Received: by 2002:a05:6622:f08:0:0:0:0 with SMTP id l8csp4489479ivc; Tue, 3 Nov 2020 13:24:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJy78Ac9fC9C6/qJVZpgfR0iyK0qh5Ry0QaW7llQdRc5A/t17Wxd0x0iWlZH9rWiJK/G42P0 X-Received: by 2002:a17:906:1183:: with SMTP id n3mr21602191eja.188.1604438651243; Tue, 03 Nov 2020 13:24:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604438651; cv=none; d=google.com; s=arc-20160816; b=yyPUhDvGXMJF9YoXj+Y5YfoD3dzXXK/qLxNhqI6NdNFaEaofYCzR0oGGRbz4Imdudb /0AC36Y2hHxb4ZcX7MFt7k2O4kM+RcDRa9Kz3CYjh1INDS1A1fGGdBRMzW/snH9yOj7X QyyUtS7n+eWmzZplygcUVfitzcCT8aFjA01aPx+vLx5zloBHzv71oe8KZIHCk03bi1De YxpMEeUuKiLyEtyiF/1lCNeZlzRgkbG8zKBhcI6A0Hk/5M3AK4685ipWHYs0H+LFQufE QcTdRaCjt99oA2pnt3Uv2TBbhBIEvD8vAGWATEa7zCX9wMVHUXNZGx9XI/DeGp8WuGCA R3sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ir2F8fClQTdFiaXzX2Wm4ALGnnkGXPZrJ7+5vR6+pJ0=; b=p0nZFNqoPTqpykZ8Ev8vZRgs1NZJgDAOYXP8Ec8GhyNYF+IU1HqtRC4JmlbomMzBPq r13CfyIoszPRDlPuLaDAGrhrAX1cCScloBsxhUE+Y9vjHXFSGYNf8GfyagZckm/D7I3S irZC3nTBKxW3PTPGP4McTA01ppSU/cKV+GhsZsmuNUS2Wz5OsL1rOIocsVJhi2qUPCgX YtPx3CIATxHt+Iv1Yu+RtHSiYcohwBMNFUbf20bbc9axkHm0RwqXogNohXC62m63X2vn nrvqrndvEMDvBiaAZqvNS1EQscfA8lRhLmKoKqUkGY54U7h0laWSMxXTO0MovQh9/qmA gEwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Pcu+qDB/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dg22si10335019edb.414.2020.11.03.13.23.48; Tue, 03 Nov 2020 13:24:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Pcu+qDB/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388126AbgKCVGO (ORCPT + 99 others); Tue, 3 Nov 2020 16:06:14 -0500 Received: from mail.kernel.org ([198.145.29.99]:45008 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388109AbgKCVGJ (ORCPT ); Tue, 3 Nov 2020 16:06:09 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 29797206B5; Tue, 3 Nov 2020 21:06:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604437568; bh=h4131RUf+Q4hXM1qSEf0WumYcMJdY0zfofruLlAEoXQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Pcu+qDB/Tvk0FCVNSfFi2PXPexFk58oAlsxzU+c9GO+Pue7mvWEP6RXy2G6nEbv81 Si+ccu5KE3pgbp6OtI7AXI7Q84kJBQz+EJc+Gp5Ex9pd+dxFYaajkAUaMjPsnpse+7 fLYQWkLlzamEyZG9jiSVIrrJv5oi+rYwF3IiXL80= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhao Heming , Song Liu , Sasha Levin Subject: [PATCH 4.19 094/191] md/bitmap: md_bitmap_get_counter returns wrong blocks Date: Tue, 3 Nov 2020 21:36:26 +0100 Message-Id: <20201103203242.679798798@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201103203232.656475008@linuxfoundation.org> References: <20201103203232.656475008@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhao Heming [ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ] md_bitmap_get_counter() has code: ``` if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + PAGE_COUNTER_SHIFT - 1); ``` The minus 1 is wrong, this branch should report 2048 bits of space. With "-1" action, this only report 1024 bit of space. This bug code returns wrong blocks, but it doesn't inflence bitmap logic: 1. Most callers focus this function return value (the counter of offset), not the parameter blocks. 2. The bug is only triggered when hijacked is true or map is NULL. the hijacked true condition is very rare. the "map == null" only true when array is creating or resizing. 3. Even the caller gets wrong blocks, current code makes caller just to call md_bitmap_get_counter() one more time. Signed-off-by: Zhao Heming Signed-off-by: Song Liu Signed-off-by: Sasha Levin --- drivers/md/md-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c index fd8607124bdbb..503f5e06fa86f 100644 --- a/drivers/md/md-bitmap.c +++ b/drivers/md/md-bitmap.c @@ -1371,7 +1371,7 @@ __acquires(bitmap->lock) if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + - PAGE_COUNTER_SHIFT - 1); + PAGE_COUNTER_SHIFT); else csize = ((sector_t)1) << bitmap->chunkshift; *blocks = csize - (offset & (csize - 1)); -- 2.27.0