Commit 7cdafe6c authored by Amir Goldstein's avatar Amir Goldstein Committed by Jan Kara
Browse files

exportfs: check for error return value from exportfs_encode_*() 



The exportfs_encode_*() helpers call the filesystem ->encode_fh()
method which returns a signed int.

All the in-tree implementations of ->encode_fh() return a positive
integer and FILEID_INVALID (255) for error.

Fortify the callers for possible future ->encode_fh() implementation
that will return a negative error value.

name_to_handle_at() would propagate the returned error to the users
if filesystem ->encode_fh() method returns an error.

Reported-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/linux-fsdevel/ca02955f-1877-4fde-b453-3c1d22794740@kili.mountain/


Signed-off-by: default avatarAmir Goldstein <amir73il@gmail.com>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Message-Id: <20230524154825.881414-1-amir73il@gmail.com>
parent a95aef69

fs/fhandle.c

+3 −2
Original line number Diff line number Diff line
@@ -57,18 +57,19 @@ static long do_sys_name_to_handle(const struct path *path, 
	handle_bytes = handle_dwords * sizeof(u32);

	handle->handle_bytes = handle_bytes;

	if ((handle->handle_bytes > f_handle.handle_bytes) ||

	    (retval == FILEID_INVALID) || (retval == -ENOSPC)) {

	    (retval == FILEID_INVALID) || (retval < 0)) {

		/* As per old exportfs_encode_fh documentation

		 * we could return ENOSPC to indicate overflow

		 * But file system returned 255 always. So handle

		 * both the values

		 */

		if (retval == FILEID_INVALID || retval == -ENOSPC)

			retval = -EOVERFLOW;

		/*

		 * set the handle size to zero so we copy only

		 * non variable part of the file_handle

		 */

		handle_bytes = 0;

		retval = -EOVERFLOW;

	} else

		retval = 0;

	/* copy the mount id */

fs/nfsd/nfsfh.c

+3 −1
Original line number Diff line number Diff line
@@ -416,9 +416,11 @@ static void _fh_update(struct svc_fh *fhp, struct svc_export *exp, 
		int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;

		int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 :

				EXPORT_FH_CONNECTABLE;

		int fileid_type =

			exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);



		fhp->fh_handle.fh_fileid_type =

			exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);

			fileid_type > 0 ? fileid_type : FILEID_INVALID;

		fhp->fh_handle.fh_size += maxsize * 4;

	} else {

		fhp->fh_handle.fh_fileid_type = FILEID_ROOT;

fs/notify/fanotify/fanotify.c

+1 −1
Original line number Diff line number Diff line
@@ -445,7 +445,7 @@ static int fanotify_encode_fh(struct fanotify_fh *fh, struct inode *inode, 
	dwords = fh_len >> 2;

	type = exportfs_encode_fid(inode, buf, &dwords);

	err = -EINVAL;

	if (!type || type == FILEID_INVALID || fh_len != dwords << 2)

	if (type <= 0 || type == FILEID_INVALID || fh_len != dwords << 2)

		goto out_err;



	fh->type = type;