The ioctl interface always knows how many targets are going to be in the table, so remove the dynamic array sizing code in dm-table.c. This fixes a problem with large tables where the dm_target pointer passed to the target ctr was becoming invalid. --- diff/drivers/md/dm-ioctl.c 2003-10-16 10:45:01.000000000 +0100 +++ source/drivers/md/dm-ioctl.c 2003-10-16 10:45:14.000000000 +0100 @@ -871,7 +871,7 @@ struct hash_cell *hc; struct dm_table *t; - r = dm_table_create(&t, get_mode(param)); + r = dm_table_create(&t, get_mode(param), param->target_count); if (r) return r; --- diff/drivers/md/dm-table.c 2003-10-16 10:45:07.000000000 +0100 +++ source/drivers/md/dm-table.c 2003-10-16 10:45:14.000000000 +0100 @@ -112,42 +112,7 @@ return 0; } -/* - * highs, and targets are managed as dynamic arrays during a - * table load. - */ -static int alloc_targets(struct dm_table *t, unsigned int num) -{ - sector_t *n_highs; - struct dm_target *n_targets; - int n = t->num_targets; - - /* - * Allocate both the target array and offset array at once. - */ - n_highs = (sector_t *) vcalloc(sizeof(struct dm_target) + - sizeof(sector_t), num); - if (!n_highs) - return -ENOMEM; - - n_targets = (struct dm_target *) (n_highs + num); - - if (n) { - memcpy(n_highs, t->highs, sizeof(*n_highs) * n); - memcpy(n_targets, t->targets, sizeof(*n_targets) * n); - } - - memset(n_highs + n, -1, sizeof(*n_highs) * (num - n)); - vfree(t->highs); - - t->num_allocated = num; - t->highs = n_highs; - t->targets = n_targets; - - return 0; -} - -int dm_table_create(struct dm_table **result, int mode) +int dm_table_create(struct dm_table **result, int mode, unsigned num_targets) { struct dm_table *t = kmalloc(sizeof(*t), GFP_NOIO); @@ -158,13 +123,17 @@ INIT_LIST_HEAD(&t->devices); atomic_set(&t->holders, 1); - /* allocate a single nodes worth of targets to begin with */ - if (alloc_targets(t, KEYS_PER_NODE)) { + + /* allocate both the target array and offset array at once */ + t->highs = (sector_t *) vcalloc(sizeof(struct dm_target) + + sizeof(sector_t), num_targets); + if (!t->highs) { kfree(t); - t = NULL; return -ENOMEM; } + t->targets = (struct dm_target *) (t->highs + num_targets); + t->num_allocated = num_targets; t->mode = mode; *result = t; return 0; @@ -224,17 +193,6 @@ } /* - * Checks to see if we need to extend highs or targets. - */ -static inline int check_space(struct dm_table *t) -{ - if (t->num_targets >= t->num_allocated) - return alloc_targets(t, t->num_allocated * 2); - - return 0; -} - -/* * Convert a device path to a dev_t. */ static int lookup_device(const char *path, kdev_t *dev) @@ -526,8 +484,8 @@ char **argv; struct dm_target *tgt; - if ((r = check_space(t))) - return r; + if (t->num_targets >= t->num_allocated) + return -ENOMEM; tgt = t->targets + t->num_targets; memset(tgt, 0, sizeof(*tgt)); --- diff/drivers/md/dm.h 2003-10-16 10:44:23.000000000 +0100 +++ source/drivers/md/dm.h 2003-10-16 10:45:14.000000000 +0100 @@ -96,7 +96,7 @@ * Functions for manipulating a table. Tables are also reference * counted. *---------------------------------------------------------------*/ -int dm_table_create(struct dm_table **result, int mode); +int dm_table_create(struct dm_table **result, int mode, unsigned num_targets); void dm_table_get(struct dm_table *t); void dm_table_put(struct dm_table *t);