[Devel] [PATCH vz10 2/2] lib/kmapset: fix freeing the tail in kmapset_copy()

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Tue Jun 3 08:26:00 MSK 2025



On 6/2/25 19:55, Konstantin Khorenko wrote:
> map_link is not the first field in the struct kmapset_link,
> so condition "while (&new_link->map_link)" will be always true.
> 
> + gcc warning:
> 
>    lib/kmapset.c: In function ‘kmapset_copy’:
>    lib/kmapset.c:192:16: warning: the comparison will always evaluate as
>    ‘true’ for the address of ‘map_link’ will never be NULL [-Waddress]
>      192 |         while (&new_link->map_link) {
>          |                ^
> 
> Found during the rebase to RHEL10 kernel:
> https://virtuozzo.atlassian.net/browse/VSTOR-97985
> 
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
>   lib/kmapset.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/kmapset.c b/lib/kmapset.c
> index 03af368adeb11..12952d9fcf547 100644
> --- a/lib/kmapset.c
> +++ b/lib/kmapset.c
> @@ -185,10 +185,12 @@ static int kmapset_copy(struct kmapset_map *dst, struct kmapset_map *src)
>   	}
>   	kmapset_unlock(set);
>   
> -	while (&new_link->map_link) {
> +	while (new_link) {
>   		next = new_link->map_link.next;
>   		hlist_del(&new_link->map_link);
>   		kfree(new_link);
> +		if (!next)
> +			break;
>   		new_link = hlist_entry(next, struct kmapset_link, map_link);

This should be hlist_entry_safe, else on the end of list you would have 
new_link being a negative pointer.

>   	}
>   

-- 
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.



More information about the Devel mailing list