[Devel] [PATCH RH8 2/2] cbt: endless loop on rollback in blk_cbt_snap_create()
Vasily Averin
vvs at virtuozzo.com
Sat May 29 14:52:22 MSK 2021
taken from vz7 commit faed6a011b
("cbt: endless loop on rollback in blk_cbt_map_copy_once")
found by smatch:
block/blk-cbt.c:359 blk_cbt_map_copy_once() warn:
always true condition '(--i >= 0) => (0-u64max >= 0)'
It leads to endless loop on rollback.
https://jira.sw.ru/browse/PSBM-104530
VvS: in vz8 the same problem was found in blk_cbt_snap_create()
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
block/blk-cbt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index 43bb0cd017cd..97f692fbbefe 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -376,7 +376,8 @@ static int copy_cbt_to_user(struct page **map, unsigned long size,
static int blk_cbt_snap_create(struct request_queue *q, __u8 *uuid,
struct blk_user_cbt_snap_create __user *arg)
{
- unsigned long npages, i, size;
+ unsigned long size;
+ long npages, i;
__u64 to_addr, to_size;
struct cbt_info *cbt;
struct page **map;
--
2.25.1
More information about the Devel
mailing list