[PATCH 03/20] SUNRPC: Fix some signed v. unsigned comparisons in xprtsock.c

[PATCH 03/20] SUNRPC: Fix some signed v. unsigned comparisons in xprtsock.c

[Chuck Lever]

Currently these are not harmful because the range of "len" is less than the
size of a page.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

 net/sunrpc/xprtsock.c |   18 ++++++++++++++----
 1 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 4ae7eed..274f235 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -338,7 +338,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
 		if (remainder != 0 || more)
 			flags |= MSG_MORE;
 		err = sock->ops->sendpage(sock, *ppage, base, len, flags);
-		if (remainder == 0 || err != len)
+		if (err < 0 || (unsigned int)err != len)
+			break;
+
+		if (remainder == 0)
 			break;
 		sent += err;
 		ppage++;
@@ -377,8 +380,12 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
 	if (base < xdr->head[0].iov_len || addr != NULL) {
 		unsigned int len = xdr->head[0].iov_len - base;
 		remainder -= len;
-		err = xs_send_kvec(sock, addr, addrlen, &xdr->head[0], base, remainder != 0);
-		if (remainder == 0 || err != len)
+		err = xs_send_kvec(sock, addr, addrlen, &xdr->head[0],
+				   base, remainder != 0);
+		if (err < 0 || (unsigned int)err != len)
+			goto out;
+
+		if (remainder == 0)
 			goto out;
 		sent += err;
 		base = 0;
@@ -389,7 +396,10 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
 		unsigned int len = xdr->page_len - base;
 		remainder -= len;
 		err = xs_send_pagedata(sock, xdr, base, remainder != 0);
-		if (remainder == 0 || err != len)
+		if (err < 0 || (unsigned int)err != len)
+			goto out;
+
+		if (remainder == 0)
 			goto out;
 		sent += err;
 		base = 0;


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [PATCH 03/20] SUNRPC: Fix some signed v. unsigned comparisons in xprtsock.c

[Trond Myklebust]

On Mon, 2007-08-06 at 11:56 -0400, Chuck Lever wrote:
> Currently these are not harmful because the range of "len" is less than the
> size of a page.

NACK. It is always safe to test an unsigned quantity against a signed
quantity for equality, _provided_ that the two quantities are the same
size. Since we're comparing an unsigned int to an int, that is clearly
the case here.

The explicit cast is not only unnecessary, but it is actually bad, since
it may obscure any future comparison errors should we ever for some
reason decide to change the size of err.

Trond

> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
> 
>  net/sunrpc/xprtsock.c |   18 ++++++++++++++----
>  1 files changed, 14 insertions(+), 4 deletions(-)
> 
> diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
> index 4ae7eed..274f235 100644
> --- a/net/sunrpc/xprtsock.c
> +++ b/net/sunrpc/xprtsock.c
> @@ -338,7 +338,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
>  		if (remainder != 0 || more)
>  			flags |= MSG_MORE;
>  		err = sock->ops->sendpage(sock, *ppage, base, len, flags);
> -		if (remainder == 0 || err != len)
> +		if (err < 0 || (unsigned int)err != len)
> +			break;
> +
> +		if (remainder == 0)
>  			break;
>  		sent += err;
>  		ppage++;
> @@ -377,8 +380,12 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
>  	if (base < xdr->head[0].iov_len || addr != NULL) {
>  		unsigned int len = xdr->head[0].iov_len - base;
>  		remainder -= len;
> -		err = xs_send_kvec(sock, addr, addrlen, &xdr->head[0], base, remainder != 0);
> -		if (remainder == 0 || err != len)
> +		err = xs_send_kvec(sock, addr, addrlen, &xdr->head[0],
> +				   base, remainder != 0);
> +		if (err < 0 || (unsigned int)err != len)
> +			goto out;
> +
> +		if (remainder == 0)
>  			goto out;
>  		sent += err;
>  		base = 0;
> @@ -389,7 +396,10 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
>  		unsigned int len = xdr->page_len - base;
>  		remainder -= len;
>  		err = xs_send_pagedata(sock, xdr, base, remainder != 0);
> -		if (remainder == 0 || err != len)
> +		if (err < 0 || (unsigned int)err != len)
> +			goto out;
> +
> +		if (remainder == 0)
>  			goto out;
>  		sent += err;
>  		base = 0;
> 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [PATCH 03/20] SUNRPC: Fix some signed v. unsigned comparisons in xprtsock.c

[Chuck Lever]

[-- Attachment #1: Type: text/plain, Size: 1246 bytes --]

Trond Myklebust wrote:
> On Mon, 2007-08-06 at 11:56 -0400, Chuck Lever wrote:
>> Currently these are not harmful because the range of "len" is less than the
>> size of a page.
> 
> NACK. It is always safe to test an unsigned quantity against a signed
> quantity for equality, _provided_ that the two quantities are the same
> size. Since we're comparing an unsigned int to an int, that is clearly
> the case here.
> 
> The explicit cast is not only unnecessary, but it is actually bad, since
> it may obscure any future comparison errors should we ever for some
> reason decide to change the size of err.

As an aside, the purpose of the patches fixing these casts is not just 
to correct run-time bugs, but also to eliminate compiler and sparse 
warnings, which in some cases are simply extraneous noise due to 
compiler pickiness, but can sometimes be nasty bugs (as we found out in 
fs/nfs/direct.c, recently).

Eventually I think we should use sparse as part of a check-in test 
suite, and -Wall all the time for building both fs/nfs and net/sunrpc, 
as this setting does catch valid bugs.  In that event, eliminating 
spurious compiler and sparse warnings will cut down on noise and make it 
easy to spot new problems as we are developing.

[-- Attachment #2: chuck.lever.vcf --]
[-- Type: text/x-vcard, Size: 290 bytes --]

begin:vcard
fn:Chuck Lever
n:Lever;Chuck
org:Oracle Corporation;Corporate Architecture: Linux Projects Group
adr:;;1015 Granger Avenue;Ann Arbor;MI;48104;USA
title:Principal Member of Staff
tel;work:+1 248 614 5091
x-mozilla-html:FALSE
url:http://oss.oracle.com/~cel
version:2.1
end:vcard


[-- Attachment #3: Type: text/plain, Size: 315 bytes --]

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

[-- Attachment #4: Type: text/plain, Size: 140 bytes --]

_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

Re: [PATCH 03/20] SUNRPC: Fix some signed v. unsigned comparisons in xprtsock.c

[Trond Myklebust]

On Mon, 2007-08-13 at 10:10 -0400, Chuck Lever wrote:
> Trond Myklebust wrote:
> > On Mon, 2007-08-06 at 11:56 -0400, Chuck Lever wrote:
> >> Currently these are not harmful because the range of "len" is less than the
> >> size of a page.
> > 
> > NACK. It is always safe to test an unsigned quantity against a signed
> > quantity for equality, _provided_ that the two quantities are the same
> > size. Since we're comparing an unsigned int to an int, that is clearly
> > the case here.
> > 
> > The explicit cast is not only unnecessary, but it is actually bad, since
> > it may obscure any future comparison errors should we ever for some
> > reason decide to change the size of err.
> 
> As an aside, the purpose of the patches fixing these casts is not just 
> to correct run-time bugs, but also to eliminate compiler and sparse 
> warnings, which in some cases are simply extraneous noise due to 
> compiler pickiness, but can sometimes be nasty bugs (as we found out in 
> fs/nfs/direct.c, recently).
> 
> Eventually I think we should use sparse as part of a check-in test 
> suite, and -Wall all the time for building both fs/nfs and net/sunrpc, 
> as this setting does catch valid bugs.  In that event, eliminating 
> spurious compiler and sparse warnings will cut down on noise and make it 
> easy to spot new problems as we are developing.

With which sparse options are you seeing complaints? I've been running
the latest version of sparse from the git tree with -Wall on both x86_64
and i686 without seeing any reports of a problem with that code.

Anyhow, the policy should be that explicit casts are used only as a last
resort in order to fix a bug. Since we're doing a comparison for
equality on two objects that are guaranteed by the C spec to be the same
size, I can't see why we should have a bug.

Trond


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs