The Coverity checker spotted the following array overflow caused by

commit 34c0d154243dd913c5690ae6ceb9557017429b9c:
include/linux/exportfs.h contains:
<--  snip  -->
...

struct fid {

...

                __u32 raw[6];

        };

};
<--  snip  -->
fs/gfs2/ops_export.c contains:
<--  snip  -->
...

static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid *fid,

                int fh_len, int fh_type)

{

        struct gfs2_inum_host parent;

        __be32 *fh = (__force __be32 *)fid->raw;  <------------
        switch (fh_type) {

        case GFS2_LARGE_FH_SIZE:

        case GFS2_OLD_FH_SIZE:

                parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;

                parent.no_formal_ino |= be32_to_cpu(fh[5]);

                parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;

                                                   ^^^^^

                parent.no_addr |= be32_to_cpu(fh[7]);

...                                           ^^^^^
<--  snip  -->
cu

Adrian
-- 
       "Is there not promise of rain?" Ling Tan asked suddenly out

        of the darkness. There had been need of rain for many days.

       "Only a promise," Lao Er said.

                                       Pearl S. Buck - Dragon Seed
-

The line is a left-over from times when gfs stored the mode of the

inode in the file handle.  It can simply be deleted.  Steve, do you

---end quoted text---

-

Hi,
I'm just back from holiday this morning and this is looking a bit more

complicated than that... give me a day or two and I'll try and come up

with a solution,
-

cu

Adrian
-- 
       "Is there not promise of rain?" Ling Tan asked suddenly out

        of the darkness. There had been need of rain for many days.

       "Only a promise," Lao Er said.

                                       Pearl S. Buck - Dragon Seed
--

Hi,
Yes, it seems to have slipped off my list somehow... I've opened a bz

(#432775 at bugzilla.redhat.com) to ensure that it doesn't get missed

again,
Steve.
--