1. Patchew
  2. linux
  3. View series

[PATCH] rbd: check snap_count against RBD_MAX_SNAP_COUNT

Rosen Penev posted 1 patch 1 week, 2 days ago 
drivers/block/rbd.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
[PATCH] rbd: check snap_count against RBD_MAX_SNAP_COUNT
Posted by Rosen Penev 1 week, 2 days ago 
snap_count is u32 but the comparison is against a SIZE_MAX-derived value
(~2^61 on 64-bit), which clang flags as always false with
-Wtautological-constant-out-of-range-compare.

The proper check here should be that snap_count does not go over
RBD_MAX_SNAP_COUNT.

Assisted-by: Opencode:Big-pickle
Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 drivers/block/rbd.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 94709466ad19..25215c209484 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -6075,12 +6075,9 @@ static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev,
 
 	/*
 	 * Make sure the reported number of snapshot ids wouldn't go
-	 * beyond the end of our buffer.  But before checking that,
-	 * make sure the computed size of the snapshot context we
-	 * allocate is representable in a size_t.
+	 * beyond the end of our buffer.
 	 */
-	if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
-				 / sizeof (u64)) {
+	if (snap_count > RBD_MAX_SNAP_COUNT) {
 		ret = -EINVAL;
 		goto out;
 	}
-- 
2.54.0
Re: [PATCH] rbd: check snap_count against RBD_MAX_SNAP_COUNT
Posted by Jens Axboe 6 days, 18 hours ago 
On Fri, 29 May 2026 18:12:55 -0700, Rosen Penev wrote:
> snap_count is u32 but the comparison is against a SIZE_MAX-derived value
> (~2^61 on 64-bit), which clang flags as always false with
> -Wtautological-constant-out-of-range-compare.
> 
> The proper check here should be that snap_count does not go over
> RBD_MAX_SNAP_COUNT.
> 
> [...]

Applied, thanks!

[1/1] rbd: check snap_count against RBD_MAX_SNAP_COUNT
      commit: 2e1b3f4c51ace14f67201bd2a92ca6312a3c3724

Best regards,
-- 
Jens Axboe
Re: [PATCH] rbd: check snap_count against RBD_MAX_SNAP_COUNT
Posted by Alex Elder 1 week, 2 days ago 
On 5/29/26 8:12 PM, Rosen Penev wrote:
> snap_count is u32 but the comparison is against a SIZE_MAX-derived value
> (~2^61 on 64-bit), which clang flags as always false with
> -Wtautological-constant-out-of-range-compare.
> 
> The proper check here should be that snap_count does not go over
> RBD_MAX_SNAP_COUNT.
> 
> Assisted-by: Opencode:Big-pickle
> Signed-off-by: Rosen Penev <rosenp@gmail.com>

Looks good to me.

Reviewed-by: Alex Elder <elder@riscstar.com>

> ---
>   drivers/block/rbd.c | 7 ++-----
>   1 file changed, 2 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
> index 94709466ad19..25215c209484 100644
> --- a/drivers/block/rbd.c
> +++ b/drivers/block/rbd.c
> @@ -6075,12 +6075,9 @@ static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev,
>   
>   	/*
>   	 * Make sure the reported number of snapshot ids wouldn't go
> -	 * beyond the end of our buffer.  But before checking that,
> -	 * make sure the computed size of the snapshot context we
> -	 * allocate is representable in a size_t.
> +	 * beyond the end of our buffer.
>   	 */
> -	if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
> -				 / sizeof (u64)) {
> +	if (snap_count > RBD_MAX_SNAP_COUNT) {
>   		ret = -EINVAL;
>   		goto out;
>   	}

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.