CVE-2023-53376

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Use number of bits to manage bitmap sizes

To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long as unit. This gap causes memory access beyond the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG was observed at firmware download to eHBA-9600. Call trace indicated that the out-of-bounds access happened in findfirstzerobit() called from mpi3mrsendeventack() for miroc->evtackcmdsbitmap.

To fix the BUG, do not use bytes to manage bitmap sizes. Instead, use number of bits, and call bitmap helper functions which take number of bits as arguments. For memory allocation, call bitmapzalloc() instead of kzalloc() and krealloc(). For memory free, call bitmapfree() instead of kfree(). For zero clear, call bitmap_clear() instead of memset().

Remove three fields for bitmap byte sizes in struct scmdpriv which are no longer required. Replace the field devhandlebitmapsz with devhandlebitmapbits to keep number of bits of removependbitmap across resize.