[Devel] [PATCH RH7 1/2] cbt: endless loop on rollback in ploop_pb_map_alloc()
Kirill Tkhai
ktkhai at virtuozzo.com
Mon Jun 1 11:00:48 MSK 2020
On 31.05.2020 08:19, Vasily Averin wrote:
> found by smatch:
> drivers/block/ploop/push_backup.c:96 ploop_pb_map_alloc() warn:
> always true condition '(--i >= 0) => (0-u64max >= 0)'
>
> it leads to endless loop on rollback.
>
> https://jira.sw.ru/browse/PSBM-104530
> Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
> drivers/block/ploop/push_backup.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/block/ploop/push_backup.c b/drivers/block/ploop/push_backup.c
> index 168fa24..ac07919 100644
> --- a/drivers/block/ploop/push_backup.c
> +++ b/drivers/block/ploop/push_backup.c
> @@ -81,9 +81,9 @@ int ploop_pb_get_uuid(struct ploop_pushbackup_desc *pbd, __u8 *uuid)
>
> static struct page **ploop_pb_map_alloc(unsigned long block_max)
> {
> - unsigned long npages = NR_PAGES(block_max);
> + long npages = NR_PAGES(block_max);
> struct page **map = vmalloc(npages * sizeof(void *));
> - unsigned long i;
> + long i;
>
> if (!map)
> return NULL;
> @@ -106,7 +106,7 @@ static struct page **ploop_pb_map_alloc(unsigned long block_max)
> static void ploop_pb_map_free(struct page **map, unsigned long block_max)
> {
> if (map) {
> - unsigned long i;
> + long i;
> for (i = 0; i < NR_PAGES(block_max); i++)
> if (map[i])
> __free_page(map[i]);
>
unsigned long here is not BUG
More information about the Devel
mailing list