Commit a97aecfa authored by majianpeng's avatar majianpeng Committed by Ben Hutchings

md: Avoid write invalid address if read_seqretry returned true.

commit 35f9ac2d upstream.

If read_seqretry returned true and bbp was changed, it will write
invalid address which can cause some serious problem.

This bug was introduced by commit v3.0-rc7-130-g2699b672.
So fix is suitable for 3.0.y thru 3.6.y.

Reported-by: zhuwenfeng@kedacom.com
Tested-by: zhuwenfeng@kedacom.com
Signed-off-by: default avatarJianpeng Ma <majianpeng@gmail.com>
Signed-off-by: default avatarNeilBrown <neilb@suse.de>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent e76f3407
...@@ -1801,10 +1801,10 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) ...@@ -1801,10 +1801,10 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
memset(bbp, 0xff, PAGE_SIZE); memset(bbp, 0xff, PAGE_SIZE);
for (i = 0 ; i < bb->count ; i++) { for (i = 0 ; i < bb->count ; i++) {
u64 internal_bb = *p++; u64 internal_bb = p[i];
u64 store_bb = ((BB_OFFSET(internal_bb) << 10) u64 store_bb = ((BB_OFFSET(internal_bb) << 10)
| BB_LEN(internal_bb)); | BB_LEN(internal_bb));
*bbp++ = cpu_to_le64(store_bb); bbp[i] = cpu_to_le64(store_bb);
} }
bb->changed = 0; bb->changed = 0;
if (read_seqretry(&bb->lock, seq)) if (read_seqretry(&bb->lock, seq))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment