[RHEL7,COMMIT] cbt: endless loop on rollback in blk_cbt_map_copy_once

Submitted by Konstantin Khorenko on June 1, 2020, 11:54 a.m.

Details

Message ID 202006011154.051Bs9Tv025133@finist-ce7.sw.ru
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko June 1, 2020, 11:54 a.m.
The commit is pushed to "branch-rh7-3.10.0-1127.8.2.vz7.151.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.8.2.vz7.151.9
------>
commit 0097499e78476a7a7294513666458fa3b9a9a2de
Author: Vasily Averin <vvs@virtuozzo.com>
Date:   Mon Jun 1 14:54:09 2020 +0300

    cbt: endless loop on rollback in blk_cbt_map_copy_once
    
    found by smatch:
    block/blk-cbt.c:359 blk_cbt_map_copy_once() warn:
     always true condition '(--i >= 0) => (0-u64max >= 0)'
    
    It leads to endless loop on rollback.
    
    https://jira.sw.ru/browse/PSBM-104530
    Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 block/blk-cbt.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index 98993489d637b..46d04ec79164d 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -303,8 +303,7 @@  int blk_cbt_map_copy_once(struct request_queue *q, __u8 *uuid,
 {
 	struct cbt_info *cbt;
 	struct page **map;
-	unsigned long npages;
-	unsigned long i;
+	long npages, i;
 
 	mutex_lock(&cbt_mutex);
 	cbt = q->cbt;