On Thu, Mar 17, 2016 at 7:13 AM, Alexey Dvoichenkov <xale@xxxxxxxxxxxxxx> wrote:
> Hello. I've found a small bug in what appears to be the maximum file
> size handling code.
>
> The problem here, as far as I understand, is that casting from an
> unsigned type to a signed type, when the latter cannot represent the
> arithmetic value of the former, is UB. In practice, under the PaX size
> overflow protection, this code crashes when mounting from FreeBSD
> servers that send "all ones" in the size field.
>
> Not sure I'm doing things right with the list and I'm not subscribed, so
> please CC.
>
> The fix should look something like this:
>
> --- fs/nfs/internal.h.orig 2015-11-02 10:05:25.000000000 +1000
> +++ fs/nfs/internal.h 2016-01-02 03:19:04.599120855 +1000
> @@ -612,9 +612,9 @@
> static inline
> void nfs_super_set_maxbytes(struct super_block *sb, __u64 maxfilesize)
> {
> + if (maxfilesize > MAX_LFS_FILESIZE || maxfilesize == 0)
> + maxfilesize = MAX_LFS_FILESIZE;
> sb->s_maxbytes = (loff_t)maxfilesize;
> - if (sb->s_maxbytes > MAX_LFS_FILESIZE || sb->s_maxbytes <= 0)
> - sb->s_maxbytes = MAX_LFS_FILESIZE;
> }
>
Why are we having to change _correct_ code in order to work with a
checking tool?
Trond
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
