[PATCH 2/2] [md/bitmap] md_bitmap_get_counter return wrong blocks in some cases
From: Zhao Heming <hidden>
Date: 2020-10-03 16:12:45
Subsystem:
software raid (multiple disks) support, the rest · Maintainers:
Song Liu, Yu Kuai, Linus Torvalds
md_bitmap_get_counter() has code:
if (bitmap->bp[page].hijacked ||
bitmap->bp[page].map == NULL)
csize = ((sector_t)1) << (bitmap->chunkshift +
PAGE_COUNTER_SHIFT - 1);
the minus 1 is wrong, this branch should report 2048 bits of space. with "-1" action, this only report 1024 bit of space. this bug code returns wrong blocks, but it doesn't inflence bitmap logic: 1. most callers focus this function return value (the counter of offset), not the parameter blocks. 2. the bug is only triggered when hijacked is true or map is NULL. the hijacked true condition is very rare. the "map == null" only true when array is creating or resizing. 3. even the caller gets wrong blocks, current code makes caller just to call md_bitmap_get_counter() one more time. Signed-off-by: Zhao Heming <redacted> --- drivers/md/md-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index 1efd2b4..145b3b2 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c@@ -1367,7 +1367,7 @@ static bitmap_counter_t *md_bitmap_get_counter(struct bitmap_counts *bitmap, if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL) csize = ((sector_t)1) << (bitmap->chunkshift + - PAGE_COUNTER_SHIFT - 1); + PAGE_COUNTER_SHIFT); else csize = ((sector_t)1) << bitmap->chunkshift; *blocks = csize - (offset & (csize - 1));
--
1.8.3.1