[PATCH] md/md-llbitmap: clamp state-machine walks to tracked bits

Next message: Yu Kuai: "[PATCH] md/raid10: reject llbitmap chunk shrink during reshape"
Previous message: Yu Kuai: "[PATCH] md/raid10: split reshape bios before bitmap accounting"
In reply to: Yu Kuai: "[PATCH] md/raid10: split reshape bios before bitmap accounting"
Next in thread: Yu Kuai: "[PATCH] md/raid10: reject llbitmap chunk shrink during reshape"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yu Kuai

Date: Sat Apr 18 2026 - 23:16:13 EST

llbitmap_state_machine() can be called with an end bit beyond
llbitmap->chunks. In particular, llbitmap_cond_end_sync() passes
sector >> chunkshift, and sector can reach the tracked boundary
exactly.

Clamp the state-machine range to llbitmap->chunks so it cannot walk
past the tracked bitmap.

Signed-off-by: Yu Kuai <yukuai@xxxxxxxxx>
---
drivers/md/md-llbitmap.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/md/md-llbitmap.c b/drivers/md/md-llbitmap.c
index b3ff67779557..6f81ccf3e884 100644
--- a/drivers/md/md-llbitmap.c
+++ b/drivers/md/md-llbitmap.c
@@ -853,7 +853,10 @@ static enum llbitmap_state llbitmap_state_machine(struct llbitmap *llbitmap,
llbitmap_init_state(llbitmap);
return BitNone;
}
-
+ if (start >= llbitmap->chunks)
+ return BitNone;
+ if (end >= llbitmap->chunks)
+ end = llbitmap->chunks - 1;
while (start <= end) {
enum llbitmap_state c = llbitmap_read(llbitmap, start);

--
2.51.0