* 2 error cases in sid_to_id are ignored
@ 2021-06-21 20:57 Steve French
2021-06-22 10:18 ` Aurélien Aptel
0 siblings, 1 reply; 4+ messages in thread
From: Steve French @ 2021-06-21 20:57 UTC (permalink / raw)
To: Shyam Prasad N; +Cc: CIFS
There are two cases (see below) in sid_to_id where errors occur
mapping the uid but the rc which is set is overwritten (reset to 0
before return).
saved_cred = override_creds(root_cred);
sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
if (IS_ERR(sidkey)) {
rc = -EINVAL;
cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
__func__, sidstr, sidtype == SIDOWNER ? 'u' : 'g');
goto out_revert_creds;
}
/*
* FIXME: Here we assume that uid_t and gid_t are same size. It's
* probably a safe assumption but might be better to check based on
* sidtype.
*/
BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));
if (sidkey->datalen != sizeof(uid_t)) {
rc = -EIO;
cifs_dbg(FYI, "%s: Downcall contained malformed key
(datalen=%hu)\n",
__func__, sidkey->datalen);
key_invalidate(sidkey);
goto out_key_put;
}
since later in the function we do:
out_key_put:
key_put(sidkey);
out_revert_creds:
revert_creds(saved_cred);
kfree(sidstr);
/*
* Note that we return 0 here unconditionally. If the mapping
* fails then we just fall back to using the ctx->linux_uid/linux_gid.
*/
got_valid_id:
rc = 0;
if (sidtype == SIDOWNER)
fattr->cf_uid = fuid;
else
fattr->cf_gid = fgid;
return rc;
}
Any thoughts on whether it would be better to return the errors, or
continue the current strategy of simply using the default uid/gid for
the mount and returning 0 (and removing the two places above where we
set rc to non zero values, since rc will be overwritten with 0)?
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: 2 error cases in sid_to_id are ignored
2021-06-21 20:57 2 error cases in sid_to_id are ignored Steve French
@ 2021-06-22 10:18 ` Aurélien Aptel
2021-06-22 19:05 ` Steve French
0 siblings, 1 reply; 4+ messages in thread
From: Aurélien Aptel @ 2021-06-22 10:18 UTC (permalink / raw)
To: Steve French, Shyam Prasad N; +Cc: CIFS
Steve French <smfrench@gmail.com> writes:
> Any thoughts on whether it would be better to return the errors, or
> continue the current strategy of simply using the default uid/gid for
> the mount and returning 0 (and removing the two places above where we
> set rc to non zero values, since rc will be overwritten with 0)?
My opinion: I think best-effort would be better, so returning things as
default uid/gid (or possibly root).
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: 2 error cases in sid_to_id are ignored
2021-06-22 10:18 ` Aurélien Aptel
@ 2021-06-22 19:05 ` Steve French
2021-06-22 19:16 ` Steve French
0 siblings, 1 reply; 4+ messages in thread
From: Steve French @ 2021-06-22 19:05 UTC (permalink / raw)
To: Aurélien Aptel; +Cc: Shyam Prasad N, CIFS
Should we make the error noisier?
Perhaps we could add a dynamic trace point for failed id mappings so
we could debug these if problems with the upcall, malformed ids/SIDs
etc?
On Tue, Jun 22, 2021 at 5:18 AM Aurélien Aptel <aaptel@suse.com> wrote:
>
> Steve French <smfrench@gmail.com> writes:
> > Any thoughts on whether it would be better to return the errors, or
> > continue the current strategy of simply using the default uid/gid for
> > the mount and returning 0 (and removing the two places above where we
> > set rc to non zero values, since rc will be overwritten with 0)?
>
> My opinion: I think best-effort would be better, so returning things as
> default uid/gid (or possibly root).
>
> Cheers,
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
> SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
> GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: 2 error cases in sid_to_id are ignored
2021-06-22 19:05 ` Steve French
@ 2021-06-22 19:16 ` Steve French
0 siblings, 0 replies; 4+ messages in thread
From: Steve French @ 2021-06-22 19:16 UTC (permalink / raw)
To: Aurélien Aptel; +Cc: Shyam Prasad N, CIFS
[-- Attachment #1: Type: text/plain, Size: 1257 bytes --]
OK - removed the two places where rc is set uselessly.
Patch attached
On Tue, Jun 22, 2021 at 2:05 PM Steve French <smfrench@gmail.com> wrote:
>
> Should we make the error noisier?
>
> Perhaps we could add a dynamic trace point for failed id mappings so
> we could debug these if problems with the upcall, malformed ids/SIDs
> etc?
>
> On Tue, Jun 22, 2021 at 5:18 AM Aurélien Aptel <aaptel@suse.com> wrote:
> >
> > Steve French <smfrench@gmail.com> writes:
> > > Any thoughts on whether it would be better to return the errors, or
> > > continue the current strategy of simply using the default uid/gid for
> > > the mount and returning 0 (and removing the two places above where we
> > > set rc to non zero values, since rc will be overwritten with 0)?
> >
> > My opinion: I think best-effort would be better, so returning things as
> > default uid/gid (or possibly root).
> >
> > Cheers,
> > --
> > Aurélien Aptel / SUSE Labs Samba Team
> > GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
> > SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
> > GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
> >
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
[-- Attachment #2: 0001-cifs-remove-two-cases-where-rc-is-set-unnecessarily-.patch --]
[-- Type: text/x-patch, Size: 1434 bytes --]
From 7c3cbf7dbc5d67ba4b3df4a502fbc2441aedd36a Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Tue, 22 Jun 2021 14:07:36 -0500
Subject: [PATCH] cifs: remove two cases where rc is set unnecessarily in
sid_to_id
In both these cases sid_to_id unconditionally returned success, and
used the default uid/gid for the mount, so setting rc is confusing
and simply gets overwritten (set to 0) later in the function.
Addresses-Coverity: 1491672 ("Unused value")
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/cifs/cifsacl.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 3898a9e6d3c6..5ec5d9d24032 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -397,7 +397,6 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid,
saved_cred = override_creds(root_cred);
sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
if (IS_ERR(sidkey)) {
- rc = -EINVAL;
cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
__func__, sidstr, sidtype == SIDOWNER ? 'u' : 'g');
goto out_revert_creds;
@@ -410,7 +409,6 @@ sid_to_id(struct cifs_sb_info *cifs_sb, struct cifs_sid *psid,
*/
BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));
if (sidkey->datalen != sizeof(uid_t)) {
- rc = -EIO;
cifs_dbg(FYI, "%s: Downcall contained malformed key (datalen=%hu)\n",
__func__, sidkey->datalen);
key_invalidate(sidkey);
--
2.30.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-22 19:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-21 20:57 2 error cases in sid_to_id are ignored Steve French
2021-06-22 10:18 ` Aurélien Aptel
2021-06-22 19:05 ` Steve French
2021-06-22 19:16 ` Steve French
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).