Re: [Devel] [PATCH RH8 2/2] cbt: endless loop on rollback in blk_cbt_snap_create()

Kirill Tkhai Mon, 31 May 2021 04:48:08 -0700

On 29.05.2021 14:52, Vasily Averin wrote:
> taken from vz7 commit faed6a011b
> ("cbt: endless loop on rollback in blk_cbt_map_copy_once")
> 
> found by smatch:
>     block/blk-cbt.c:359 blk_cbt_map_copy_once() warn:
>     always true condition '(--i >= 0) => (0-u64max >= 0)'
> 
> It leads to endless loop on rollback.
> https://jira.sw.ru/browse/PSBM-104530
> 
> VvS: in vz8 the same problem was found in blk_cbt_snap_create()
> Signed-off-by: Vasily Averin <[email protected]>


Reviewed-by: Kirill Tkhai <[email protected]>

> ---
>  block/blk-cbt.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/block/blk-cbt.c b/block/blk-cbt.c
> index 43bb0cd017cd..97f692fbbefe 100644
> --- a/block/blk-cbt.c
> +++ b/block/blk-cbt.c
> @@ -376,7 +376,8 @@ static int copy_cbt_to_user(struct page **map, unsigned 
> long size,
>  static int blk_cbt_snap_create(struct request_queue *q, __u8 *uuid,
>                              struct blk_user_cbt_snap_create __user *arg)
>  {
> -     unsigned long npages, i, size;
> +     unsigned long size;
> +     long npages, i;
>       __u64 to_addr, to_size;
>       struct cbt_info *cbt;
>       struct page **map;
> 

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH RH8 2/2] cbt: endless loop on rollback in blk_cbt_snap_create()

Reply via email to