* [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes
@ 2021-10-07 11:47 Colin King
2021-10-07 12:37 ` Namjae Jeon
0 siblings, 1 reply; 5+ messages in thread
From: Colin King @ 2021-10-07 11:47 UTC (permalink / raw)
To: Namjae Jeon, Sergey Senozhatsky, Steve French, Hyunchul Lee,
Ronnie Sahlberg, linux-cifs
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Currently the check for nbytes < 0 is always false because nbytes
is an unsigned int and can never be less than zero. Fix this by
using ret for the assignment and comparison and assigning nbytes
to ret later if the check is successful. The fix also passes the
error return in ret to the error handling path that caters for
various values of ret.
Addresses-Coverity: ("Unsigned compared against 0")
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
fs/ksmbd/smb2pdu.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/ksmbd/smb2pdu.c b/fs/ksmbd/smb2pdu.c
index 8ceac0ebdbea..9be82d08b722 100644
--- a/fs/ksmbd/smb2pdu.c
+++ b/fs/ksmbd/smb2pdu.c
@@ -7537,9 +7537,10 @@ int smb2_ioctl(struct ksmbd_work *work)
rsp->VolatileFileId = cpu_to_le64(SMB2_NO_FID);
break;
case FSCTL_QUERY_NETWORK_INTERFACE_INFO:
- nbytes = fsctl_query_iface_info_ioctl(conn, rsp, out_buf_len);
- if (nbytes < 0)
+ ret = fsctl_query_iface_info_ioctl(conn, rsp, out_buf_len);
+ if (ret < 0)
goto out;
+ nbytes = ret;
break;
case FSCTL_REQUEST_RESUME_KEY:
if (out_buf_len < sizeof(struct resume_key_ioctl_rsp)) {
--
2.32.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes
2021-10-07 11:47 [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes Colin King
@ 2021-10-07 12:37 ` Namjae Jeon
2021-10-07 12:51 ` Namjae Jeon
2021-10-07 13:35 ` Dan Carpenter
0 siblings, 2 replies; 5+ messages in thread
From: Namjae Jeon @ 2021-10-07 12:37 UTC (permalink / raw)
To: Colin King
Cc: Sergey Senozhatsky, Steve French, Hyunchul Lee, Ronnie Sahlberg,
linux-cifs, kernel-janitors, linux-kernel
2021-10-07 20:47 GMT+09:00, Colin King <colin.king@canonical.com>:
> From: Colin Ian King <colin.king@canonical.com>
>
> Currently the check for nbytes < 0 is always false because nbytes
> is an unsigned int and can never be less than zero. Fix this by
> using ret for the assignment and comparison and assigning nbytes
> to ret later if the check is successful. The fix also passes the
> error return in ret to the error handling path that caters for
> various values of ret.
>
> Addresses-Coverity: ("Unsigned compared against 0")
> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
I think that this alarm is caused by b66732021c64 (ksmbd: add
validation in smb2_ioctl).
Fixes tag may be not needed. Because b66732021c64 patch is not applied
to Linus' tree yet ?
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes
2021-10-07 12:37 ` Namjae Jeon
@ 2021-10-07 12:51 ` Namjae Jeon
2021-10-07 13:35 ` Dan Carpenter
1 sibling, 0 replies; 5+ messages in thread
From: Namjae Jeon @ 2021-10-07 12:51 UTC (permalink / raw)
To: Colin King
Cc: Sergey Senozhatsky, Steve French, Hyunchul Lee, Ronnie Sahlberg,
linux-cifs, kernel-janitors, linux-kernel
2021-10-07 21:37 GMT+09:00, Namjae Jeon <linkinjeon@kernel.org>:
> 2021-10-07 20:47 GMT+09:00, Colin King <colin.king@canonical.com>:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Currently the check for nbytes < 0 is always false because nbytes
>> is an unsigned int and can never be less than zero. Fix this by
>> using ret for the assignment and comparison and assigning nbytes
>> to ret later if the check is successful. The fix also passes the
>> error return in ret to the error handling path that caters for
>> various values of ret.
>>
>> Addresses-Coverity: ("Unsigned compared against 0")
>> Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
> I think that this alarm is caused by b66732021c64 (ksmbd: add
> validation in smb2_ioctl).
> Fixes tag may be not needed. Because b66732021c64 patch is not applied
> to Linus' tree yet ?
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Acked-by: Namjae Jeon <linkinjeon@kernel.org>
I found one issue in this patch.
if ret is -EINVAL, Status is changed to STATUS_INVALID_PARAMETER from
STATUS_BUFFER_TOO_SMALL.
static int fsctl_query_iface_info_ioctl(struct ksmbd_conn *conn,
struct smb2_ioctl_rsp *rsp,
unsigned int out_buf_len)
...
if (!nbytes) {
rsp->hdr.Status = STATUS_BUFFER_TOO_SMALL;
return -EINVAL;
}
>
> Thanks!
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes
2021-10-07 12:37 ` Namjae Jeon
2021-10-07 12:51 ` Namjae Jeon
@ 2021-10-07 13:35 ` Dan Carpenter
2021-10-07 14:31 ` Namjae Jeon
1 sibling, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2021-10-07 13:35 UTC (permalink / raw)
To: Namjae Jeon
Cc: Colin King, Sergey Senozhatsky, Steve French, Hyunchul Lee,
Ronnie Sahlberg, linux-cifs, kernel-janitors, linux-kernel
On Thu, Oct 07, 2021 at 09:37:04PM +0900, Namjae Jeon wrote:
> 2021-10-07 20:47 GMT+09:00, Colin King <colin.king@canonical.com>:
> >
> > Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
> I think that this alarm is caused by b66732021c64 (ksmbd: add
> validation in smb2_ioctl).
> Fixes tag may be not needed. Because b66732021c64 patch is not applied
> to Linus' tree yet ?
If you are going to modify the commit to include this fix then that's
fine. Otherise if you are going to apply this commit then the Fixes
tag is still required.
The fixes tag saves time for backporters because they can automatically
rule out that this patch needs to be backported. Or if they backport
commit b66732021c64 then they know they have to backport the fix as
well.
Also the Fixes tag is used for other purposes besides backporting.
It helps review. It's also an interesting metric to measure how long
between the bug is introduced and the fix is applied.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes
2021-10-07 13:35 ` Dan Carpenter
@ 2021-10-07 14:31 ` Namjae Jeon
0 siblings, 0 replies; 5+ messages in thread
From: Namjae Jeon @ 2021-10-07 14:31 UTC (permalink / raw)
To: Dan Carpenter
Cc: Colin King, Sergey Senozhatsky, Steve French, Hyunchul Lee,
Ronnie Sahlberg, linux-cifs, kernel-janitors, linux-kernel
2021-10-07 22:35 GMT+09:00, Dan Carpenter <dan.carpenter@oracle.com>:
> On Thu, Oct 07, 2021 at 09:37:04PM +0900, Namjae Jeon wrote:
>> 2021-10-07 20:47 GMT+09:00, Colin King <colin.king@canonical.com>:
>> >
>> > Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
>> I think that this alarm is caused by b66732021c64 (ksmbd: add
>> validation in smb2_ioctl).
>> Fixes tag may be not needed. Because b66732021c64 patch is not applied
>> to Linus' tree yet ?
>
> If you are going to modify the commit to include this fix then that's
> fine. Otherise if you are going to apply this commit then the Fixes
> tag is still required.
>
> The fixes tag saves time for backporters because they can automatically
> rule out that this patch needs to be backported. Or if they backport
> commit b66732021c64 then they know they have to backport the fix as
> well.
>
> Also the Fixes tag is used for other purposes besides backporting.
> It helps review. It's also an interesting metric to measure how long
> between the bug is introduced and the fix is applied.
Okay, Thanks for your detailed explanation:)
>
> regards,
> dan carpenter
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-07 14:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-07 11:47 [PATCH][next] cifsd: Fix a less than zero comparison with the unsigned int nbytes Colin King
2021-10-07 12:37 ` Namjae Jeon
2021-10-07 12:51 ` Namjae Jeon
2021-10-07 13:35 ` Dan Carpenter
2021-10-07 14:31 ` Namjae Jeon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).