From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: "Jeff Zheng" <Jeff.Zheng@endace.com>, Neil Brown <neilb@suse.de>,
Chris Wright <chrisw@sous-sol.org>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [2.6.20.16 review 02/28] md: Avoid overflow in raid0 calculation with large components.
Date: Sat, 11 Aug 2007 21:47:54 +0200 [thread overview]
Message-ID: <20070811184829.%N@1wt.eu> (raw)
In-Reply-To: 20070811184752.%N@1wt.eu
[-- Attachment #1: 0002-PATCH-md-Avoid-overflow-in-raid0-calculation-with.patch --]
[-- Type: text/plain, Size: 1334 bytes --]
If a raid0 has a component device larger than 4TB, and is accessed on
a 32bit machines, then as 'chunk' is unsigned lock,
chunk << chunksize_bits
can overflow (this can be as high as the size of the device in KB).
chunk itself will not overflow (without triggering a BUG).
So change 'chunk' to be 'sector_t, and get rid of the 'BUG' as it becomes
impossible to hit.
Cc: "Jeff Zheng" <Jeff.Zheng@endace.com>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/md/raid0.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index dfe3214..2c404f7 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -415,7 +415,7 @@ static int raid0_make_request (request_queue_t *q, struct bio *bio)
raid0_conf_t *conf = mddev_to_conf(mddev);
struct strip_zone *zone;
mdk_rdev_t *tmp_dev;
- unsigned long chunk;
+ sector_t chunk;
sector_t block, rsect;
const int rw = bio_data_dir(bio);
@@ -470,7 +470,6 @@ static int raid0_make_request (request_queue_t *q, struct bio *bio)
sector_div(x, zone->nb_dev);
chunk = x;
- BUG_ON(x != (sector_t)chunk);
x = block >> chunksize_bits;
tmp_dev = zone->dev[sector_div(x, zone->nb_dev)];
--
1.5.2.4
--
next prev parent reply other threads:[~2007-08-11 18:59 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-11 18:47 [2.6.20.16 review 00/28] 2.6.20.16 -stable review Willy Tarreau
2007-08-11 19:47 ` [2.6.20.16 review 01/28] i386: Fix K8/core2 oprofile on multiple CPUs Willy Tarreau
2007-08-11 19:47 ` Willy Tarreau [this message]
2007-08-11 19:47 ` [2.6.20.16 review 03/28] md: Dont write more than is required of the last page of a bitmap Willy Tarreau
2007-08-11 19:47 ` [2.6.20.16 review 04/28] make freezeable workqueues singlethread Willy Tarreau
2007-08-11 19:47 ` [2.6.20.16 review 05/28] Char: cyclades, fix deadlock Willy Tarreau
2007-08-11 19:47 ` [2.6.20.16 review 06/28] e1000: disable polling before registering netdevice Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 08/28] x86_64: allocate sparsemem memmap above 4G Willy Tarreau
2007-08-12 10:18 ` Andi Kleen
2007-08-12 11:52 ` Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 09/28] sparsemem: fix oops in x86_64 show_mem Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 10/28] rt-mutex: Fix stale return value Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 11/28] rt-mutex: Fix chain walk early wakeup bug Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 13/28] md: Fix two raid10 bugs Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 14/28] md: Fix bug in error handling during raid1 repair Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 15/28] dm crypt: disable barriers Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 16/28] dm crypt: fix call to clone_init Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 17/28] dm crypt: fix avoid cloned bio ref after free Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 19/28] sched: fix next_interval determination in idle_balance() Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 21/28] audit: fix oops removing watch if audit disabled Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 22/28] POWERPC: Fix subtle FP state corruption bug in signal return on SMP Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 23/28] mm: kill validate_anon_vma to avoid mapcount BUG Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 24/28] saa7134: fix thread shutdown handling Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 25/28] serial: clear proper MPSC interrupt cause bits Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 26/28] i386: fix infinite loop with singlestep int80 syscalls Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 27/28] NTP: remove clock_was_set() call to prevent deadlock Willy Tarreau
2007-08-12 11:15 ` Jason Uhlenkott
2007-08-12 11:47 ` Willy Tarreau
2007-08-11 19:48 ` [2.6.20.16 review 28/28] sky2: workaround for lost IRQ Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070811184829.%N@1wt.eu \
--to=w@1wt.eu \
--cc=Jeff.Zheng@endace.com \
--cc=chrisw@sous-sol.org \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.de \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox