From: Li Nan <linan122@huawei.com> hulk inclusion category: bugfix bugzilla: 188270, https://gitee.com/openeuler/kernel/issues/I6ECES CVE: NA -------------------------------- There is a bug if we write a large number to md/bitmap_set_bits. md_bitmap_checkpage() returned -EINVAL if "page >= bitmap->pages", but the return value was not checked immediately in md_bitmap_get_counter() in order to set *blocks value. fix it by checking page before operate bitmap. Signed-off-by: Li Nan <linan122@huawei.com> Reviewed-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> --- drivers/md/md-bitmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c index d377ea060925..4201d68b60f2 100644 --- a/drivers/md/md-bitmap.c +++ b/drivers/md/md-bitmap.c @@ -1365,6 +1365,9 @@ __acquires(bitmap->lock) sector_t csize; int err; + if (page >= bitmap->pages) + return NULL; + err = md_bitmap_checkpage(bitmap, page, create, 0); if (bitmap->bp[page].hijacked || -- 2.25.1