Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp825270pxb; Tue, 3 Nov 2020 13:36:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJzpYxJaVESguc4xaXPhT861ixyYUl5rgv1Y4j0dj7fnFb2fjU2v0+RyQCL9asYv+EFzU5+H X-Received: by 2002:a17:906:2548:: with SMTP id j8mr21544601ejb.140.1604439414535; Tue, 03 Nov 2020 13:36:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604439414; cv=none; d=google.com; s=arc-20160816; b=Vx6JtCGcL/JbAXMVFcf6eKDicVv2FrhAeRIv1zs2InobadMBwwr6uFGO9t+mFqIZBZ PZ5uNC/Q/ecWDB0pr5aPJWrgYaeodUaAIi5eOFw8UM9er2T4MlgpsMeVCUc0Dwp2faOU MCTgvWX1RSvjVjuIylstBjA0phejd2ZH8gbOlKc2WUYGEUEx6Co1Zq9eItlBU0QFZWX/ gMhguOZT7eAfXdt7ciK88zzWpkJJgfgKJm7dUMOuyr0OGOUa3FNtBDy5EBIKmWoU/efk RAretNp0BGRi65IMkZcE1PIEEJ3UyMXDa4Iu/vJJGOh4Nf+qtCJUZL/yVp+dW8wvlWHT 3HIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=xgXyLtKDpWe62p1558LqxJU3eWbY0DTt2Q40nxWBPFI=; b=qJrIjis8k63a8rSTbE0rrXrMJ4Kh3+SiyFdEOmjy6plpfhBgW53H9gIudObfde9pUJ scjvxRKA8mmqUlnVF87ekfxWQNQm6nzWKKlZrXB1TJCYGhmyz2nXbd0i/e0ityh5/ogn a3nrEKaCYjhTJn/sJ4XRuzNaWGodlIqpGJog2jAeq1s0wDcZa4xRYmQKEkFXK2v0dJSj cmjLyrQ6JXqiEvow+HQ6CvMVHK21uj94H9eflSzc4Z8bklhKQlXopnETNiJi3oR/3v8h 9AoSyR4hfxhJz2CCVVIXRzgJAIizcjxpazPsMknJWUkDxAvBuDudOSL75ChR+aOVqU5R 0FRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1pfdsgMH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i7si7880974edj.303.2020.11.03.13.36.31; Tue, 03 Nov 2020 13:36:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1pfdsgMH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733285AbgKCVeZ (ORCPT + 99 others); Tue, 3 Nov 2020 16:34:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:58516 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730985AbgKCU4g (ORCPT ); Tue, 3 Nov 2020 15:56:36 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BE42420732; Tue, 3 Nov 2020 20:56:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604436996; bh=GPCkZBsLwfu645wNx31C47hphl1kEQyZZ8LaGEyUgI4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1pfdsgMH2DpL3mw8c52K1YOA5eWSLrLH2SdwJ3DG/q38l8baO9za+f0Q4aXGxBjl4 lD/2x7oYQ2R2x9ITu4J/r5HKRNORQA7Eyn8F5LuxgqQOyXN0N/o3XJgVImaxV5kV1e wfQB/sumQTqeo39nsP+0hT3IEVrpzcAGz5VuNgDU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhao Heming , Song Liu , Sasha Levin Subject: [PATCH 5.4 074/214] md/bitmap: md_bitmap_get_counter returns wrong blocks Date: Tue, 3 Nov 2020 21:35:22 +0100 Message-Id: <20201103203257.330859005@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201103203249.448706377@linuxfoundation.org> References: <20201103203249.448706377@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhao Heming [ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ] md_bitmap_get_counter() has code: ``` if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + PAGE_COUNTER_SHIFT - 1); ``` The minus 1 is wrong, this branch should report 2048 bits of space. With "-1" action, this only report 1024 bit of space. This bug code returns wrong blocks, but it doesn't inflence bitmap logic: 1. Most callers focus this function return value (the counter of offset), not the parameter blocks. 2. The bug is only triggered when hijacked is true or map is NULL. the hijacked true condition is very rare. the "map == null" only true when array is creating or resizing. 3. Even the caller gets wrong blocks, current code makes caller just to call md_bitmap_get_counter() one more time. Signed-off-by: Zhao Heming Signed-off-by: Song Liu Signed-off-by: Sasha Levin --- drivers/md/md-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c index 7227d03dbbea7..0a6c200e3dcb2 100644 --- a/drivers/md/md-bitmap.c +++ b/drivers/md/md-bitmap.c @@ -1372,7 +1372,7 @@ __acquires(bitmap->lock) if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + - PAGE_COUNTER_SHIFT - 1); + PAGE_COUNTER_SHIFT); else csize = ((sector_t)1) << bitmap->chunkshift; *blocks = csize - (offset & (csize - 1)); -- 2.27.0