Re: [PATCH 2.6] Check return value of copy_to_user in fs/cifs/file.c [Re: Linux 2.6.11-rc4]
On Sun, Feb 13, 2005 at 04:44:16PM +0100, Luca wrote:
> Linus Torvalds <[EMAIL PROTECTED]> ha scritto:
> > this is hopefully the last -rc kernel before the real 2.6.11, so please
> > give it a whirl, and complain loudly about anything broken.
>
> The following patch against 2.6.11-rc4 fixes this compile time warning:
>
> CC [M] fs/cifs/file.o
> fs/cifs/file.c: In function `cifs_user_read':
> fs/cifs/file.c:1168: warning: ignoring return value of
> `copy_to_user', declared with attribute warn_unused_result
>
> I also added an explicit check for errors other than -EAGAIN, since
> CIFSSMBRead may return -ENOMEM if it's unable to allocate smb_com_read_rsp;
> in that case we don't want to call copy_to_user with a NULL pointer.
>
> Signed-off-by: Luca Tettamanti <[EMAIL PROTECTED]>
>
> --- a/fs/cifs/file.c 2005-02-03 17:58:07.0 +0100
> +++ b/fs/cifs/file.c 2005-02-03 18:17:37.0 +0100
> @@ -1151,7 +1151,7 @@
> current_read_size = min_t(const int,read_size -
> total_read,cifs_sb->rsize);
> rc = -EAGAIN;
> smb_read_data = NULL;
> - while(rc == -EAGAIN) {
> + while(1) {
> if ((open_file->invalidHandle) &&
> (!open_file->closePend)) {
> rc = cifs_reopen_file(file->f_dentry->d_inode,
> file,TRUE);
> @@ -1164,13 +1164,22 @@
>current_read_size, *poffset,
>_read, _read_data);
>
> + if (rc == -EAGAIN)
> + continue;
> + else
> + break;
> +
> pSMBr = (struct smb_com_read_rsp *)smb_read_data;
^
Perhaps this line and the following lines are never executed with your
patch, am I right?
> - copy_to_user(current_offset,smb_read_data + 4/* RFC1001
> hdr*/
> + rc = copy_to_user(current_offset,smb_read_data + 4/*
> RFC1001 hdr*/
> + le16_to_cpu(pSMBr->DataOffset), bytes_read);
> if(smb_read_data) {
> cifs_buf_release(smb_read_data);
> smb_read_data = NULL;
> }
> + if (rc) {
> + FreeXid(xid);
> + return -EFAULT;
> + }
> }
> if (rc || (bytes_read == 0)) {
> if (total_read) {
>
>
--
Marcel Sebek
jabber: [EMAIL PROTECTED] ICQ: 279852819
linux user number: 307850 GPG ID: 5F88735E
GPG FP: 0F01 BAB8 3148 94DB B95D 1FCA 8B63 CA06 5F88 735E
signature.asc
Description: Digital signature
Re: [PATCH 2.6] Check return value of copy_to_user in fs/cifs/file.c [Re: Linux 2.6.11-rc4]
On Sun, Feb 13, 2005 at 04:44:16PM +0100, Luca wrote:
Linus Torvalds [EMAIL PROTECTED] ha scritto:
this is hopefully the last -rc kernel before the real 2.6.11, so please
give it a whirl, and complain loudly about anything broken.
The following patch against 2.6.11-rc4 fixes this compile time warning:
CC [M] fs/cifs/file.o
fs/cifs/file.c: In function `cifs_user_read':
fs/cifs/file.c:1168: warning: ignoring return value of
`copy_to_user', declared with attribute warn_unused_result
I also added an explicit check for errors other than -EAGAIN, since
CIFSSMBRead may return -ENOMEM if it's unable to allocate smb_com_read_rsp;
in that case we don't want to call copy_to_user with a NULL pointer.
Signed-off-by: Luca Tettamanti [EMAIL PROTECTED]
--- a/fs/cifs/file.c 2005-02-03 17:58:07.0 +0100
+++ b/fs/cifs/file.c 2005-02-03 18:17:37.0 +0100
@@ -1151,7 +1151,7 @@
current_read_size = min_t(const int,read_size -
total_read,cifs_sb-rsize);
rc = -EAGAIN;
smb_read_data = NULL;
- while(rc == -EAGAIN) {
+ while(1) {
if ((open_file-invalidHandle)
(!open_file-closePend)) {
rc = cifs_reopen_file(file-f_dentry-d_inode,
file,TRUE);
@@ -1164,13 +1164,22 @@
current_read_size, *poffset,
bytes_read, smb_read_data);
+ if (rc == -EAGAIN)
+ continue;
+ else
+ break;
+
pSMBr = (struct smb_com_read_rsp *)smb_read_data;
^
Perhaps this line and the following lines are never executed with your
patch, am I right?
- copy_to_user(current_offset,smb_read_data + 4/* RFC1001
hdr*/
+ rc = copy_to_user(current_offset,smb_read_data + 4/*
RFC1001 hdr*/
+ le16_to_cpu(pSMBr-DataOffset), bytes_read);
if(smb_read_data) {
cifs_buf_release(smb_read_data);
smb_read_data = NULL;
}
+ if (rc) {
+ FreeXid(xid);
+ return -EFAULT;
+ }
}
if (rc || (bytes_read == 0)) {
if (total_read) {
--
Marcel Sebek
jabber: [EMAIL PROTECTED] ICQ: 279852819
linux user number: 307850 GPG ID: 5F88735E
GPG FP: 0F01 BAB8 3148 94DB B95D 1FCA 8B63 CA06 5F88 735E
signature.asc
Description: Digital signature
