diff options
author | Namjae Jeon <namjae.jeon@samsung.com> | 2021-07-08 05:32:27 +0200 |
---|---|---|
committer | Namjae Jeon <namjae.jeon@samsung.com> | 2021-07-09 01:23:16 +0200 |
commit | 3867369ef8f760155da684e10d29e0bf9b733b48 (patch) | |
tree | a21de9c280e4ef703c08ced0fe7100aa13dbe552 /fs/ksmbd/vfs_cache.c | |
parent | ksmbd: fix memory leak in smb_inherit_dacl() (diff) | |
download | linux-3867369ef8f760155da684e10d29e0bf9b733b48.tar.xz linux-3867369ef8f760155da684e10d29e0bf9b733b48.zip |
ksmbd: change data type of volatile/persistent id to u64
This patch change data type of volatile/persistent id to u64 to make
issue from idr_find and idr_remove(). !HAS_FILE_ID check will protect
integer overflow issue from idr_find and idr_remove().
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd/vfs_cache.c')
-rw-r--r-- | fs/ksmbd/vfs_cache.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/fs/ksmbd/vfs_cache.c b/fs/ksmbd/vfs_cache.c index 1941ad3f5aa5..c54c605637a0 100644 --- a/fs/ksmbd/vfs_cache.c +++ b/fs/ksmbd/vfs_cache.c @@ -277,7 +277,7 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp) { - if (!HAS_FILE_ID(fp->persistent_id)) + if (!has_file_id(fp->persistent_id)) return; write_lock(&global_ft.lock); @@ -287,7 +287,7 @@ static void __ksmbd_remove_durable_fd(struct ksmbd_file *fp) static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp) { - if (!HAS_FILE_ID(fp->volatile_id)) + if (!has_file_id(fp->volatile_id)) return; write_lock(&fp->f_ci->m_lock); @@ -327,10 +327,13 @@ static struct ksmbd_file *ksmbd_fp_get(struct ksmbd_file *fp) } static struct ksmbd_file *__ksmbd_lookup_fd(struct ksmbd_file_table *ft, - unsigned int id) + u64 id) { struct ksmbd_file *fp; + if (!has_file_id(id)) + return NULL; + read_lock(&ft->lock); fp = idr_find(ft->idr, id); if (fp) @@ -359,12 +362,12 @@ static void set_close_state_blocked_works(struct ksmbd_file *fp) spin_unlock(&fp->f_lock); } -int ksmbd_close_fd(struct ksmbd_work *work, unsigned int id) +int ksmbd_close_fd(struct ksmbd_work *work, u64 id) { struct ksmbd_file *fp; struct ksmbd_file_table *ft; - if (!HAS_FILE_ID(id)) + if (!has_file_id(id)) return 0; ft = &work->sess->file_table; @@ -404,12 +407,12 @@ static bool __sanity_check(struct ksmbd_tree_connect *tcon, struct ksmbd_file *f return true; } -struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, unsigned int id) +struct ksmbd_file *ksmbd_lookup_foreign_fd(struct ksmbd_work *work, u64 id) { return __ksmbd_lookup_fd(&work->sess->file_table, id); } -struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id) +struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, u64 id) { struct ksmbd_file *fp = __ksmbd_lookup_fd(&work->sess->file_table, id); @@ -420,19 +423,16 @@ struct ksmbd_file *ksmbd_lookup_fd_fast(struct ksmbd_work *work, unsigned int id return NULL; } -struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, unsigned int id, - unsigned int pid) +struct ksmbd_file *ksmbd_lookup_fd_slow(struct ksmbd_work *work, u64 id, + u64 pid) { struct ksmbd_file *fp; - if (!HAS_FILE_ID(id)) { + if (!has_file_id(id)) { id = work->compound_fid; pid = work->compound_pfid; } - if (!HAS_FILE_ID(id)) - return NULL; - fp = __ksmbd_lookup_fd(&work->sess->file_table, id); if (!__sanity_check(work->tcon, fp)) { ksmbd_fd_put(work, fp); @@ -494,7 +494,7 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct inode *inode) #define OPEN_ID_TYPE_VOLATILE_ID (0) #define OPEN_ID_TYPE_PERSISTENT_ID (1) -static void __open_id_set(struct ksmbd_file *fp, unsigned int id, int type) +static void __open_id_set(struct ksmbd_file *fp, u64 id, int type) { if (type == OPEN_ID_TYPE_VOLATILE_ID) fp->volatile_id = id; @@ -505,7 +505,7 @@ static void __open_id_set(struct ksmbd_file *fp, unsigned int id, int type) static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp, int type) { - unsigned int id = 0; + u64 id = 0; int ret; if (type == OPEN_ID_TYPE_VOLATILE_ID && fd_limit_depleted()) { @@ -515,7 +515,7 @@ static int __open_id(struct ksmbd_file_table *ft, struct ksmbd_file *fp, idr_preload(GFP_KERNEL); write_lock(&ft->lock); - ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX, GFP_NOWAIT); + ret = idr_alloc_cyclic(ft->idr, fp, 0, INT_MAX - 1, GFP_NOWAIT); if (ret >= 0) { id = ret; ret = 0; |