md/raid5: don't index beyond end of array in need_this_block().

When need_this_block probably shouldn't be called when there
are more than 2 failed devices, we really don't want it to try
indexing beyond the end of the failed_num[] of fdev[] arrays.

So limit the loops to at most 2 iterations.

Reported-by: Shaohua Li <shli@fb.com>
Signed-off-by: NeilBrown <neilb@suse.de>
This commit is contained in:
NeilBrown 2015-09-24 15:25:36 +10:00
parent ebda780bce
commit 36707bb2e7

View File

@ -3304,7 +3304,7 @@ static int need_this_block(struct stripe_head *sh, struct stripe_head_state *s,
*/ */
return 0; return 0;
for (i = 0; i < s->failed; i++) { for (i = 0; i < s->failed && i < 2; i++) {
if (fdev[i]->towrite && if (fdev[i]->towrite &&
!test_bit(R5_UPTODATE, &fdev[i]->flags) && !test_bit(R5_UPTODATE, &fdev[i]->flags) &&
!test_bit(R5_OVERWRITE, &fdev[i]->flags)) !test_bit(R5_OVERWRITE, &fdev[i]->flags))
@ -3328,7 +3328,7 @@ static int need_this_block(struct stripe_head *sh, struct stripe_head_state *s,
sh->sector < sh->raid_conf->mddev->recovery_cp) sh->sector < sh->raid_conf->mddev->recovery_cp)
/* reconstruct-write isn't being forced */ /* reconstruct-write isn't being forced */
return 0; return 0;
for (i = 0; i < s->failed; i++) { for (i = 0; i < s->failed && i < 2; i++) {
if (s->failed_num[i] != sh->pd_idx && if (s->failed_num[i] != sh->pd_idx &&
s->failed_num[i] != sh->qd_idx && s->failed_num[i] != sh->qd_idx &&
!test_bit(R5_UPTODATE, &fdev[i]->flags) && !test_bit(R5_UPTODATE, &fdev[i]->flags) &&