!9783 CVE-2024-38598 (083359e7) · Commits · EulixOS / Software / Kernel

drivers/md/md-bitmap.c

+11 −13

Original line number	Diff line number	Diff line
		@@ -54,14 +54,7 @@ __acquires(bitmap->lock)
		{
		unsigned char *mappage;

		if (page >= bitmap->pages) {
		/* This can happen if bitmap_start_sync goes beyond
		* End-of-device while looking for a whole page.
		* It is harmless.
		*/
		return -EINVAL;
		}

		WARN_ON_ONCE(page >= bitmap->pages);
		if (bitmap->bp[page].hijacked) /* it's hijacked, don't try to alloc */
		return 0;

		@@ -1405,20 +1398,25 @@ __acquires(bitmap->lock)
		sector_t chunk = offset >> bitmap->chunkshift;
		unsigned long page = chunk >> PAGE_COUNTER_SHIFT;
		unsigned long pageoff = (chunk & PAGE_COUNTER_MASK) << COUNTER_BYTE_SHIFT;
		sector_t csize;
		sector_t csize = ((sector_t)1) << bitmap->chunkshift;
		int err;

		if (page >= bitmap->pages)
		if (page >= bitmap->pages) {
		/*
		* This can happen if bitmap_start_sync goes beyond
		* End-of-device while looking for a whole page or
		* user set a huge number to sysfs bitmap_set_bits.
		*/
		*blocks = csize - (offset & (csize - 1));
		return NULL;

		}
		err = md_bitmap_checkpage(bitmap, page, create, 0);

		if (bitmap->bp[page].hijacked \|\|
		bitmap->bp[page].map == NULL)
		csize = ((sector_t)1) << (bitmap->chunkshift +
		PAGE_COUNTER_SHIFT);
		else
		csize = ((sector_t)1) << bitmap->chunkshift;

		*blocks = csize - (offset & (csize - 1));

		if (err < 0)