Functions such as ocfs2_recovery_init() make use of osb->max_slots.
Initialize osb->max_slots early so the functions may use the correct
value.
Signed-off-by: Goldwyn Rodrigues <rgoldwyn at suse.de>
---
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
index fa1be1b..3894c7e 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -2060,6 +2060,15 @@ static int ocfs2_initialize_super(struct super_block *sb,
snprintf(osb->dev_str, sizeof(osb->dev_str), "%u,%u",
MAJOR(osb->sb->s_dev), MINOR(osb->sb->s_dev));
+ osb->max_slots = le16_to_cpu(di->id2.i_super.s_max_slots);
+ if (osb->max_slots > OCFS2_MAX_SLOTS || osb->max_slots == 0) {
+ mlog(ML_ERROR, "Invalid number of node slots (%u)\n",
+ osb->max_slots);
+ status = -EINVAL;
+ goto bail;
+ }
+ mlog(0, "max_slots for this device: %u\n", osb->max_slots);
+
ocfs2_orphan_scan_init(osb);
status = ocfs2_recovery_init(osb);
@@ -2098,15 +2107,6 @@ static int ocfs2_initialize_super(struct super_block *sb,
goto bail;
}
- osb->max_slots = le16_to_cpu(di->id2.i_super.s_max_slots);
- if (osb->max_slots > OCFS2_MAX_SLOTS || osb->max_slots == 0) {
- mlog(ML_ERROR, "Invalid number of node slots (%u)\n",
- osb->max_slots);
- status = -EINVAL;
- goto bail;
- }
- mlog(0, "max_slots for this device: %u\n", osb->max_slots);
-
osb->slot_recovery_generations kcalloc(osb->max_slots,
sizeof(*osb->slot_recovery_generations),
GFP_KERNEL);
--
Goldwyn
Signed-off-by: Sunil Mushran<sunil.mushran at oracle.com> wow... this bug has been in mainline for 2 years. How come we did not run into this problem earlier. On 10/11/2010 10:57 AM, Goldwyn Rodrigues wrote:> Functions such as ocfs2_recovery_init() make use of osb->max_slots. > Initialize osb->max_slots early so the functions may use the correct > value. > > Signed-off-by: Goldwyn Rodrigues<rgoldwyn at suse.de> > --- > diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c > index fa1be1b..3894c7e 100644 > --- a/fs/ocfs2/super.c > +++ b/fs/ocfs2/super.c > @@ -2060,6 +2060,15 @@ static int ocfs2_initialize_super(struct super_block *sb, > snprintf(osb->dev_str, sizeof(osb->dev_str), "%u,%u", > MAJOR(osb->sb->s_dev), MINOR(osb->sb->s_dev)); > > + osb->max_slots = le16_to_cpu(di->id2.i_super.s_max_slots); > + if (osb->max_slots> OCFS2_MAX_SLOTS || osb->max_slots == 0) { > + mlog(ML_ERROR, "Invalid number of node slots (%u)\n", > + osb->max_slots); > + status = -EINVAL; > + goto bail; > + } > + mlog(0, "max_slots for this device: %u\n", osb->max_slots); > + > ocfs2_orphan_scan_init(osb); > > status = ocfs2_recovery_init(osb); > @@ -2098,15 +2107,6 @@ static int ocfs2_initialize_super(struct super_block *sb, > goto bail; > } > > - osb->max_slots = le16_to_cpu(di->id2.i_super.s_max_slots); > - if (osb->max_slots> OCFS2_MAX_SLOTS || osb->max_slots == 0) { > - mlog(ML_ERROR, "Invalid number of node slots (%u)\n", > - osb->max_slots); > - status = -EINVAL; > - goto bail; > - } > - mlog(0, "max_slots for this device: %u\n", osb->max_slots); > - > osb->slot_recovery_generations > kcalloc(osb->max_slots, sizeof(*osb->slot_recovery_generations), > GFP_KERNEL); > >
On Mon, Oct 11, 2010 at 12:57:09PM -0500, Goldwyn Rodrigues wrote:> Functions such as ocfs2_recovery_init() make use of osb->max_slots. > Initialize osb->max_slots early so the functions may use the correct > value. > > Signed-off-by: Goldwyn Rodrigues <rgoldwyn at suse.de>This patch is now in the merge-window branch of ocfs2.git. Joel -- Life's Little Instruction Book #157 "Take time to smell the roses." Joel Becker Consulting Software Developer Oracle E-mail: joel.becker at oracle.com Phone: (650) 506-8127