| From 5313a08de0f0de388b29e59a9172925c5fbc017d Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 6 Oct 2020 00:00:24 +0800 |
| Subject: md/bitmap: md_bitmap_get_counter returns wrong blocks |
| |
| From: Zhao Heming <heming.zhao@suse.com> |
| |
| [ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ] |
| |
| md_bitmap_get_counter() has code: |
| |
| ``` |
| if (bitmap->bp[page].hijacked || |
| bitmap->bp[page].map == NULL) |
| csize = ((sector_t)1) << (bitmap->chunkshift + |
| PAGE_COUNTER_SHIFT - 1); |
| ``` |
| |
| The minus 1 is wrong, this branch should report 2048 bits of space. |
| With "-1" action, this only report 1024 bit of space. |
| |
| This bug code returns wrong blocks, but it doesn't inflence bitmap logic: |
| 1. Most callers focus this function return value (the counter of offset), |
| not the parameter blocks. |
| 2. The bug is only triggered when hijacked is true or map is NULL. |
| the hijacked true condition is very rare. |
| the "map == null" only true when array is creating or resizing. |
| 3. Even the caller gets wrong blocks, current code makes caller just to |
| call md_bitmap_get_counter() one more time. |
| |
| Signed-off-by: Zhao Heming <heming.zhao@suse.com> |
| Signed-off-by: Song Liu <songliubraving@fb.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/md/md-bitmap.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c |
| index c61ab86a28b52..d910833feeb4d 100644 |
| --- a/drivers/md/md-bitmap.c |
| +++ b/drivers/md/md-bitmap.c |
| @@ -1367,7 +1367,7 @@ __acquires(bitmap->lock) |
| if (bitmap->bp[page].hijacked || |
| bitmap->bp[page].map == NULL) |
| csize = ((sector_t)1) << (bitmap->chunkshift + |
| - PAGE_COUNTER_SHIFT - 1); |
| + PAGE_COUNTER_SHIFT); |
| else |
| csize = ((sector_t)1) << bitmap->chunkshift; |
| *blocks = csize - (offset & (csize - 1)); |
| -- |
| 2.27.0 |
| |