From: Dan Carpenter <error27@gmail.com>
To: Roger Heflin <rogerheflin@gmail.com>
Cc: neilb@suse.de, linux-raid@vger.kernel.org,
cip-dev <cip-dev@lists.cip-project.org>
Subject: Re: [bug report] md: range check slot number when manually adding a spare.
Date: Fri, 3 Mar 2023 20:15:52 +0300 [thread overview]
Message-ID: <ZAIrSD6q1Zy2oF0b@kadam> (raw)
In-Reply-To: <CAAMCDedsGtWcwe4KY9SgdciXoHYeM+YO4U7v-QCRnL5PqQTs9A@mail.gmail.com>
On Fri, Mar 03, 2023 at 10:09:50AM -0600, Roger Heflin wrote:
> On Fri, Mar 3, 2023 at 8:31 AM Dan Carpenter <error27@gmail.com> wrote:
> >
> > [ Ancient code, but you're still at the same email address... -dan ]
> >
> > Hello NeilBrown,
> >
> > The patch ba1b41b6b4e3: "md: range check slot number when manually
> > adding a spare." from Jan 14, 2011, leads to the following Smatch
> > static checker warning:
> >
> > drivers/md/md.c:3170 slot_store() warn: no lower bound on 'slot'
> > drivers/md/md.c:3172 slot_store() warn: no lower bound on 'slot'
> > drivers/md/md.c:3190 slot_store() warn: no lower bound on 'slot'
> >
> > drivers/md/md.c
> > 3117 static ssize_t
> > 3118 slot_store(struct md_rdev *rdev, const char *buf, size_t len)
> > 3119 {
> > 3120 int slot;
> > 3121 int err;
> > 3122
> > 3123 if (test_bit(Journal, &rdev->flags))
> > 3124 return -EBUSY;
> > 3125 if (strncmp(buf, "none", 4)==0)
> > 3126 slot = -1;
> > 3127 else {
> > 3128 err = kstrtouint(buf, 10, (unsigned int *)&slot);
> >
> > slot comes from the user.
> >
> > 3129 if (err < 0)
> > 3130 return err;
> > 3131 }
>
> kstrtouint is string to unsigned int, it has this code:
>
> if (tmp != (unsigned int)tmp)
> return -ERANGE;
>
> And so will not return a negative number without an error, so 0 is the
> lower limit as enforced by the function.
Some of what you have written is correct, but your main conclusion is
wrong. The kstrtouint() gives you unsigned ints. If you take a very
large unsigned int and cast it to an int then you get a negative value
so the underflow issue is real.
Btw, in more modern code we would write:
err = kstrtoint(buf, 10, &slot);
if (err)
return err;
It still has the underflow issue... I have been wanting to say that and
resisted saying it because it was obvious to everyone. However I am
only human and can only resist the temptation to point out the obvious
for so long.
regards,
dan carpenter
next prev parent reply other threads:[~2023-03-05 22:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-03 14:13 [bug report] md: range check slot number when manually adding a spare Dan Carpenter
2023-03-03 16:09 ` Roger Heflin
2023-03-03 17:15 ` Dan Carpenter [this message]
2023-03-05 22:36 ` NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZAIrSD6q1Zy2oF0b@kadam \
--to=error27@gmail.com \
--cc=cip-dev@lists.cip-project.org \
--cc=linux-raid@vger.kernel.org \
--cc=neilb@suse.de \
--cc=rogerheflin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox