diff options
author | Alex Elder <elder@inktank.com> | 2012-07-11 03:30:10 +0200 |
---|---|---|
committer | Sage Weil <sage@inktank.com> | 2012-07-31 03:21:46 +0200 |
commit | ccece235d3737221e7a1118fdbd8474112adac84 (patch) | |
tree | 0264778d098f540f48a1caf26a64048f4afdc153 /mm/memory-failure.c | |
parent | rbd: always pass ops array to rbd_req_sync_op() (diff) | |
download | linux-ccece235d3737221e7a1118fdbd8474112adac84.tar.xz linux-ccece235d3737221e7a1118fdbd8474112adac84.zip |
rbd: fixes in rbd_header_from_disk()
This fixes a few issues in rbd_header_from_disk():
- There is a check intended to catch overflow, but it's wrong in
two ways.
- First, the type we don't want to overflow is size_t, not
unsigned int, and there is now a SIZE_MAX we can use for
use with that type.
- Second, we're allocating the snapshot ids and snapshot
image sizes separately (each has type u64; on disk they
grouped together as a rbd_image_header_ondisk structure).
So we can use the size of u64 in this overflow check.
- If there are no snapshots, then there should be no snapshot
names. Enforce this, and issue a warning if we encounter a
header with no snapshots but a non-zero snap_names_len.
- When saving the snapshot names into the header, be more direct
in defining the offset in the on-disk structure from which
they're being copied by using "snap_count" rather than "i"
in the array index.
- If an error occurs, the "snapc" and "snap_names" fields are
freed at the end of the function. Make those fields be null
pointers after they're freed, to be explicit that they are
no longer valid.
- Finally, move the definition of the local variable "i" to the
innermost scope in which it's needed.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Diffstat (limited to 'mm/memory-failure.c')
0 files changed, 0 insertions, 0 deletions