From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zhao Heming <heming.zhao@suse.com>,
Song Liu <songliubraving@fb.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 4.4 16/25] md/bitmap: md_bitmap_get_counter returns wrong blocks
Date: Mon, 26 Oct 2020 20:11:14 -0400 [thread overview]
Message-ID: <20201027001123.1027642-16-sashal@kernel.org> (raw)
In-Reply-To: <20201027001123.1027642-1-sashal@kernel.org>
From: Zhao Heming <heming.zhao@suse.com>
[ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ]
md_bitmap_get_counter() has code:
```
if (bitmap->bp[page].hijacked ||
bitmap->bp[page].map == NULL)
csize = ((sector_t)1) << (bitmap->chunkshift +
PAGE_COUNTER_SHIFT - 1);
```
The minus 1 is wrong, this branch should report 2048 bits of space.
With "-1" action, this only report 1024 bit of space.
This bug code returns wrong blocks, but it doesn't inflence bitmap logic:
1. Most callers focus this function return value (the counter of offset),
not the parameter blocks.
2. The bug is only triggered when hijacked is true or map is NULL.
the hijacked true condition is very rare.
the "map == null" only true when array is creating or resizing.
3. Even the caller gets wrong blocks, current code makes caller just to
call md_bitmap_get_counter() one more time.
Signed-off-by: Zhao Heming <heming.zhao@suse.com>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bitmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
index 391090c455cea..65281f168c6fb 100644
--- a/drivers/md/bitmap.c
+++ b/drivers/md/bitmap.c
@@ -1332,7 +1332,7 @@ __acquires(bitmap->lock)
if (bitmap->bp[page].hijacked ||
bitmap->bp[page].map == NULL)
csize = ((sector_t)1) << (bitmap->chunkshift +
- PAGE_COUNTER_SHIFT - 1);
+ PAGE_COUNTER_SHIFT);
else
csize = ((sector_t)1) << bitmap->chunkshift;
*blocks = csize - (offset & (csize - 1));
--
2.25.1
next prev parent reply other threads:[~2020-10-27 0:13 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-27 0:10 [PATCH AUTOSEL 4.4 01/25] powerpc/powernv/smp: Fix spurious DBG() warning Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 02/25] sparc64: remove mm_cpumask clearing to fix kthread_use_mm race Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 03/25] f2fs: fix to check segment boundary during SIT page readahead Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 04/25] um: change sigio_spinlock to a mutex Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 05/25] xfs: fix realtime bitmap/summary file truncation when growing rt volume Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 06/25] video: fbdev: pvr2fb: initialize variables Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 07/25] ath10k: fix VHT NSS calculation when STBC is enabled Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 08/25] mmc: via-sdmmc: Fix data race bug Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 09/25] printk: reduce LOG_BUF_SHIFT range for H8300 Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 10/25] kgdb: Make "kgdbcon" work properly with "kgdb_earlycon" Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 11/25] USB: adutux: fix debugging Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 12/25] ACPI: Add out of bounds and numa_off protections to pxm_to_node() Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 13/25] dm: change max_io_len() to use blk_max_size_offset() Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 14/25] drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 15/25] power: supply: test_power: add missing newlines when printing parameters by sysfs Sasha Levin
2020-10-27 0:11 ` Sasha Levin [this message]
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 17/25] clk: ti: clockdomain: fix static checker warning Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 18/25] net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 19/25] drivers: watchdog: rdc321x_wdt: Fix race condition bugs Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 20/25] ext4: Detect already used quota file early Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 21/25] KVM: PPC: Book3S HV: Do not allocate HPT for a nested guest Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 22/25] gfs2: add validation checks for size of superblock Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 23/25] memory: emif: Remove bogus debugfs error handling Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 24/25] ARM: dts: s5pv210: move PMU node out of clock controller Sasha Levin
2020-10-27 0:11 ` [PATCH AUTOSEL 4.4 25/25] ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201027001123.1027642-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=heming.zhao@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox