| Message ID | 20210603215657.154776-1-colin.king@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [next] netdevsim: Fix unsigned being compared to less than zero | expand |
Hello: This patch was applied to netdev/net-next.git (refs/heads/master): On Thu, 3 Jun 2021 22:56:57 +0100 you wrote: > From: Colin Ian King <colin.king@canonical.com> > > The comparison of len < 0 is always false because len is a size_t. Fix > this by making len a ssize_t instead. > > Addresses-Coverity: ("Unsigned compared against 0") > Fixes: d395381909a3 ("netdevsim: Add max_vfs to bus_dev") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > [...] Here is the summary with links: - [next] netdevsim: Fix unsigned being compared to less than zero https://git.kernel.org/netdev/net-next/c/ebbf5fcb94a7 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
On 6/4/21 12:56 AM, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The comparison of len < 0 is always false because len is a size_t. Fix > this by making len a ssize_t instead. > > Addresses-Coverity: ("Unsigned compared against 0") > Fixes: d395381909a3 ("netdevsim: Add max_vfs to bus_dev") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > drivers/net/netdevsim/bus.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/netdevsim/bus.c b/drivers/net/netdevsim/bus.c > index b56003dfe3cc..ccec29970d5b 100644 > --- a/drivers/net/netdevsim/bus.c > +++ b/drivers/net/netdevsim/bus.c > @@ -111,7 +111,7 @@ ssize_t nsim_bus_dev_max_vfs_read(struct file *file, > { > struct nsim_bus_dev *nsim_bus_dev = file->private_data; > char buf[11]; > - size_t len; > + ssize_t len; > > len = snprintf(buf, sizeof(buf), "%u\n", nsim_bus_dev->max_vfs); > if (len < 0) > Thanks.
On Thu, Jun 03, 2021 at 10:56:57PM +0100, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The comparison of len < 0 is always false because len is a size_t. Fix > this by making len a ssize_t instead. > > Addresses-Coverity: ("Unsigned compared against 0") > Fixes: d395381909a3 ("netdevsim: Add max_vfs to bus_dev") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > drivers/net/netdevsim/bus.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/netdevsim/bus.c b/drivers/net/netdevsim/bus.c > index b56003dfe3cc..ccec29970d5b 100644 > --- a/drivers/net/netdevsim/bus.c > +++ b/drivers/net/netdevsim/bus.c > @@ -111,7 +111,7 @@ ssize_t nsim_bus_dev_max_vfs_read(struct file *file, > { > struct nsim_bus_dev *nsim_bus_dev = file->private_data; > char buf[11]; > - size_t len; > + ssize_t len; > > len = snprintf(buf, sizeof(buf), "%u\n", nsim_bus_dev->max_vfs); > if (len < 0) The snprintf() in the kernel can't return negatives, but if there isn't enough space then it returns >= sizeof(buf) so this would lead to an information leak. So the right thing to do is change it to scnprintf() and delete the check if (len < 0) check. regards, dan carpenter
diff --git a/drivers/net/netdevsim/bus.c b/drivers/net/netdevsim/bus.c index b56003dfe3cc..ccec29970d5b 100644 --- a/drivers/net/netdevsim/bus.c +++ b/drivers/net/netdevsim/bus.c @@ -111,7 +111,7 @@ ssize_t nsim_bus_dev_max_vfs_read(struct file *file, { struct nsim_bus_dev *nsim_bus_dev = file->private_data; char buf[11]; - size_t len; + ssize_t len; len = snprintf(buf, sizeof(buf), "%u\n", nsim_bus_dev->max_vfs); if (len < 0)