[Devel] [PATCH RH8 2/2] cbt: endless loop on rollback in blk_cbt_snap_create()
Kirill Tkhai
ktkhai at virtuozzo.com
Mon May 31 10:47:02 MSK 2021
On 29.05.2021 14:52, Vasily Averin wrote:
> taken from vz7 commit faed6a011b
> ("cbt: endless loop on rollback in blk_cbt_map_copy_once")
>
> found by smatch:
> block/blk-cbt.c:359 blk_cbt_map_copy_once() warn:
> always true condition '(--i >= 0) => (0-u64max >= 0)'
>
> It leads to endless loop on rollback.
> https://jira.sw.ru/browse/PSBM-104530
>
> VvS: in vz8 the same problem was found in blk_cbt_snap_create()
> Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
> block/blk-cbt.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/block/blk-cbt.c b/block/blk-cbt.c
> index 43bb0cd017cd..97f692fbbefe 100644
> --- a/block/blk-cbt.c
> +++ b/block/blk-cbt.c
> @@ -376,7 +376,8 @@ static int copy_cbt_to_user(struct page **map, unsigned long size,
> static int blk_cbt_snap_create(struct request_queue *q, __u8 *uuid,
> struct blk_user_cbt_snap_create __user *arg)
> {
> - unsigned long npages, i, size;
> + unsigned long size;
> + long npages, i;
> __u64 to_addr, to_size;
> struct cbt_info *cbt;
> struct page **map;
>
More information about the Devel
mailing list