On Thu, Mar 17, 2016 at 7:13 AM, Alexey Dvoichenkov <xale@xxxxxxxxxxxxxx> wrote: > Hello. I've found a small bug in what appears to be the maximum file > size handling code. > > The problem here, as far as I understand, is that casting from an > unsigned type to a signed type, when the latter cannot represent the > arithmetic value of the former, is UB. In practice, under the PaX size > overflow protection, this code crashes when mounting from FreeBSD > servers that send "all ones" in the size field. > > Not sure I'm doing things right with the list and I'm not subscribed, so > please CC. > > The fix should look something like this: > > --- fs/nfs/internal.h.orig 2015-11-02 10:05:25.000000000 +1000 > +++ fs/nfs/internal.h 2016-01-02 03:19:04.599120855 +1000 > @@ -612,9 +612,9 @@ > static inline > void nfs_super_set_maxbytes(struct super_block *sb, __u64 maxfilesize) > { > + if (maxfilesize > MAX_LFS_FILESIZE || maxfilesize == 0) > + maxfilesize = MAX_LFS_FILESIZE; > sb->s_maxbytes = (loff_t)maxfilesize; > - if (sb->s_maxbytes > MAX_LFS_FILESIZE || sb->s_maxbytes <= 0) > - sb->s_maxbytes = MAX_LFS_FILESIZE; > } > Why are we having to change _correct_ code in order to work with a checking tool? Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html