summaryrefslogtreecommitdiffstats
path: root/drivers/md/raid10.h
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.de>2012-08-18 01:51:42 +0200
committerNeilBrown <neilb@suse.de>2012-08-18 01:51:42 +0200
commite0ee778528bbaad28a5c69d2e219269a3a096607 (patch)
tree85e2824b053d7ade3ee64a98c0c5a535a9af013f /drivers/md/raid10.h
parentmd: Don't truncate size at 4TB for RAID0 and Linear (diff)
downloadlinux-e0ee778528bbaad28a5c69d2e219269a3a096607.tar.xz
linux-e0ee778528bbaad28a5c69d2e219269a3a096607.zip
md/raid10: fix problem with on-stack allocation of r10bio structure.
A 'struct r10bio' has an array of per-copy information at the end. This array is declared with size [0] and r10bio_pool_alloc allocates enough extra space to store the per-copy information depending on the number of copies needed. So declaring a 'struct r10bio on the stack isn't going to work. It won't allocate enough space, and memory corruption will ensue. So in the two places where this is done, declare a sufficiently large structure and use that instead. The two call-sites of this bug were introduced in 3.4 and 3.5 so this is suitable for both those kernels. The patch will have to be modified for 3.4 as it only has one bug. Cc: stable@vger.kernel.org Reported-by: Ivan Vasilyev <ivan.vasilyev@gmail.com> Tested-by: Ivan Vasilyev <ivan.vasilyev@gmail.com> Signed-off-by: NeilBrown <neilb@suse.de>
Diffstat (limited to 'drivers/md/raid10.h')
-rw-r--r--drivers/md/raid10.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/raid10.h b/drivers/md/raid10.h
index 007c2c68dd83..1054cf602345 100644
--- a/drivers/md/raid10.h
+++ b/drivers/md/raid10.h
@@ -110,7 +110,7 @@ struct r10bio {
* We choose the number when they are allocated.
* We sometimes need an extra bio to write to the replacement.
*/
- struct {
+ struct r10dev {
struct bio *bio;
union {
struct bio *repl_bio; /* used for resync and