ceph: fix type promotion bug on 32bit systems
authorDan Carpenter <dan.carpenter@linaro.org>
Sat, 7 Oct 2023 08:52:39 +0000 (11:52 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 19 Oct 2023 21:08:57 +0000 (23:08 +0200)
commit 07bb00ef00ace88dd6f695fadbba76565756e55c upstream.

In this code "ret" is type long and "src_objlen" is unsigned int.  The
problem is that on 32bit systems, when we do the comparison signed longs
are type promoted to unsigned int.  So negative error codes from
do_splice_direct() are treated as success instead of failure.

Cc: stable@vger.kernel.org
Fixes: 1b0c3b9f91f0 ("ceph: re-org copy_file_range and fix some error paths")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ceph/file.c

index 02414437d8abf09319694c7e03dbe6ac5161e838..882eccfd67e8473278da6dd373eb736bc7c14ac7 100644 (file)
@@ -2498,7 +2498,7 @@ static ssize_t __ceph_copy_file_range(struct file *src_file, loff_t src_off,
                ret = do_splice_direct(src_file, &src_off, dst_file,
                                       &dst_off, src_objlen, flags);
                /* Abort on short copies or on error */
-               if (ret < src_objlen) {
+               if (ret < (long)src_objlen) {
                        dout("Failed partial copy (%zd)\n", ret);
                        goto out;
                }