Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp796650pxb; Tue, 3 Nov 2020 12:47:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJzTDi1vfpQwXlrgVm8/KdJQ61eEvpXo/hLEDydNjnFgd8b3+Enf44zuvc3rwrT1VzrOtba6 X-Received: by 2002:aa7:cc0e:: with SMTP id q14mr7480129edt.181.1604436454450; Tue, 03 Nov 2020 12:47:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604436454; cv=none; d=google.com; s=arc-20160816; b=ltukJLNalntYKDjzzlgpDRcvGOU7G3GQ7SL5XcpvGE103LP82CGN19ntFMMxmTvLyA Q3LZDlufLXjYghiemH5fFRVODIgKqDmkrXuakeQxTAxx8fGb3M3JKMgRdHbvAhiFCUva GzrG7sv7yXHWp/poh9Ku1SnuEe7FmHFJNl7p65hF4d6QGTPHGVRbeYFf8oc4/XAf4+9d NJ+S5z0Qfyuygwtvb9bBzrbgQNEvNQ2tE1tSyJSOii9CN6bS2A6gIXxbogEmMoBRoC4L OyNOHIAn1M0EHzXxYDNLx+0LENuiIChqYRAVQZ9pSfGIQ/t4OEnBRS+rSJq7v9T2VCuN D+Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AzNOd2qxqVdA4hnDXV6o3MVaN8yeaAjqx8HOUEacdBM=; b=YDeubBLkxPhofdoEoWhMLPLeDBJ1vM4lZ3st0ohqdTLtc/j1YlLgh/LKKnx539hdir uOCOR7UwDYGM5edqJrTMZdHillZawZgjWtFZhv0eNglFNTHLZMf+ibVyhKdhoZ+gFoY9 dkutAL3eqJUB5x6zanM5wAungbPQuwSHEzeaRvaIk0Y4JIHO3ca345w3dWANMV4JINvY tGEH7+P8+IgHjb8b+Voucn1x33qE7kE57pli+QGphdeO+dptw+rmKBnqtmYQuCI5OtWv jT35tdHvsWuzeqUtm/xLb7w3274X22FKcHniULw0UefUlGKPpvms7ZlH+9398vY8Pvh2 g8bA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=nUj1TgOv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z5si6144314edk.387.2020.11.03.12.47.10; Tue, 03 Nov 2020 12:47:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=nUj1TgOv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730924AbgKCUol (ORCPT + 99 others); Tue, 3 Nov 2020 15:44:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:60160 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730910AbgKCUoj (ORCPT ); Tue, 3 Nov 2020 15:44:39 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2A322223C6; Tue, 3 Nov 2020 20:44:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604436278; bh=DjQU9HofSHg9BKfjhAHr7uEhH5btJn+umr+IJXMmVic=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nUj1TgOvSxVVDI7P6mhTaEbwxjvLtcRGTivP39LMe15B0qQJhhN3M29fO5OZKZbkA 6G+OnGz0pmofxYmFIP2xSTthxtphxRxr1mOgOBl+c0+6iOUokteSy6cVsgXks+7/rD rGwMt9eTh2r+1bWUkFCLCFEj9g2KVb14vW4ICtHI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhao Heming , Song Liu , Sasha Levin Subject: [PATCH 5.9 143/391] md/bitmap: md_bitmap_get_counter returns wrong blocks Date: Tue, 3 Nov 2020 21:33:14 +0100 Message-Id: <20201103203356.480752874@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201103203348.153465465@linuxfoundation.org> References: <20201103203348.153465465@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhao Heming [ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ] md_bitmap_get_counter() has code: ``` if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + PAGE_COUNTER_SHIFT - 1); ``` The minus 1 is wrong, this branch should report 2048 bits of space. With "-1" action, this only report 1024 bit of space. This bug code returns wrong blocks, but it doesn't inflence bitmap logic: 1. Most callers focus this function return value (the counter of offset), not the parameter blocks. 2. The bug is only triggered when hijacked is true or map is NULL. the hijacked true condition is very rare. the "map == null" only true when array is creating or resizing. 3. Even the caller gets wrong blocks, current code makes caller just to call md_bitmap_get_counter() one more time. Signed-off-by: Zhao Heming Signed-off-by: Song Liu Signed-off-by: Sasha Levin --- drivers/md/md-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c index c61ab86a28b52..d910833feeb4d 100644 --- a/drivers/md/md-bitmap.c +++ b/drivers/md/md-bitmap.c @@ -1367,7 +1367,7 @@ __acquires(bitmap->lock) if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + - PAGE_COUNTER_SHIFT - 1); + PAGE_COUNTER_SHIFT); else csize = ((sector_t)1) << bitmap->chunkshift; *blocks = csize - (offset & (csize - 1)); -- 2.27.0