Re: [PATCH] rbd: check snap_count against RBD_MAX_SNAP_COUNT

Next message: Eliot Courtney: "Re: [PATCH v7 4/4] gpu: nova-core: gsp: run the unload bundle if Gsp::boot() fails"
Previous message: Yosry Ahmed: "Re: [PATCH v3 2/4] mm/zswap: Implement proactive writeback"
In reply to: Rosen Penev: "[PATCH] rbd: check snap_count against RBD_MAX_SNAP_COUNT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alex Elder

Date: Fri May 29 2026 - 21:44:17 EST

On 5/29/26 8:12 PM, Rosen Penev wrote:

snap_count is u32 but the comparison is against a SIZE_MAX-derived value
(~2^61 on 64-bit), which clang flags as always false with
-Wtautological-constant-out-of-range-compare.

The proper check here should be that snap_count does not go over
RBD_MAX_SNAP_COUNT.

Assisted-by: Opencode:Big-pickle
Signed-off-by: Rosen Penev <rosenp@xxxxxxxxx>

Looks good to me.

Reviewed-by: Alex Elder <elder@xxxxxxxxxxxx>

---
drivers/block/rbd.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 94709466ad19..25215c209484 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -6075,12 +6075,9 @@ static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev,
/*
* Make sure the reported number of snapshot ids wouldn't go
- * beyond the end of our buffer. But before checking that,
- * make sure the computed size of the snapshot context we
- * allocate is representable in a size_t.
+ * beyond the end of our buffer.
*/
- if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
- / sizeof (u64)) {
+ if (snap_count > RBD_MAX_SNAP_COUNT) {
ret = -EINVAL;
goto out;
}