From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4614C4320A for ; Tue, 27 Jul 2021 12:39:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 85B3660F51 for ; Tue, 27 Jul 2021 12:39:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236525AbhG0Mjl (ORCPT ); Tue, 27 Jul 2021 08:39:41 -0400 Received: from mga04.intel.com ([192.55.52.120]:11024 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231840AbhG0Mjk (ORCPT ); Tue, 27 Jul 2021 08:39:40 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10057"; a="210544269" X-IronPort-AV: E=Sophos;i="5.84,273,1620716400"; d="scan'208";a="210544269" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jul 2021 05:39:40 -0700 X-IronPort-AV: E=Sophos;i="5.84,273,1620716400"; d="scan'208";a="437300505" Received: from smile.fi.intel.com (HELO smile) ([10.237.68.40]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jul 2021 05:39:38 -0700 Received: from andy by smile with local (Exim 4.94.2) (envelope-from ) id 1m8MMt-0017nz-Mm; Tue, 27 Jul 2021 15:39:31 +0300 Date: Tue, 27 Jul 2021 15:39:31 +0300 From: Andy Shevchenko To: Greg Kroah-Hartman Cc: viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Jordy Zomer , "Ahmed S. Darwish" , Peter Zijlstra , Eric Biggers Subject: Re: [PATCH v2] fs: make d_path-like functions all have unsigned size Message-ID: References: <20210727120754.1091861-1-gregkh@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210727120754.1091861-1-gregkh@linuxfoundation.org> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 27, 2021 at 02:07:54PM +0200, Greg Kroah-Hartman wrote: > When running static analysis tools to find where signed values could > potentially wrap the family of d_path() functions turn out to trigger a > lot of mess. In evaluating the code, all of these usages seem safe, but > pointer math is involved so if a negative number is ever somehow passed > into these functions, memory can be traversed backwards in ways not > intended. > > Resolve all of the abuguity by just making "size" an unsigned value, > which takes the guesswork out of everything involved. Are you sure it's correct change? Look into extract_string() implementation. if (likely(p->len >= 0)) return p->buf; return ERR_PTR(-ENAMETOOLONG); Your change makes it equal to return p->buf; if I'm not mistaken. -- With Best Regards, Andy Shevchenko