From 7cdafe6cc4a6ee94c56a5c96d6edd80d066d5a3b Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Wed, 24 May 2023 18:48:25 +0300 Subject: [PATCH] exportfs: check for error return value from exportfs_encode_*() The exportfs_encode_*() helpers call the filesystem ->encode_fh() method which returns a signed int. All the in-tree implementations of ->encode_fh() return a positive integer and FILEID_INVALID (255) for error. Fortify the callers for possible future ->encode_fh() implementation that will return a negative error value. name_to_handle_at() would propagate the returned error to the users if filesystem ->encode_fh() method returns an error. Reported-by: Dan Carpenter Link: https://lore.kernel.org/linux-fsdevel/ca02955f-1877-4fde-b453-3c1d22794740@kili.mountain/ Signed-off-by: Amir Goldstein Reviewed-by: Jeff Layton Signed-off-by: Jan Kara Message-Id: <20230524154825.881414-1-amir73il@gmail.com> --- fs/fhandle.c | 5 +++-- fs/nfsd/nfsfh.c | 4 +++- fs/notify/fanotify/fanotify.c | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/fs/fhandle.c b/fs/fhandle.c index 4a635cf..fd0d6a3 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -57,18 +57,19 @@ static long do_sys_name_to_handle(const struct path *path, handle_bytes = handle_dwords * sizeof(u32); handle->handle_bytes = handle_bytes; if ((handle->handle_bytes > f_handle.handle_bytes) || - (retval == FILEID_INVALID) || (retval == -ENOSPC)) { + (retval == FILEID_INVALID) || (retval < 0)) { /* As per old exportfs_encode_fh documentation * we could return ENOSPC to indicate overflow * But file system returned 255 always. So handle * both the values */ + if (retval == FILEID_INVALID || retval == -ENOSPC) + retval = -EOVERFLOW; /* * set the handle size to zero so we copy only * non variable part of the file_handle */ handle_bytes = 0; - retval = -EOVERFLOW; } else retval = 0; /* copy the mount id */ diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index 31e4505..0f5eaca 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -416,9 +416,11 @@ static void _fh_update(struct svc_fh *fhp, struct svc_export *exp, int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4; int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 : EXPORT_FH_CONNECTABLE; + int fileid_type = + exportfs_encode_fh(dentry, fid, &maxsize, fh_flags); fhp->fh_handle.fh_fileid_type = - exportfs_encode_fh(dentry, fid, &maxsize, fh_flags); + fileid_type > 0 ? fileid_type : FILEID_INVALID; fhp->fh_handle.fh_size += maxsize * 4; } else { fhp->fh_handle.fh_fileid_type = FILEID_ROOT; diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c index d2bbf14..9dac7f6 100644 --- a/fs/notify/fanotify/fanotify.c +++ b/fs/notify/fanotify/fanotify.c @@ -445,7 +445,7 @@ static int fanotify_encode_fh(struct fanotify_fh *fh, struct inode *inode, dwords = fh_len >> 2; type = exportfs_encode_fid(inode, buf, &dwords); err = -EINVAL; - if (!type || type == FILEID_INVALID || fh_len != dwords << 2) + if (type <= 0 || type == FILEID_INVALID || fh_len != dwords << 2) goto out_err; fh->type = type; -- 2.7.4