From: Shaun Tancheff Date: Sat, 31 Aug 2024 03:40:43 +0000 (+0700) Subject: LU-17000 mdt: symbolic link integer overflow X-Git-Tag: 2.16.51~70 X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=refs%2Fchanges%2F51%2F56151%2F8;p=fs%2Flustre-release.git LU-17000 mdt: symbolic link integer overflow CoverityID: 442376 ("Integer overflow") Use ssize_t to avoid narrowing CoverityID: 442114 ("Integer handling issues") mdt_getattr_internal() a theoretical underflow when subtracting from an unsigned int that could be 0 Signed-off-by: Shaun Tancheff Change-Id: I560c9cbcbfed907725b101ca90661fe8d0d6cf45 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56151 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Oleg Drokin Reviewed-by: Andreas Dilger Reviewed-by: Arshad Hussain --- diff --git a/lustre/llite/file.c b/lustre/llite/file.c index 69edde8..bc0620e 100644 --- a/lustre/llite/file.c +++ b/lustre/llite/file.c @@ -646,7 +646,7 @@ out_io: EXIT; } -static int ll_intent_file_open(struct dentry *de, void *lmm, int lmmsize, +static int ll_intent_file_open(struct dentry *de, void *lmm, ssize_t lmmsize, struct lookup_intent *itp) { struct ll_sb_info *sbi = ll_i2sbi(de->d_inode); @@ -2684,7 +2684,8 @@ static ssize_t ll_file_write(struct file *file, const char __user *buf, #endif /* !HAVE_FILE_OPERATIONS_READ_WRITE_ITER */ int ll_lov_setstripe_ea_info(struct inode *inode, struct dentry *dentry, - __u64 flags, struct lov_user_md *lum, int lum_size) + __u64 flags, struct lov_user_md *lum, + ssize_t lum_size) { struct lookup_intent oit = { .it_op = IT_OPEN, @@ -2864,7 +2865,7 @@ static int ll_lov_setea(struct inode *inode, struct file *file, { __u64 flags = MDS_OPEN_HAS_OBJS | FMODE_WRITE; struct lov_user_md *lump; - int lum_size = sizeof(*lump) + sizeof(struct lov_user_ost_data); + ssize_t lum_size = sizeof(*lump) + sizeof(struct lov_user_ost_data); int rc; ENTRY; @@ -2907,20 +2908,20 @@ static int ll_file_getstripe(struct inode *inode, void __user *lum, size_t size) RETURN(rc); } -static int ll_lov_setstripe(struct inode *inode, struct file *file, +static ssize_t ll_lov_setstripe(struct inode *inode, struct file *file, void __user *arg) { struct lov_user_md __user *lum = arg; struct lov_user_md *klum; - int lum_size, rc; + ssize_t lum_size; + int rc; __u64 flags = FMODE_WRITE; ENTRY; - rc = ll_copy_user_md(lum, &klum); - if (rc < 0) - RETURN(rc); + lum_size = ll_copy_user_md(lum, &klum); + if (lum_size < 0) + RETURN(lum_size); - lum_size = rc; rc = ll_lov_setstripe_ea_info(inode, file_dentry(file), flags, klum, lum_size); if (!rc) { diff --git a/lustre/llite/llite_internal.h b/lustre/llite/llite_internal.h index 3bc2172..de159a8 100644 --- a/lustre/llite/llite_internal.h +++ b/lustre/llite/llite_internal.h @@ -1463,7 +1463,7 @@ int ll_ioctl_ahead(struct file *file, struct llapi_lu_ladvise2 *ladvise); int ll_lov_setstripe_ea_info(struct inode *inode, struct dentry *dentry, __u64 flags, struct lov_user_md *lum, - int lum_size); + ssize_t lum_size); int ll_lov_getstripe_ea_info(struct inode *inode, const char *filename, struct lov_mds_md **lmm, int *lmm_size, struct ptlrpc_request **request); diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 9f1dbd1..2ef2755 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -1615,7 +1615,9 @@ static int mdt_getattr_internal(struct mdt_thread_info *info, /* eadatasize from client includes NULL-terminator, so * there is no need to read it */ - buffer->lb_len = reqbody->mbo_eadatasize - 1; + buffer->lb_len = 0; + if (reqbody->mbo_eadatasize > 0) + buffer->lb_len = reqbody->mbo_eadatasize - 1; rc = mo_readlink(env, next, buffer); if (unlikely(rc <= 0)) { CERROR("%s: readlink failed for "DFID": rc = %d\n",