From f2add33d049a281b4cde1f6b717004393b1bb9b2 Mon Sep 17 00:00:00 2001
From: Alex Elder <elder@inktank.com>
Date: Thu, 2 Aug 2012 11:29:44 -0500
Subject: [PATCH] --- yaml --- r: 331627 b: refs/heads/master c:
 0f1d3f938527f319d830ef3082c218c77cfd159f h: refs/heads/master i:   331625:
 e22299c7481b47e0fb09c5fb72b190278739b461   331623:
 fc943449929a0e8dd2415f392f009e13cd67e7dc v: v3

---
 [refs]                    | 2 +-
 trunk/drivers/block/rbd.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index 320caafafb6e..eb1e0a80f531 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 3593815022998ab75379f64735ff67b3ea388cbe
+refs/heads/master: 0f1d3f938527f319d830ef3082c218c77cfd159f
diff --git a/trunk/drivers/block/rbd.c b/trunk/drivers/block/rbd.c
index bf418a6afbe0..02de524d4b67 100644
--- a/trunk/drivers/block/rbd.c
+++ b/trunk/drivers/block/rbd.c
@@ -81,7 +81,7 @@ struct rbd_image_header {
 	__u8 crypt_type;
 	__u8 comp_type;
 	struct ceph_snap_context *snapc;
-	size_t snap_names_len;
+	u64 snap_names_len;
 	u32 total_snaps;
 
 	char *snap_names;
@@ -510,6 +510,7 @@ static int rbd_header_from_disk(struct rbd_image_header *header,
 
 	if (snap_count) {
 		header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);
+		BUG_ON(header->snap_names_len > (u64) SIZE_MAX);
 		header->snap_names = kmalloc(header->snap_names_len,
 					     GFP_KERNEL);
 		if (!header->snap_names)