md: avoid overflow in raid0 calculation with large components
authorNeilBrown <neilb@suse.de>
Wed, 23 May 2007 20:58:09 +0000 (13:58 -0700)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Thu, 24 May 2007 03:14:14 +0000 (20:14 -0700)
If a raid0 has a component device larger than 4TB, and is accessed on a 32bit
machines, then as 'chunk' is unsigned long,

   chunk << chunksize_bits

can overflow (this can be as high as the size of the device in KB).  chunk
itself will not overflow (without triggering a BUG).

So change 'chunk' to be 'sector_t, and get rid of the 'BUG' as it becomes
impossible to hit.

Cc: "Jeff Zheng" <Jeff.Zheng@endace.com>
Signed-off-by: Neil Brown <neilb@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/md/raid0.c

index dfe32149ad3ae1b0caf77fc39003d82cb640f3f7..2c404f73a377d4c73ea95ecaf98e2c1c44f823f6 100644 (file)
@@ -415,7 +415,7 @@ static int raid0_make_request (request_queue_t *q, struct bio *bio)
        raid0_conf_t *conf = mddev_to_conf(mddev);
        struct strip_zone *zone;
        mdk_rdev_t *tmp_dev;
        raid0_conf_t *conf = mddev_to_conf(mddev);
        struct strip_zone *zone;
        mdk_rdev_t *tmp_dev;
-       unsigned long chunk;
+       sector_t chunk;
        sector_t block, rsect;
        const int rw = bio_data_dir(bio);
 
        sector_t block, rsect;
        const int rw = bio_data_dir(bio);
 
@@ -470,7 +470,6 @@ static int raid0_make_request (request_queue_t *q, struct bio *bio)
 
                sector_div(x, zone->nb_dev);
                chunk = x;
 
                sector_div(x, zone->nb_dev);
                chunk = x;
-               BUG_ON(x != (sector_t)chunk);
 
                x = block >> chunksize_bits;
                tmp_dev = zone->dev[sector_div(x, zone->nb_dev)];
 
                x = block >> chunksize_bits;
                tmp_dev = zone->dev[sector_div(x, zone->nb_dev)];