From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Oleg Drokin <green@linuxhacker.ru>
Cc: Dan Carpenter <dan.carpenter@oracle.com>,
devel@driverdev.osuosl.org,
Dmitry Eremin <dmitry.eremin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 06/20] staging/lustre: fix comparison between signed and unsigned
Date: Mon, 2 Feb 2015 12:51:43 -0800 [thread overview]
Message-ID: <20150202205143.GA6369@kroah.com> (raw)
In-Reply-To: <210DE60C-B152-4DF5-B6FC-06CD47CD36B9@linuxhacker.ru>
On Mon, Feb 02, 2015 at 03:25:58PM -0500, Oleg Drokin wrote:
> Hello!
>
> On Feb 2, 2015, at 10:44 AM, Greg Kroah-Hartman wrote:
>
> > On Mon, Feb 02, 2015 at 04:02:31PM +0300, Dan Carpenter wrote:
> >> On Sun, Feb 01, 2015 at 09:52:05PM -0500, green@linuxhacker.ru wrote:
> >>> From: Dmitry Eremin <dmitry.eremin@intel.com>
> >>>
> >>> Expression if (size != (ssize_t)size) is always false.
> >>> Therefore no bounds check errors detected.
> >>
> >> The original code actually worked as designed. The integer overflow
> >> could only happen on 32 bit systems and the test only was true for 32
> >> bit systems.
>
> Hm, indeed.
> Originally I fell into the trap thinking we are trying to protect against
> negative results here too. But in fact callers all check for the return
> to be negative as an error sign. Not to mention that we cannot overflow
> 64bit integer here as explained by the comment just 2 lines above the
> default patch context.
>
> >>
> >>> - if (size != (ssize_t)size)
> >>> + if (size > ~((size_t)0)>>1)
> >>> return -1;
> >>
> >> The problem is that the code was unclear. I think the new code is even
> >> more complicated to look at.
> > I agree, I don't even understand what the new code is doing.
>
> Sorry, this patch indeed should be dropped.
>
> > What is this code supposed to be protecting from? And -1? That should
> > never be a return value…
>
> Why is -1 a bad return value if all callsites check for that as an
> indication of error?
Because you should use "real" error values, don't make them up with
random negative numbers that mean nothing.
> (granted there's only one caller at this point in kernel space:
> lustre/llite/dir.c::ll_dir_ioctl()
> totalsize = hur_len(hur);
> OBD_FREE_PTR(hur);
> if (totalsize < 0)
> return -E2BIG;
> )
Shouldn't you have returned the error that hur_len() passed you?
thanks,
greg k-h
next prev parent reply other threads:[~2015-02-02 20:51 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-02 2:51 [PATCH 00/20] Lustre fixes green
2015-02-02 2:52 ` [PATCH 01/20] staging/lustre/ptlrpc: avoid list scan in ptlrpcd_check green
2015-02-02 2:52 ` [PATCH 02/20] staging/lustre/osc: split different type of IO green
2015-02-02 2:52 ` [PATCH 03/20] staging/lustre/ldlm: high load because of negative timeout green
2015-02-02 2:52 ` [PATCH 04/20] staging/lustre/libcfs: fix illegal page access of tracefiled() green
2015-02-02 2:52 ` [PATCH 05/20] staging/lustre/obdclass: fix a race in recovery green
2015-02-02 2:52 ` [PATCH 06/20] staging/lustre: fix comparison between signed and unsigned green
2015-02-02 13:02 ` Dan Carpenter
2015-02-02 15:44 ` Greg Kroah-Hartman
2015-02-02 20:25 ` Oleg Drokin
2015-02-02 20:51 ` Greg Kroah-Hartman [this message]
2015-02-02 23:16 ` Oleg Drokin
2015-02-02 2:52 ` [PATCH 07/20] staging/lustre/lnet: peer aliveness status and NI status green
2015-02-02 2:52 ` [PATCH 08/20] staging/lustre/llite: to configure max_cached_mb correctly green
2015-02-02 2:52 ` [PATCH 09/20] staging/lustre/llite: remove llite proc root on init failure green
2015-02-02 2:52 ` [PATCH 10/20] staging/lustre/obdclass: Proper swabbing of llog_rec_tail green
2015-02-02 2:52 ` [PATCH 11/20] staging/lustre/lnet: portal spreading rotor should be unsigned green
2015-02-02 2:52 ` [PATCH 12/20] staging/lustre/obd: change type of cl_conn_count to size_t green
2015-02-07 9:30 ` Greg Kroah-Hartman
2015-02-02 2:52 ` [PATCH 13/20] staging/lustre/ptlrpc: hold rq_lock when modify rq_flags green
2015-02-02 2:52 ` [PATCH 14/20] staging/lustre/llite: Solve a race to access lli_has_smd in read case green
2015-02-02 2:52 ` [PATCH 15/20] staging/lustre/fld: refer to MDT0 for fld lookup in some cases green
2015-02-02 2:52 ` [PATCH 16/20] staging/lustre/libcfs: protect kkuc_groups from write access green
2015-02-02 2:52 ` [PATCH 17/20] staging/lustre/llite: Add exception entry check after radix_tree green
2015-02-02 2:52 ` [PATCH 18/20] staging/lustre/llite: don't add to page cache upon failure green
2015-02-02 2:52 ` [PATCH 19/20] staging/lustre/clio: Do not allow group locks with gid 0 green
2015-02-02 2:52 ` [PATCH 20/20] staging/lustre/mdc: Initialize req in mdc_enqueue for !it case green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150202205143.GA6369@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andreas.dilger@intel.com \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=dmitry.eremin@intel.com \
--cc=green@linuxhacker.ru \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.