rbd: check snap_count against RBD_MAX_SNAP_COUNT

snap_count is u32 but the comparison is against a SIZE_MAX-derived value
(~2^61 on 64-bit), which clang flags as always false with
-Wtautological-constant-out-of-range-compare.

The proper check here should be that snap_count does not go over
RBD_MAX_SNAP_COUNT.

Assisted-by: Opencode:Big-pickle
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Alex Elder <elder@riscstar.com>
Link: https://patch.msgid.link/20260530011255.52916-1-rosenp@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 4065336ebd1f1ac95b2f6311e686fb80b0680ed5..0a0b0a1af7691e8638cbac6e50b1bded00b56197 100644 (file)
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -6094,12 +6094,9 @@ static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev,
 
        /*
         * Make sure the reported number of snapshot ids wouldn't go
-        * beyond the end of our buffer.  But before checking that,
-        * make sure the computed size of the snapshot context we
-        * allocate is representable in a size_t.
+        * beyond the end of our buffer.
         */
-       if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
-                                / sizeof (u64)) {
+       if (snap_count > RBD_MAX_SNAP_COUNT) {
                ret = -EINVAL;
                goto out;
        }