2018-06-12 04:53:14

by Zhouyang Jia

[permalink] [raw]
Subject: [PATCH] target: add error handling for match_int

When match_int fails, the lack of error-handling code may
cause unexpected results.

This patch adds error-handling code after calling match_int.

Signed-off-by: Zhouyang Jia <[email protected]>
---
drivers/target/target_core_rd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
index a6e8106..7bc89ff 100644
--- a/drivers/target/target_core_rd.c
+++ b/drivers/target/target_core_rd.c
@@ -573,14 +573,16 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
token = match_token(ptr, tokens, args);
switch (token) {
case Opt_rd_pages:
- match_int(args, &arg);
+ if (match_int(args, &arg))
+ return -EINVAL;
rd_dev->rd_page_count = arg;
pr_debug("RAMDISK: Referencing Page"
" Count: %u\n", rd_dev->rd_page_count);
rd_dev->rd_flags |= RDF_HAS_PAGE_COUNT;
break;
case Opt_rd_nullio:
- match_int(args, &arg);
+ if (match_int(args, &arg))
+ return -EINVAL;
if (arg != 1)
break;

--
2.7.4



2018-06-12 13:25:52

by Bart Van Assche

[permalink] [raw]
Subject: Re: [PATCH] target: add error handling for match_int

On Tue, 2018-06-12 at 12:52 +0800, Zhouyang Jia wrote:
> When match_int fails, the lack of error-handling code may
> cause unexpected results.
>
> This patch adds error-handling code after calling match_int.
>
> Signed-off-by: Zhouyang Jia <[email protected]>
> ---
> drivers/target/target_core_rd.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/target/target_core_rd.c b/drivers/target/target_core_rd.c
> index a6e8106..7bc89ff 100644
> --- a/drivers/target/target_core_rd.c
> +++ b/drivers/target/target_core_rd.c
> @@ -573,14 +573,16 @@ static ssize_t rd_set_configfs_dev_params(struct se_device *dev,
> token = match_token(ptr, tokens, args);
> switch (token) {
> case Opt_rd_pages:
> - match_int(args, &arg);
> + if (match_int(args, &arg))
> + return -EINVAL;
> rd_dev->rd_page_count = arg;
> pr_debug("RAMDISK: Referencing Page"
> " Count: %u\n", rd_dev->rd_page_count);
> rd_dev->rd_flags |= RDF_HAS_PAGE_COUNT;
> break;
> case Opt_rd_nullio:
> - match_int(args, &arg);
> + if (match_int(args, &arg))
> + return -EINVAL;
> if (arg != 1)
> break;
>

Please return the error code returned by match_int() instead of -EINVAL.

Thanks,

Bart.



2018-06-12 21:23:22

by James Bottomley

[permalink] [raw]
Subject: Re: [PATCH] target: add error handling for match_int

On Tue, 2018-06-12 at 12:52 +0800, Zhouyang Jia wrote:
> When match_int fails, the lack of error-handling code may
> cause unexpected results.
>
> This patch adds error-handling code after calling match_int.
>
> Signed-off-by: Zhouyang Jia <[email protected]>
> ---
>  drivers/target/target_core_rd.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/target/target_core_rd.c
> b/drivers/target/target_core_rd.c
> index a6e8106..7bc89ff 100644
> --- a/drivers/target/target_core_rd.c
> +++ b/drivers/target/target_core_rd.c
> @@ -573,14 +573,16 @@ static ssize_t
> rd_set_configfs_dev_params(struct se_device *dev,
>   token = match_token(ptr, tokens, args);
>   switch (token) {
>   case Opt_rd_pages:
> - match_int(args, &arg);
> + if (match_int(args, &arg))
> + return -EINVAL;

The first observation is that this would leak the kmalloc'd orig
variable, but the second is that I don't think terminating parsing is
the right thing to do even if match_int() returns an error: just
ignoring this option and proceed to the next seems to be the best
course because that's what we do with unrecognised options (the
default: case).

James