Re: [PATCH] md/raid10: fix divide-by-zero in setup_geo() with zero far_copies

Next message: Krzysztof Kozlowski: "Re: [PATCH v3 5/5] arch: arm64: dts: qcom: Add support for PCIe3a"
Previous message: Xiang Gao: "[PATCH v3] mm/page_alloc: fix spaces used for indentation instead of tabs"
Next in thread: Junrui Luo: "Re: [PATCH] md/raid10: fix divide-by-zero in setup_geo() with zero far_copies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paul Menzel

Date: Thu Apr 16 2026 - 02:20:50 EST

Dear Junrui,

Thank you for the patch.

Am 16.04.26 um 05:39 schrieb Junrui Luo:

setup_geo() extracts near_copies (nc) and far_copies (fc) from the
user-provided layout parameter without checking for zero. When fc=0
with the "improved" far set layout selected, 'geo->far_set_size =
disks / fc' triggers a divide-by-zero.

Validate nc and fc immediately after extraction, returning -1 if
either is zero.

Why also `nc` and not just `fc`?

It’d be great, if you documented the command how to create such a layout.

Fixes: 475901aff158 ("MD RAID10: Improve redundancy for 'far' and 'offset' algorithms (part 1)")
Reported-by: Yuhao Jiang <danisjiang@xxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Junrui Luo <moonafterrain@xxxxxxxxxxx>
---
drivers/md/raid10.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 0653b5d8545a..811ea3d23b80 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3791,6 +3791,8 @@ static int setup_geo(struct geom *geo, struct mddev *mddev, enum geo_type new)
nc = layout & 255;
fc = (layout >> 8) & 255;
fo = layout & (1<<16);
+ if (!nc || !fc)
+ return -1;

I’d also print a warning, so the user knows, what was wrong:

pr_warn(md/raid10:%s: near and far copies need to be greater than 0, mdname(mddev));

geo->raid_disks = disks;
geo->near_copies = nc;
geo->far_copies = fc;

Kind regards,

Paul