Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3212070pxb; Mon, 9 Nov 2020 05:43:36 -0800 (PST) X-Google-Smtp-Source: ABdhPJzgpVVCMZI3npZAejjt9SH3CEU5RXvNtWxSuEov63xlalEk7/ao3geBxVSu9GiggouwFbyP X-Received: by 2002:a17:906:b01:: with SMTP id u1mr10563265ejg.427.1604929416686; Mon, 09 Nov 2020 05:43:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604929416; cv=none; d=google.com; s=arc-20160816; b=zxUF/+j6UEq81ZMGDyhAJwCuKpZ6+ETercDqhOoqYb819JrQT+DJ35GNys7uVyvcs1 DfdfaVItk8Q5rY22crfnVI3Dr8kRrxvLKyLCwZKqogPq/uraekcMBAPXn3LRq52zbanv gv1kfgBLFaFalvzoXxphuTGn3tFuuQefJbLrZeDlnCidv+866jnk+1UzKv0RFI/LZw8a 0E/pgh54EIU16J0QKYkbQHj+JORFaRnKYRvtlr211CNHTc5k3wC0N58qjCoM7kItshpC aA6GfIYslDDlTECdNc1aJTWFM/R1zB1E2uGZ8ZEXO+y3sqHFtm2MOVvCUwnbGZmR4fsO btaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=xhF4gFPzmf/NVz8w4KmzYUsGp81lMCJiy1eXgyWAx3s=; b=02iTF/V/p+ir5Kt0O7xUk425Hw06LaFupV8bmdu4lFUMXoZwJ3xeHaDOOHCXF4eu7/ eNJFwR0ZaeoxPK7aVz6Vq4Vh/CEh/wJoJxaYuE3SUes2Yl99XvZlKIeCUORBAAgGZtit S0uuyZABHWS/0dpBgP2yJj0eUDkxllnAZZYgKTwMsdobVlsHTuN3n+7W7JNSh024Y9AL GKRgzg/ueQe3aEvsI7eEYDsp9mgZCx9/HssRJXKuBzRXKuCpTBZH6lproJa1war2i4uQ t9PsJ1sd9ketVA1dzSIEe7iqTgxvvJSarlOiC1miX+dav0VXnGBatZb1zuerbqBgY/9d gyiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WMZwf9cm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q3si7074789edv.85.2020.11.09.05.43.14; Mon, 09 Nov 2020 05:43:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WMZwf9cm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731924AbgKINl4 (ORCPT + 99 others); Mon, 9 Nov 2020 08:41:56 -0500 Received: from mail.kernel.org ([198.145.29.99]:55376 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730483AbgKINBU (ORCPT ); Mon, 9 Nov 2020 08:01:20 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DC61B206C0; Mon, 9 Nov 2020 13:01:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604926880; bh=MW71FPmZW5Ca5FPc/9Ef/m/b2yP0brzYxoz94zH+3XI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WMZwf9cm493cz9nc29S5gTiivYcxMxwpLd/76NMN9QZBu1huI3qmgx3IMVYtDkOYz Fhx9xenxN6/oeK9x5iBUS+jGwhStB6JH5mGzfFMdIfs6g0KiN4/ReK0QyO2P2Qzk4G kwCxAVQJ/b12ytZWDZM9cmeYvgIYN2gzDDs9mblM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhao Heming , Song Liu , Sasha Levin Subject: [PATCH 4.9 035/117] md/bitmap: md_bitmap_get_counter returns wrong blocks Date: Mon, 9 Nov 2020 13:54:21 +0100 Message-Id: <20201109125027.317940407@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201109125025.630721781@linuxfoundation.org> References: <20201109125025.630721781@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhao Heming [ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ] md_bitmap_get_counter() has code: ``` if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + PAGE_COUNTER_SHIFT - 1); ``` The minus 1 is wrong, this branch should report 2048 bits of space. With "-1" action, this only report 1024 bit of space. This bug code returns wrong blocks, but it doesn't inflence bitmap logic: 1. Most callers focus this function return value (the counter of offset), not the parameter blocks. 2. The bug is only triggered when hijacked is true or map is NULL. the hijacked true condition is very rare. the "map == null" only true when array is creating or resizing. 3. Even the caller gets wrong blocks, current code makes caller just to call md_bitmap_get_counter() one more time. Signed-off-by: Zhao Heming Signed-off-by: Song Liu Signed-off-by: Sasha Levin --- drivers/md/bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c index 63bff4cc70984..863fe19e906e6 100644 --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c @@ -1339,7 +1339,7 @@ __acquires(bitmap->lock) if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + - PAGE_COUNTER_SHIFT - 1); + PAGE_COUNTER_SHIFT); else csize = ((sector_t)1) << bitmap->chunkshift; *blocks = csize - (offset & (csize - 1)); -- 2.27.0