Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp841541imm;
        Wed, 4 Jul 2018 06:58:56 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdtPMl+WO6xX0BUQHnr22ZvwIN3oZvKB8cUP3diq/+W5Kb1A42jza4q3XnhOq46T18DjJqo
X-Received: by 2002:a17:902:d807:: with SMTP id a7-v6mr2225121plz.214.1530712736546;
        Wed, 04 Jul 2018 06:58:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530712736; cv=none;
        d=google.com; s=arc-20160816;
        b=RTLZMbiM+7RMnZmdx59oLGG4lS2KaG6d5J1NVSw1q2n5hQRW14lI8bpI0AlFY9d3/4
         DnnfKuD2vgg8abxGB9WENwQK3gGIjG3yidO17Y0D7HMc0ATe+SFg+B1xvVMkglA9634k
         LJBljCVRLV9GtDmTs+1cRXUy1Z6Dog5JQ0iEuZe2HRUP/Xki7U5KbnFgCU4Bwr51d5Go
         UgCVw72gQ2I18YmmfRhlXWwsVkfMT1UuMOP6TyNB39cBYT6AolN5QBwYVMnbAovfIYx/
         4JwkyftcCFcGpRJEsdR/ZVNCHjkbp072ChEljh++oPs6KG6vDgdJoZZTNJdqZ+AyWURr
         0QUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :dlp-reaction:dlp-version:dlp-product:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:arc-authentication-results;
        bh=OvG9mCWu2WgmQjj4V2KTsh4jQUUgYTzVqXXA4iwOTlI=;
        b=b++fnb0CCFRFTlAd6hlYSPg8PD913GLxFu0KiAmWXVzWEScHxyPd1aNFnJDYgf2i/Q
         6LlhnBMRmj1Gd+v0RmdoDbaJhESK5+eM5v6TzcMtOGa1zY4SJNsWzJT5NJ6Tr0+AalCA
         0NvW60ec6nsZgf1eZtZzfOH1G8O0g9g+MEiFUsvvDMdje2dD8aDRXQZzwfr6HUkB60O5
         66yFwv0GlOu0/7OInIQK1BLbx0bPV7MxUIF1WxIM/Kz6rJ/QgRPUkiipRonmwffrhrju
         mTcbEytcakNV6nWUp5xEUZgnvyqeuotUF0SJnSzSYeYC15xUJjIV/q0KnldkesXjEoF/
         9d/Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d10-v6si3840313pfg.258.2018.07.04.06.58.41;
        Wed, 04 Jul 2018 06:58:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752214AbeGDN56 convert rfc822-to-8bit (ORCPT
        <rfc822;ntypanski@gmail.com> + 99 others);
        Wed, 4 Jul 2018 09:57:58 -0400
Received: from mga06.intel.com ([134.134.136.31]:44010 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751407AbeGDN54 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Jul 2018 09:57:56 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jul 2018 06:57:56 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,306,1526367600"; 
   d="scan'208";a="70064808"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
  by orsmga001.jf.intel.com with ESMTP; 04 Jul 2018 06:57:49 -0700
Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 4 Jul 2018 06:57:48 -0700
Received: from lcsmsx153.ger.corp.intel.com (10.186.165.228) by
 FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 4 Jul 2018 06:57:48 -0700
Received: from hasmsx108.ger.corp.intel.com ([169.254.9.94]) by
 LCSMSX153.ger.corp.intel.com ([169.254.8.115]) with mapi id 14.03.0319.002;
 Wed, 4 Jul 2018 16:57:45 +0300
From:   "Winkler, Tomas" <tomas.winkler@intel.com>
To:     Dan Carpenter <dan.carpenter@oracle.com>,
        Julia Lawall <julia.lawall@lip6.fr>
CC:     "Usyskin, Alexander" <alexander.usyskin@intel.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "kernel-janitors@vger.kernel.org" <kernel-janitors@vger.kernel.org>
Subject: RE: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version()
Thread-Topic: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version()
Thread-Index: AQHUE3png2dbGFvDeUeKteEow93QvaR+w5sAgAAErwCAAEz8kA==
Date:   Wed, 4 Jul 2018 13:57:44 +0000
Message-ID: <5B8DA87D05A7694D9FA63FD143655C1B9D95BC46@hasmsx108.ger.corp.intel.com>
References: <20180704093449.vryluk7khaudstgp@kili.mountain>
 <alpine.DEB.2.20.1807041358580.4387@hadrien>
 <20180704121600.hrezydpvpe4hyie3@mwanda>
In-Reply-To: <20180704121600.hrezydpvpe4hyie3@mwanda>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_NT
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYzlhMDY3YzQtNDM5Yy00MzVlLTk4YTAtZDMwNmI2NmJiZjVhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSXMrWU5iQW5kNlVzYTllbDM0cHVMSEFLdmtnVmlMYXBON2ppMmpWS0lFRTd0a0JoNlZmY055a0RxN1BaU3F1ZSJ9
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
x-originating-ip: [10.12.116.179]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8BIT
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> 
> On Wed, Jul 04, 2018 at 01:59:14PM +0200, Julia Lawall wrote:
> >
> >
> > On Wed, 4 Jul 2018, Dan Carpenter wrote:
> >
> > > We accidentally removed the check for negative returns without
> > > considering the issue of type promotion.  The "if_version_length"
> > > variable is type size_t so if __mei_cl_recv() returns a negative
> > > then "bytes_recv" is type promoted to a high positive value and
> > > treated as success.
> > >
> > > Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC
> > > fixup")
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> > >
> > > diff --git a/drivers/misc/mei/bus-fixup.c
> > > b/drivers/misc/mei/bus-fixup.c index 0208c4b027c5..fa0236a5e59a
> > > 100644
> > > --- a/drivers/misc/mei/bus-fixup.c
> > > +++ b/drivers/misc/mei/bus-fixup.c
> > > @@ -267,7 +267,7 @@ static int mei_nfc_if_version(struct mei_cl *cl,
> > >
> > >  	ret = 0;
> > >  	bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0);
> > > -	if (bytes_recv < if_version_length) {
> > > +	if (bytes_recv < 0 || bytes_recv < if_version_length) {
> >
> > Is this preferred to adding an int cast?
> 
> I don't think it matters.  I kind of like explicitly testing for negative but
> maybe later people will just remove the check like we did here?  You could
> do it a bunch of different ways:
> 
> 1: if (ret < 0 || ret < ARRAY_SIZE(xxx))
> 2: if (ret < (int)ARRAY_SIZE(xxx))
> 3: if (ret != ARRAY_SIZE(xxx))
> 
> They're all equivalent.  I guess I don't like casting too much.  My first
> approach to fixing this was just to declare if_version_length as an int, but
> then I saw that originally there was a "bytes_recv < 0"
> check and decided to go that way instead.

Actually bytes_recv should be probably of ssize_t type,  so could be the if_version_length. 

How did you find this, I haven't seen it in reported by sparse, smatch and I believe -Wsign-compare is suppressed in compilation warnings.
Thanks
Tomas