restripe: make sure zero buffer is always large enough.

If restripe is called to restore stripes of one size and then save stripes with a larger chunk size, the 'zero' buffer will not be large enough and a double-degraded RAID6 will over-run the buffer. So record the current size of the zero buffer and use it when deciding if we need to allocate a new buffer. Reported-by: Brad Campbell <lists2009@fnarfbargle.com> Signed-off-by: NeilBrown <neilb@suse.de>
2011-04-05 21:43:52 +10:00 · 2011-04-05 21:43:52 +10:00 · d47a29257a
parent 64385908bb
commit d47a29257a
1 changed files with 13 additions and 3 deletions
--- a/restripe.c
+++ b/restripe.c
@ -334,6 +334,7 @@ void make_tables(void)
 }

 uint8_t *zero;
+int zero_size;
 /* Following was taken from linux/drivers/md/raid6recov.c */

 /* Recover two failed data blocks. */
@ -490,9 +491,13 @@ int save_stripes(int *source, unsigned long long *offsets,
 	if (!tables_ready)
 		make_tables();

-	if (zero == NULL) {
+	if (zero == NULL || chunk_size > zero_size) {
+		if (zero)
+			free(zero);
 		zero = malloc(chunk_size);
-		memset(zero, 0, chunk_size);
+		if (zero)
+			memset(zero, 0, chunk_size);
+		zero_size = chunk_size;
 	}

 	len = data_disks * chunk_size;
@ -651,11 +656,16 @@ int restore_stripes(int *dest, unsigned long long *offsets,

 	if (posix_memalign((void**)&stripe_buf, 4096, raid_disks * chunk_size))
 		stripe_buf = NULL;
-	if (zero == NULL) {
+
+	if (zero == NULL || chunk_size > zero_size) {
+		if (zero)
+			free(zero);
 		zero = malloc(chunk_size);
 		if (zero)
 			memset(zero, 0, chunk_size);
+		zero_size = chunk_size;
 	}
+
 	if (stripe_buf == NULL || stripes == NULL || blocks == NULL
 	    || zero == NULL) {
 		free(stripe_buf);