Re: [PATCH cifs segfault ] - Aurélien Aptel

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Aurélien Aptel" <aaptel@suse.com>
To: Seth Thielemann <sthielemann@barracuda.com>,
	CIFS <linux-cifs@vger.kernel.org>
Subject: Re: [PATCH cifs segfault ]
Date: Wed, 07 Apr 2021 16:16:11 +0200	[thread overview]
Message-ID: <87blaq41uc.fsf@suse.com> (raw)
In-Reply-To: <DM6PR10MB3833579F43D640A69C4A39F8A2769@DM6PR10MB3833.namprd10.prod.outlook.com>

Seth Thielemann <sthielemann@barracuda.com> writes:
>   This definitely could be a bug with the compiler, I ran into issues adding some printk's and things just magically worked and then changed to adding asm volatile nop sentinel's to make sure I was looking at the correct sections. I still think it's a reasonable change to use the ssize_t since the rc is a ssize_t and the outbound syscall path is also a ssize_t. Best case scenario is a segfault in userspace (made things easier to track down), but will likely wind up with memory corruption otherwise.

Looking at this more I found that commit 97adda8b3ab7 fixed a very
similar issue:

-       ctx->rc = (rc == 0) ? ctx->total_len : rc;
+       ctx->rc = (rc == 0) ? (ssize_t)ctx->total_len : rc;

I think the logic is that compiler sees the "then" part as unsigned and
so casts the "else" part to unsigned as well.

In any case I think the change is good. We could change rc type in the
read path as well.

Reviewed-by: Aurelien Aptel <aaptel@suse.com>

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

next prev parent reply	other threads:[~2021-04-07 14:16 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-06 12:17 [PATCH cifs segfault ] Seth Thielemann
2021-04-06 14:28 ` Aurélien Aptel
2021-04-06 16:35   ` Seth Thielemann
2021-04-07 14:16     ` Aurélien Aptel [this message]
2021-04-09  4:18       ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87blaq41uc.fsf@suse.com \
    --to=aaptel@suse.com \
    --cc=linux-cifs@vger.kernel.org \
    --cc=sthielemann@barracuda.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.