[016/251] md/raid10: fix two bugs affecting RAID10 reshape.

From: Steven Rostedt
Date: Wed Sep 11 2013 - 00:44:06 EST


3.6.11.9-rc1 stable review patch.
If anyone has any objections, please let me know.

------------------

From: NeilBrown <neilb@xxxxxxx>

[ Upstream commit 78eaa0d4cbcdb345992fa3dd22b3bcbb473cc064 ]

1/ If a RAID10 is being reshaped to a fewer number of devices
and is stopped while this is ongoing, then when the array is
reassembled the 'mirrors' array will be allocated too small.
This will lead to an access error or memory corruption.

2/ A sanity test for a reshaping RAID10 array is restarted
is slightly incorrect.

Due to the first bug, this is suitable for any -stable
kernel since 3.5 where this code was introduced.

Cc: stable@xxxxxxxxxxxxxxx (v3.5+)
Signed-off-by: NeilBrown <neilb@xxxxxxx>
Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
---
drivers/md/raid10.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index cd7394b..e2d5778 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3434,7 +3434,7 @@ static struct r10conf *setup_conf(struct mddev *mddev)

/* FIXME calc properly */
conf->mirrors = kzalloc(sizeof(struct raid10_info)*(mddev->raid_disks +
- max(0,mddev->delta_disks)),
+ max(0,-mddev->delta_disks)),
GFP_KERNEL);
if (!conf->mirrors)
goto out;
@@ -3578,7 +3578,7 @@ static int run(struct mddev *mddev)
conf->geo.far_offset == 0)
goto out_free_conf;
if (conf->prev.far_copies != 1 &&
- conf->geo.far_offset == 0)
+ conf->prev.far_offset == 0)
goto out_free_conf;
}

--
1.7.10.4


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/