Re: [PATCH -next v2] cifsd: check return value of ksmbd_vfs_getcasexattr() correctly

From: Yang Yingliang <yangyingliang@huawei.com>
To: Hyunchul Lee <hyc.lee@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
	linux-cifsd-devel <linux-cifsd-devel@lists.sourceforge.net>,
	linux-cifs <linux-cifs@vger.kernel.org>,
	Namjae Jeon <namjae.jeon@samsung.com>,
	"Sergey Senozhatsky" <sergey.senozhatsky@gmail.com>,
	Steve French <sfrench@samba.org>
Subject: Re: [PATCH -next v2] cifsd: check return value of ksmbd_vfs_getcasexattr() correctly
Date: Mon, 31 May 2021 14:09:40 +0800	[thread overview]
Message-ID: <0d4edde6-f8e8-5100-5c06-54ff2e0a7378@huawei.com> (raw)
In-Reply-To: <CANFS6bbZysgZ2Wv7_FqmeBC0e34h5uiBLFdeiDvOxHFd2XGTSg@mail.gmail.com>


On 2021/5/31 13:38, Hyunchul Lee wrote:
> 2021년 5월 31일 (월) 오후 12:01, Yang Yingliang <yangyingliang@huawei.com>님이 작성:
>> If ksmbd_vfs_getcasexattr() returns -ENOMEM, stream_buf is NULL,
>> it will cause null-ptr-deref when using it to copy memory. So we
>> need check the return value of ksmbd_vfs_getcasexattr() by comparing
>> with 0.
>>
>> Fixes: f44158485826 ("cifsd: add file operations")
>> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
>> ---
>> v2:
>>    Handle the case ksmbd_vfs_getcasexattr() returns 0.
>> ---
>>   fs/cifsd/vfs.c | 10 ++++------
>>   1 file changed, 4 insertions(+), 6 deletions(-)
>>
>> diff --git a/fs/cifsd/vfs.c b/fs/cifsd/vfs.c
>> index 97d5584ec870..2a9cc0bc7726 100644
>> --- a/fs/cifsd/vfs.c
>> +++ b/fs/cifsd/vfs.c
>> @@ -274,7 +274,6 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos,
>>   {
>>          ssize_t v_len;
>>          char *stream_buf = NULL;
>> -       int err;
>>
>>          ksmbd_debug(VFS, "read stream data pos : %llu, count : %zd\n",
>>                      *pos, count);
>> @@ -283,10 +282,9 @@ static int ksmbd_vfs_stream_read(struct ksmbd_file *fp, char *buf, loff_t *pos,
>>                                         fp->stream.name,
>>                                         fp->stream.size,
>>                                         &stream_buf);
>> -       if (v_len == -ENOENT) {
>> +       if ((int)v_len <= 0) {
>>                  ksmbd_err("not found stream in xattr : %zd\n", v_len);
>> -               err = -ENOENT;
>> -               return err;
>> +               return v_len == 0 ? -ENOENT : (int)v_len;
> How about making ksmbd_vfs_getcasexattr return -ENONENT instead of
> returning 0 to
> remove duplicate error handling code?
Yes, I think it's ok, I will send a v3 later.

Thanks,
Yang
>
> Thanks,
> Hyunchul
>
>>          }
>>
>>          memcpy(buf, &stream_buf[*pos], count);
>> @@ -415,9 +413,9 @@ static int ksmbd_vfs_stream_write(struct ksmbd_file *fp, char *buf, loff_t *pos,
>>                                         fp->stream.name,
>>                                         fp->stream.size,
>>                                         &stream_buf);
>> -       if (v_len == -ENOENT) {
>> +       if ((int)v_len <= 0) {
>>                  ksmbd_err("not found stream in xattr : %zd\n", v_len);
>> -               err = -ENOENT;
>> +               err = v_len == 0 ? -ENOENT : (int)v_len;
>>                  goto out;
>>          }
>>
>> --
>> 2.25.1
>>
> .