From 39738d955852dea06ab2921de58456a790b1cc22 Mon Sep 17 00:00:00 2001
From: Andy Adamson <andros@netapp.com>
Date: Mon, 13 Jun 2011 18:36:17 -0400
Subject: [PATCH] --- yaml --- r: 253932 b: refs/heads/master c:
 cec765cf5891c7fc3d905832b481bfb6fd55825d h: refs/heads/master v: v3

---
 [refs]                        |  2 +-
 trunk/fs/nfs/nfs4filelayout.c | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/[refs] b/[refs]
index 3e451f52b9b0..39083ce2684c 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 533eb4611c9eea53072eb6a61d5a6393b6a77ed7
+refs/heads/master: cec765cf5891c7fc3d905832b481bfb6fd55825d
diff --git a/trunk/fs/nfs/nfs4filelayout.c b/trunk/fs/nfs/nfs4filelayout.c
index 426908809c97..5d6f369b15d0 100644
--- a/trunk/fs/nfs/nfs4filelayout.c
+++ b/trunk/fs/nfs/nfs4filelayout.c
@@ -552,13 +552,18 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo,
 		__func__, nfl_util, fl->num_fh, fl->first_stripe_index,
 		fl->pattern_offset);
 
-	if (!fl->num_fh)
+	/* Note that a zero value for num_fh is legal for STRIPE_SPARSE.
+	 * Futher checking is done in filelayout_check_layout */
+	if (fl->num_fh < 0 || fl->num_fh >
+	    max(NFS4_PNFS_MAX_STRIPE_CNT, NFS4_PNFS_MAX_MULTI_CNT))
 		goto out_err;
 
-	fl->fh_array = kzalloc(fl->num_fh * sizeof(struct nfs_fh *),
-			       gfp_flags);
-	if (!fl->fh_array)
-		goto out_err;
+	if (fl->num_fh > 0) {
+		fl->fh_array = kzalloc(fl->num_fh * sizeof(struct nfs_fh *),
+				       gfp_flags);
+		if (!fl->fh_array)
+			goto out_err;
+	}
 
 	for (i = 0; i < fl->num_fh; i++) {
 		/* Do we want to use a mempool here? */