From: Hyunchul Lee <hyc.lee@gmail.com>
To: Yang Yingliang <yangyingliang@huawei.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
linux-cifsd-devel <linux-cifsd-devel@lists.sourceforge.net>,
linux-cifs <linux-cifs@vger.kernel.org>,
Namjae Jeon <namjae.jeon@samsung.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steve French <sfrench@samba.org>
Subject: Re: [PATCH -next v2] cifsd: check return value of ksmbd_vfs_getcasexattr() correctly
Date: Mon, 31 May 2021 14:38:42 +0900 [thread overview]
Message-ID: <CANFS6bbZysgZ2Wv7_FqmeBC0e34h5uiBLFdeiDvOxHFd2XGTSg@mail.gmail.com> (raw)
In-Reply-To: <20210531030550.1708816-1-yangyingliang@huawei.com>
2021년 5월 31일 (월) 오후 12:01, Yang Yingliang <yangyingliang@huawei.com>님이 작성:
>
> If ksmbd_vfs_getcasexattr() returns -ENOMEM, stream_buf is NULL,
> it will cause null-ptr-deref when using it to copy memory. So we
> need check the return value of ksmbd_vfs_getcasexattr() by comparing
> with 0.
>
> Fixes: f44158485826 ("cifsd: add file operations")
> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
> ---
> v2:
> Handle the case ksmbd_vfs_getcasexattr() returns 0.
> ---
> fs/cifsd/vfs.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c
> index 97d5584ec870..2a9cc0bc7726 100644
> --- a/fs/cifsd/vfs.c
> +++ b/fs/cifsd/vfs.c
> @@ -274,7 +274,6 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos,
> {
> ssize_t v_len;
> char *stream_buf = NULL;
> - int err;
>
> ksmbd_debug(VFS, "read stream data pos : %llu, count : %zd\n",
> *pos, count);
> @@ -283,10 +282,9 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos,
> fp->stream.name,
> fp->stream.size,
> &stream_buf);
> - if (v_len == -ENOENT) {
> + if ((int)v_len <= 0) {
> ksmbd_err("not found stream in xattr : %zd\n", v_len);
> - err = -ENOENT;
> - return err;
> + return v_len == 0 ? -ENOENT : (int)v_len;
How about making ksmbd_vfs_getcasexattr return -ENONENT instead of
returning 0 to
remove duplicate error handling code?
Thanks,
Hyunchul
> }
>
> memcpy(buf, &stream_buf[*pos], count);
> @@ -415,9 +413,9 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos,
> fp->stream.name,
> fp->stream.size,
> &stream_buf);
> - if (v_len == -ENOENT) {
> + if ((int)v_len <= 0) {
> ksmbd_err("not found stream in xattr : %zd\n", v_len);
> - err = -ENOENT;
> + err = v_len == 0 ? -ENOENT : (int)v_len;
> goto out;
> }
>
> --
> 2.25.1
>
next prev parent reply other threads:[~2021-05-31 5:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 3:05 [PATCH -next v2] cifsd: check return value of ksmbd_vfs_getcasexattr() correctly Yang Yingliang
2021-05-31 5:38 ` Hyunchul Lee [this message]
2021-05-31 6:09 ` Yang Yingliang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANFS6bbZysgZ2Wv7_FqmeBC0e34h5uiBLFdeiDvOxHFd2XGTSg@mail.gmail.com \
--to=hyc.lee@gmail.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-cifsd-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=namjae.jeon@samsung.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=sfrench@samba.org \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.