[Devel] [PATCH vz10 2/2] lib/kmapset: fix freeing the tail in kmapset_copy()
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Jun 3 08:26:00 MSK 2025
On 6/2/25 19:55, Konstantin Khorenko wrote:
> map_link is not the first field in the struct kmapset_link,
> so condition "while (&new_link->map_link)" will be always true.
>
> + gcc warning:
>
> lib/kmapset.c: In function ‘kmapset_copy’:
> lib/kmapset.c:192:16: warning: the comparison will always evaluate as
> ‘true’ for the address of ‘map_link’ will never be NULL [-Waddress]
> 192 | while (&new_link->map_link) {
> | ^
>
> Found during the rebase to RHEL10 kernel:
> https://virtuozzo.atlassian.net/browse/VSTOR-97985
>
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
> lib/kmapset.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/lib/kmapset.c b/lib/kmapset.c
> index 03af368adeb11..12952d9fcf547 100644
> --- a/lib/kmapset.c
> +++ b/lib/kmapset.c
> @@ -185,10 +185,12 @@ static int kmapset_copy(struct kmapset_map *dst, struct kmapset_map *src)
> }
> kmapset_unlock(set);
>
> - while (&new_link->map_link) {
> + while (new_link) {
> next = new_link->map_link.next;
> hlist_del(&new_link->map_link);
> kfree(new_link);
> + if (!next)
> + break;
> new_link = hlist_entry(next, struct kmapset_link, map_link);
This should be hlist_entry_safe, else on the end of list you would have
new_link being a negative pointer.
> }
>
--
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.
More information about the Devel
mailing list