Message ID | 20230427085612.1346752-2-linan666@huaweicloud.com (mailing list archive) |
---|---|
State | Superseded, archived |
Headers | show |
Series | md: bugfix of writing raid sysfs | expand |
Hi, 在 2023/04/27 16:56, linan666@huaweicloud.com 写道: > From: Li Nan <linan122@huawei.com> > > If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage() > will return -EINVAL because "page >= bitmap->pages", but the return value > was not checked immediately in md_bitmap_get_counter() in order to set > *blocks value and slab-out-of-bounds occurs. > > Return directly if err is -EINVAL. > > Fixes: ef4256733506 ("md/bitmap: optimise scanning of empty bitmaps.") > Signed-off-by: Li Nan <linan122@huawei.com> This patch looks good to me, feel free to add: Reviewed-by: Yu Kuai <yukuai3@huawei.com> By the way, I think it's better for bitmap_store() to return error number if bitmap doesn't exist or setting dirty bits failed. Thnaks, Kuai > --- > drivers/md/md-bitmap.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c > index 920bb68156d2..0b41ef422da7 100644 > --- a/drivers/md/md-bitmap.c > +++ b/drivers/md/md-bitmap.c > @@ -1388,6 +1388,8 @@ __acquires(bitmap->lock) > int err; > > err = md_bitmap_checkpage(bitmap, page, create, 0); > + if (err == -EINVAL) > + return NULL; > > if (bitmap->bp[page].hijacked || > bitmap->bp[page].map == NULL) >
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c index 920bb68156d2..0b41ef422da7 100644 --- a/drivers/md/md-bitmap.c +++ b/drivers/md/md-bitmap.c @@ -1388,6 +1388,8 @@ __acquires(bitmap->lock) int err; err = md_bitmap_checkpage(bitmap, page, create, 0); + if (err == -EINVAL) + return NULL; if (bitmap->bp[page].hijacked || bitmap->bp[page].map == NULL)