summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZhao Heming <heming.zhao@suse.com>2020-10-05 19:00:24 +0300
committerSong Liu <songliubraving@fb.com>2020-10-09 08:31:29 +0300
commitd837f7277f56e70d82b3a4a037d744854e62f387 (patch)
treeb46c1b95bd92c91fb6c106e25bbfcc87b2502cca
parenta913096decbf4101271e7d87b9affb1454bb7676 (diff)
downloadlinux-d837f7277f56e70d82b3a4a037d744854e62f387.tar.xz
md/bitmap: md_bitmap_get_counter returns wrong blocks
md_bitmap_get_counter() has code: ``` if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + PAGE_COUNTER_SHIFT - 1); ``` The minus 1 is wrong, this branch should report 2048 bits of space. With "-1" action, this only report 1024 bit of space. This bug code returns wrong blocks, but it doesn't inflence bitmap logic: 1. Most callers focus this function return value (the counter of offset), not the parameter blocks. 2. The bug is only triggered when hijacked is true or map is NULL. the hijacked true condition is very rare. the "map == null" only true when array is creating or resizing. 3. Even the caller gets wrong blocks, current code makes caller just to call md_bitmap_get_counter() one more time. Signed-off-by: Zhao Heming <heming.zhao@suse.com> Signed-off-by: Song Liu <songliubraving@fb.com>
-rw-r--r--drivers/md/md-bitmap.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index cd9a12ca281d..b3f13105659d 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -1368,7 +1368,7 @@ __acquires(bitmap->lock)
if (bitmap->bp[page].hijacked ||
bitmap->bp[page].map == NULL)
csize = ((sector_t)1) << (bitmap->chunkshift +
- PAGE_COUNTER_SHIFT - 1);
+ PAGE_COUNTER_SHIFT);
else
csize = ((sector_t)1) << bitmap->chunkshift;
*blocks = csize - (offset & (csize - 1));