CVE-2025-22124

In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb

In clustermd, separate write-intent-bitmaps are used for each cluster node:

0 4k 8k 12k

| idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | |

So in node 1, pg_index in _writesbpage() could equal to bitmap->storage.filepages. Then bitmaplimit will be calculated to 0. mdsuperwrite() will be called with 0 size. That means the first 4k sb area of node 1 will never be updated through filemapwritepage(). This bug causes hang of mdadm/clustermdtests/01r1Growresize.

Here use (pgindex % bitmap->storage.filepages) to make calculation of bitmap_limit correct.