md/raid1: avoid overflow in raid1 resync when bitmap is in use.

bitmap_start_sync returns - via a pass-by-reference variable - the number of sectors before we need to check with the bitmap again. Since commit ef4256733506f245 this number can be substantially larger, 2^27 is a common value. Unfortunately it is an 'int' and so when raid1.c:sync_request shifts it 9 places to the left it becomes 0. This results in a zero-length read which the scsi layer justifiably complains about. This patch just removes the shift so the common case becomes safe with a trivially-correct patch. In the next merge window we will convert this 'int' to a 'sector_t' Reported-by: "George Spelvin" <linux@horizon.com> Signed-off-by: NeilBrown <neilb@suse.de>
2010-10-07 11:54:46 +11:00 · 2010-10-07 11:54:46 +11:00 · 7571ae887d
commit 7571ae887d
parent 7c6d45e665
1 changed files with 1 additions and 1 deletions
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@ -1912,7 +1912,7 @@ static sector_t sync_request(mddev_t *mddev, sector_t sector_nr, int *skipped, i
 			    !test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery))
 				break;
 			BUG_ON(sync_blocks < (PAGE_SIZE>>9));
-			if (len > (sync_blocks<<9))
+			if ((len >> 9) > sync_blocks)
 				len = sync_blocks<<9;
 		}