On Thu 14-03-24 16:36:56, Nikita Kiryushin wrote:
>
> Unsigned size_t len in copy_fid_info_to_user is checked
> for negative value. This check is redundant as it is
> always false.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 5e469c830fdb ("fanotify: copy event fid info to user")
> Signed-off-by: Nikita Kiryushin <kiryushin@xxxxxxxx>
Looks good. Added to my tree. Thanks!
Honza
> ---
> fs/notify/fanotify/fanotify_user.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> index fbdc63cc10d9..4201723357cf 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -502,7 +502,7 @@ static int copy_fid_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh,
> }
> /* Pad with 0's */
> - WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
> + WARN_ON_ONCE(len >= FANOTIFY_EVENT_ALIGN);
> if (len > 0 && clear_user(buf, len))
> return -EFAULT;
> --
> 2.34.1
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
