| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Dec 2008 23:51:06 +0100
From: Roel Kluin <roel.kluin@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: wli@...omorphy.com, linux-kernel@...r.kernel.org
Subject: [PATCH v2] hugetlb: unsigned ret cannot be negative.
Andrew Morton wrote:
> On Sat, 29 Nov 2008 06:36:59 -0500
> roel kluin <roel.kluin@...il.com> wrote:
>
>> unsigned long ret cannot be negative, but ret can get -EFAULT.
>>
>> Signed-off-by: Roel Kluin <roel.kluin@...il.com>
>> ---
>> hugetlbfs_read_actor() returns int,
>> see
>> vi fs/hugetlbfs/inode.c +187
>>
>> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
>> index 61edc70..0af64e4 100644
>> --- a/fs/hugetlbfs/inode.c
>> +++ b/fs/hugetlbfs/inode.c
>> @@ -252,6 +252,7 @@ static ssize_t hugetlbfs_read(struct file *filp, char __user *buf,
>> for (;;) {
>> struct page *page;
>> unsigned long nr, ret;
>> + int ra;
>>
>> /* nr is the maximum number of bytes to copy from this page */
>> nr = huge_page_size(h);
>> @@ -279,15 +280,16 @@ static ssize_t hugetlbfs_read(struct file *filp, char __user *buf,
>> /*
>> * We have the page, copy it to user space buffer.
>> */
>> - ret = hugetlbfs_read_actor(page, offset, buf, len, nr);
>> + ra = hugetlbfs_read_actor(page, offset, buf, len, nr);
>> }
>> - if (ret < 0) {
>> + if (ra < 0) {
> `ra' can obviously be used uninitialised here. The compiler reports
> this, too.
Yes, it was incomplete as well, sorry. This should be OK.
(checkpatch tested)
--------------->8----------------8<---------------------
unsigned long ret cannot be negative, but ret can get -EFAULT.
Signed-off-by: Roel Kluin <roel.kluin@...il.com>
---
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index 61edc70..07fa7e3 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -252,6 +252,7 @@ static ssize_t hugetlbfs_read(struct file *filp, char __user *buf,
for (;;) {
struct page *page;
unsigned long nr, ret;
+ int ra;
/* nr is the maximum number of bytes to copy from this page */
nr = huge_page_size(h);
@@ -274,16 +275,19 @@ static ssize_t hugetlbfs_read(struct file *filp, char __user *buf,
*/
ret = len < nr ? len : nr;
if (clear_user(buf, ret))
- ret = -EFAULT;
+ ra = -EFAULT;
+ else
+ ra = 0;
} else {
/*
* We have the page, copy it to user space buffer.
*/
- ret = hugetlbfs_read_actor(page, offset, buf, len, nr);
+ ra = hugetlbfs_read_actor(page, offset, buf, len, nr);
+ ret = ra;
}
- if (ret < 0) {
+ if (ra < 0) {
if (retval == 0)
- retval = ret;
+ retval = ra;
if (page)
page_cache_release(page);
goto out;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists