imsm_ord_tbl_ent(map, i, i);
> map2 = get_imsm_map(dev, 1);
> /* Copy the current map */
> - memcpy(map2, map, sizeof_imsm_map(map));
> + memcpy(map2, map, copy_map_size);
> map2->num_members = prev_num_members;
>
> /* calculate new size
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-01-31 23:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-31 16:05 [PATCH] imsm: FIX: map coping causes mdmon crash Adam Kwolek
2011-01-31 23:38 ` NeilBrown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).