From: Eric Biggers <ebiggers@kernel.org>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Richard Fung <richardfung@google.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] fuse: fix digest size check in fuse_setup_measure_verity()
Date: Thu, 16 Oct 2025 10:46:51 -0700 [thread overview]
Message-ID: <20251016174651.GA1575@sol> (raw)
In-Reply-To: <20251016062247.54855-1-dmantipov@yandex.ru>
On Thu, Oct 16, 2025 at 09:22:47AM +0300, Dmitry Antipov wrote:
> Wnen compiling with clang 21.1.3 and W=1, I've noticed the following:
>
> fs/fuse/ioctl.c:132:18: warning: result of comparison of constant
> 18446744073709551611 with expression of type '__u16' (aka 'unsigned
> short') is always false [-Wtautological-constant-out-of-range-compare]
> 132 | if (digest_size > SIZE_MAX - sizeof(struct fsverity_digest))
> | ~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Since the actually supported alorithms are SHA256 and SHA512, this is
> better to be replaced with the check against FS_VERITY_MAX_DIGEST_SIZE,
> which is now equal to SHA512_DIGEST_SIZE and may be adjusted if even
> stronger algorithms will be added someday. Compile tested only.
>
> Fixes: 9fe2a036a23c ("fuse: Add initial support for fs-verity")
> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
> ---
> fs/fuse/ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/fuse/ioctl.c b/fs/fuse/ioctl.c
> index fdc175e93f74..03056e6afeb3 100644
> --- a/fs/fuse/ioctl.c
> +++ b/fs/fuse/ioctl.c
> @@ -129,7 +129,7 @@ static int fuse_setup_measure_verity(unsigned long arg, struct iovec *iov)
> if (copy_from_user(&digest_size, &uarg->digest_size, sizeof(digest_size)))
> return -EFAULT;
>
> - if (digest_size > SIZE_MAX - sizeof(struct fsverity_digest))
> + if (digest_size > FS_VERITY_MAX_DIGEST_SIZE)
> return -EINVAL;
This breaks any userspace program that passes a digest_size greater than
64 bytes. It's the size of an output buffer, not an input buffer. So
it may be larger than the current max digest size.
Just delete the tautological comparison if it's causing a warning.
- Eric
prev parent reply other threads:[~2025-10-16 17:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-16 6:22 [PATCH] fuse: fix digest size check in fuse_setup_measure_verity() Dmitry Antipov
2025-10-16 17:46 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251016174651.GA1575@sol \
--to=ebiggers@kernel.org \
--cc=dmantipov@yandex.ru \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=richardfung@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox