In the Linux kernel, the following vulnerability has been resolved:
md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
In clustermd, separate write-intent-bitmaps are used for each cluster node:
| idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | |
So in node 1, pgindex in _writesbpage() could equal to bitmap->storage.filepages. Then bitmaplimit will be calculated to 0. mdsuperwrite() will be called with 0 size. That means the first 4k sb area of node 1 will never be updated through filemapwritepage(). This bug causes hang of mdadm/clustermdtests/01r1Grow_resize.
Here use (pgindex % bitmap->storage.filepages) to make calculation of bitmap_limit correct.