On 2019/10/30 0:39, Song Liu wrote:
On Oct 28, 2019, at 8:41 PM, Yufen Yu <yuyufen@xxxxxxxxxx> wrote: we need to gurantee 'desc_nr' valid before access array of sb->dev_roles. Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx> Addresses-Coverity-ID: 1487373 ("Memory - illegal accesses") Fixes: 6a5cb53aaa4e ("md: no longer compare spare disk superblock events in super_load") Signed-off-by: Yufen Yu <yuyufen@xxxxxxxxxx> --- drivers/md/md.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) * Calculate the position of the superblock in 512byte sectors. @@ -1674,8 +1675,6 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ sb->level != 0) return -EINVAL; - role = le16_to_cpu(sb->dev_roles[rdev->desc_nr]); - if (!refdev) { /* * Insist of good event counter while assembling, except for @@ -1683,8 +1682,8 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ */ if (rdev->desc_nr >= 0 && rdev->desc_nr < le32_to_cpu(sb->max_dev) && - (role < MD_DISK_ROLE_MAX || - role == MD_DISK_ROLE_JOURNAL)) + (le16_to_cpu(sb->dev_roles[rdev->desc_nr]) < MD_DISK_ROLE_MAX || + le16_to_cpu(sb->dev_roles[rdev->desc_nr]) == MD_DISK_ROLE_JOURNAL))Same concern for LEVEL_MULTIPATH applies here. And maybe we can make this code simpler?
I will send v2 to fix wrong return value for LEVEL_MULTIPATH and try to simplify the code.
Thanks, Yufen
