From: Yasunori Goto <y-goto@xxxxxxxxxxxxxx> I chased the cause of following ext4 oops report which is tested on ia64 box. http://bugzilla.kernel.org/show_bug.cgi?id=12018 The cause is the size of s_mb_maxs array that is defined as "unsigned short" in ext4_sb_info structure. If the file system's block size is 8k or greater, an unsigned short is not wide enough to contain the value fs->blocksize << 3. Signed-off-by: Yasunori Goto <y-goto@xxxxxxxxxxxxxx> Signed-off-by: "Theodore Ts'o" <tytso@xxxxxxx> Cc: Li Zefan <lizf@xxxxxxxxxxxxxx> Cc: Miao Xie <miaox@xxxxxxxxxxxxxx> Cc: stable@xxxxxxxxxx (cherry picked from commit ff7ef329b268b603ea4a2303241ef1c3829fd574) --- fs/ext4/ext4_sb.h | 3 ++- fs/ext4/mballoc.c | 2 ++ 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/fs/ext4/ext4_sb.h b/fs/ext4/ext4_sb.h index 0881b2c..f20df8a 100644 --- a/fs/ext4/ext4_sb.h +++ b/fs/ext4/ext4_sb.h @@ -103,7 +103,8 @@ struct ext4_sb_info { struct list_head s_committed_transaction; spinlock_t s_md_lock; tid_t s_last_transaction; - unsigned short *s_mb_offsets, *s_mb_maxs; + unsigned short *s_mb_offsets; + unsigned int *s_mb_maxs; /* tunables */ unsigned long s_stripe; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index ba86b56..c30048f 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -2495,6 +2495,8 @@ int ext4_mb_init(struct super_block *sb, int needs_recovery) clear_opt(sbi->s_mount_opt, MBALLOC); return -ENOMEM; } + + i = (sb->s_blocksize_bits + 2) * sizeof(unsigned int); sbi->s_mb_maxs = kmalloc(i, GFP_KERNEL); if (sbi->s_mb_maxs == NULL) { clear_opt(sbi->s_mount_opt, MBALLOC); -- 1.5.6.3 -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
