LU-6584 osd: prevent int type overflow in osd_read_prep()

There is possible type overflow in osd_read_prep() that may
cause too big value in lnb_rc followed by assertion.

Signed-off-by: Mikhail Pershin <mike.pershin@intel.com>
Change-Id: If17b533e7d0dcae7db57eefc0e5981821f628c56
Reviewed-on: http://review.whamcloud.com/16685
Tested-by: Jenkins
Reviewed-by: Alex Zhuravlev <alexey.zhuravlev@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Cliff White <cliff.white@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/osd-zfs/osd_io.c b/lustre/osd-zfs/osd_io.c
index 004cccf..036e780 100644 (file)
--- a/lustre/osd-zfs/osd_io.c
+++ b/lustre/osd-zfs/osd_io.c
@@ -862,7 +862,6 @@ static int osd_read_prep(const struct lu_env *env, struct dt_object *dt,
 {
        struct osd_object *obj  = osd_dt_obj(dt);
        int                i;
-       unsigned long      size = 0;
        loff_t             eof;
 
        LASSERT(dt_object_exists(dt));
@@ -877,12 +876,12 @@ static int osd_read_prep(const struct lu_env *env, struct dt_object *dt,
                        continue;
 
                lnb[i].lnb_rc = lnb[i].lnb_len;
-               size += lnb[i].lnb_rc;
 
-               if (lnb[i].lnb_file_offset + lnb[i].lnb_len > eof) {
-                       lnb[i].lnb_rc = eof - lnb[i].lnb_file_offset;
-                       if (lnb[i].lnb_rc < 0)
+               if (lnb[i].lnb_file_offset + lnb[i].lnb_len >= eof) {
+                       if (eof <= lnb[i].lnb_file_offset)
                                lnb[i].lnb_rc = 0;
+                       else
+                               lnb[i].lnb_rc = eof - lnb[i].lnb_file_offset;
 
                        /* all subsequent rc should be 0 */
                        while (++i < npages)