md/raid1 - don't assume newly allocated bvecs are initialised.

Since commit d3f761104b097738932afcc310fbbbbfb007ef92
newly allocated bvecs aren't initialised to NULL, so we have
to be more careful about freeing a bio which only managed
to get a few pages allocated to it.  Otherwise the resync
process crashes.

This patch is appropriate for 2.6.29-stable.

Cc: stable@kernel.org
Cc: "Jens Axboe" <jens.axboe@oracle.com>
Reported-by: Gabriele Tozzi <gabriele@tozzi.eu>
Signed-off-by: NeilBrown <neilb@suse.de>

diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index b4f4bad..f2247b0 100644 (file)
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -123,6 +123,7 @@ static void * r1buf_pool_alloc(gfp_t gfp_flags, void *data)
                                goto out_free_pages;
 
                        bio->bi_io_vec[i].bv_page = page;
+                       bio->bi_vcnt = i+1;
                }
        }
        /* If not user-requests, copy the page pointers to all bios */
@@ -138,9 +139,9 @@ static void * r1buf_pool_alloc(gfp_t gfp_flags, void *data)
        return r1_bio;
 
 out_free_pages:
-       for (i=0; i < RESYNC_PAGES ; i++)
-               for (j=0 ; j < pi->raid_disks; j++)
-                       safe_put_page(r1_bio->bios[j]->bi_io_vec[i].bv_page);
+       for (j=0 ; j < pi->raid_disks; j++)
+               for (i=0; i < r1_bio->bios[j]->bi_vcnt ; i++)
+                       put_page(r1_bio->bios[j]->bi_io_vec[i].bv_page);
        j = -1;
 out_free_bio:
        while ( ++j < pi->raid_disks )