dm writecache: fix a crash due to reading past end of dirty_bitmap

wc->dirty_bitmap_size is in bytes so must multiply it by 8, not by
BITS_PER_LONG, to get number of bitmap_bits.

Fixes crash in find_next_bit() that was reported:
https://bugzilla.kernel.org/show_bug.cgi?id=200819

Reported-by: edo.rus@gmail.com
Fixes: 48debafe4f2f ("dm: add writecache target")
Cc: stable@vger.kernel.org # 4.18
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>

diff --git a/drivers/md/dm-writecache.c b/drivers/md/dm-writecache.c
index e672e1d17bf1d8fda5d632d41e7316ebb90a5d1e..3a28a68f184ca5baccaa541ad68fd60eade09df7 100644 (file)
--- a/drivers/md/dm-writecache.c
+++ b/drivers/md/dm-writecache.c
@@ -457,7 +457,7 @@ static void ssd_commit_flushed(struct dm_writecache *wc)
                COMPLETION_INITIALIZER_ONSTACK(endio.c),
                ATOMIC_INIT(1),
        };
-       unsigned bitmap_bits = wc->dirty_bitmap_size * BITS_PER_LONG;
+       unsigned bitmap_bits = wc->dirty_bitmap_size * 8;
        unsigned i = 0;
 
        while (1) {