[PATCH 4.18 060/145] dm writecache: fix a crash due to reading past end of dirty_bitmap
From: Greg Kroah-Hartman
Date: Fri Sep 07 2018 - 17:15:24 EST
4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@xxxxxxxxxx>
commit 1e1132ea21da6d7be92a72195204379c819cb70b upstream.
wc->dirty_bitmap_size is in bytes so must multiply it by 8, not by
BITS_PER_LONG, to get number of bitmap_bits.
Fixes crash in find_next_bit() that was reported:
https://bugzilla.kernel.org/show_bug.cgi?id=200819
Reported-by: edo.rus@xxxxxxxxx
Fixes: 48debafe4f2f ("dm: add writecache target")
Cc: stable@xxxxxxxxxxxxxxx # 4.18
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
Signed-off-by: Mike Snitzer <snitzer@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/md/dm-writecache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-writecache.c
+++ b/drivers/md/dm-writecache.c
@@ -457,7 +457,7 @@ static void ssd_commit_flushed(struct dm
COMPLETION_INITIALIZER_ONSTACK(endio.c),
ATOMIC_INIT(1),
};
- unsigned bitmap_bits = wc->dirty_bitmap_size * BITS_PER_LONG;
+ unsigned bitmap_bits = wc->dirty_bitmap_size * 8;
unsigned i = 0;
while (1) {