git.karo-electronics.de Git - karo-tx-linux.git/commit

author	NeilBrown <neilb@suse.de>
	Fri, 17 Aug 2012 23:51:42 +0000 (09:51 +1000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 2 Oct 2012 17:39:10 +0000 (10:39 -0700)
commit	f75a855c75feb7ca747c505c714973741b5c2920
tree	160621e8d5c4148fca4d4476eb11f8065d51aed4	tree \| snapshot
parent	3ed7a69d881a940185cebab49e22f7d5daa0767f	commit \| diff

md/raid10: fix problem with on-stack allocation of r10bio structure.

commit e0ee778528bbaad28a5c69d2e219269a3a096607 upstream.

A 'struct r10bio' has an array of per-copy information at the end.
This array is declared with size [0] and r10bio_pool_alloc allocates
enough extra space to store the per-copy information depending on the
number of copies needed.

So declaring a 'struct r10bio on the stack isn't going to work. It
won't allocate enough space, and memory corruption will ensue.

So in the two places where this is done, declare a sufficiently large
structure and use that instead.

The two call-sites of this bug were introduced in 3.4 and 3.5
so this is suitable for both those kernels. The patch will have to
be modified for 3.4 as it only has one bug.

Reported-by: Ivan Vasilyev <ivan.vasilyev@gmail.com>
Tested-by: Ivan Vasilyev <ivan.vasilyev@gmail.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/md/raid10.c		diff \| blob \| history
drivers/md/raid10.h		diff \| blob \| history