2019-10-03 06:33:56

by Atul Gupta

[permalink] [raw]
Subject: [Crypto chcr] crypto: af_alg - cast ki_complete call's ternary operator variables to long.

The ki_complete called from af_alg_async_cb use ternary operator to get
the value of second argument.As err is signed int while resultlen is
unsigned int, by the precedence rule err is also processed as unsigned
int and lose its original value.Hence, it is advised to cast both err
and resultlen as long which is expected by the definition of ki_complete
call as its 2nd argument. This will retain the original signed value of
err.

Declaration of ki_complete in file linux/include/linux/fs.h in struct
kiocb {...
void (*ki_complete)(struct kiocb *iocb, long ret, long ret2);
...
}

Signed-off-by: Atul Gupta <[email protected]>
---
crypto/af_alg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index edca099..8e48d97 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -1048,7 +1048,7 @@ void af_alg_async_cb(struct crypto_async_request *_req, int err)
af_alg_free_resources(areq);
sock_put(sk);

- iocb->ki_complete(iocb, err ? err : resultlen, 0);
+ iocb->ki_complete(iocb, err ? (long)err : (long)resultlen, 0);
}
EXPORT_SYMBOL_GPL(af_alg_async_cb);

--
1.8.3.1


2019-10-03 14:45:24

by Herbert Xu

[permalink] [raw]
Subject: Re: [Crypto chcr] crypto: af_alg - cast ki_complete call's ternary operator variables to long.

On Wed, Oct 02, 2019 at 11:32:31PM -0700, Atul Gupta wrote:
> The ki_complete called from af_alg_async_cb use ternary operator to get
> the value of second argument.As err is signed int while resultlen is
> unsigned int, by the precedence rule err is also processed as unsigned
> int and lose its original value.Hence, it is advised to cast both err
> and resultlen as long which is expected by the definition of ki_complete
> call as its 2nd argument. This will retain the original signed value of
> err.
>
> Declaration of ki_complete in file linux/include/linux/fs.h in struct
> kiocb {...
> void (*ki_complete)(struct kiocb *iocb, long ret, long ret2);
> ...
> }
>
> Signed-off-by: Atul Gupta <[email protected]>
> ---
> crypto/af_alg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/af_alg.c b/crypto/af_alg.c
> index edca099..8e48d97 100644
> --- a/crypto/af_alg.c
> +++ b/crypto/af_alg.c
> @@ -1048,7 +1048,7 @@ void af_alg_async_cb(struct crypto_async_request *_req, int err)
> af_alg_free_resources(areq);
> sock_put(sk);
>
> - iocb->ki_complete(iocb, err ? err : resultlen, 0);
> + iocb->ki_complete(iocb, err ? (long)err : (long)resultlen, 0);

Why are you casting err when it's already signed? You can rewrite
it as

err ?: (int)resultlen

Please also add a fixes header for the commit that introduced this
bug.

Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt