sunrpc: avoid constant-out-of-range warning with clang

Message ID 20230703113737.694995-1-arnd@kernel.org
State New
Headers
Series sunrpc: avoid constant-out-of-range warning with clang |

Commit Message

Arnd Bergmann July 3, 2023, 11:37 a.m. UTC
  From: Arnd Bergmann <arnd@arndb.de>

The overflow check in xdr_stream_decode_uint32_array() was added for
32-bit systems, but on 64-bit builds it causes a build warning when
building with clang and W=1:

In file included from init/do_mounts.c:22:
include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
  778 |         if (len > SIZE_MAX / sizeof(*p))

Shut up the warning with a type cast.

Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 include/linux/sunrpc/xdr.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Dan Carpenter July 3, 2023, 12:42 p.m. UTC | #1
On Mon, Jul 03, 2023 at 01:37:22PM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@arndb.de>
> 
> The overflow check in xdr_stream_decode_uint32_array() was added for
> 32-bit systems, but on 64-bit builds it causes a build warning when
> building with clang and W=1:
> 
> In file included from init/do_mounts.c:22:
> include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
>   778 |         if (len > SIZE_MAX / sizeof(*p))
> 
> Shut up the warning with a type cast.
> 
> Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  include/linux/sunrpc/xdr.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
> index f89ec4b5ea169..6736121ee6a03 100644
> --- a/include/linux/sunrpc/xdr.h
> +++ b/include/linux/sunrpc/xdr.h
> @@ -775,7 +775,7 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
>  
>  	if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
>  		return -EBADMSG;
> -	if (len > SIZE_MAX / sizeof(*p))
> +	if ((size_t)len > SIZE_MAX / sizeof(*p))
>  		return -EBADMSG;
>  	p = xdr_inline_decode(xdr, len * sizeof(*p));

I sent a patch for this last week that takes a different approach.

https://lore.kernel.org/all/2390fdc8-13fa-4456-ab67-44f0744db412@moroto.mountain/

I probably should have used a Fixes tag just for informational purposes.

regards,
dan carpenter
  
Nick Desaulniers July 7, 2023, 9:50 p.m. UTC | #2
On Mon, Jul 3, 2023 at 5:42 AM Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> On Mon, Jul 03, 2023 at 01:37:22PM +0200, Arnd Bergmann wrote:
> > From: Arnd Bergmann <arnd@arndb.de>
> >
> > The overflow check in xdr_stream_decode_uint32_array() was added for
> > 32-bit systems, but on 64-bit builds it causes a build warning when
> > building with clang and W=1:
> >
> > In file included from init/do_mounts.c:22:
> > include/linux/sunrpc/xdr.h:778:10: error: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare]
> >   778 |         if (len > SIZE_MAX / sizeof(*p))
> >
> > Shut up the warning with a type cast.
> >
> > Fixes: 23a9dbbe0faf1 ("NFSD: prevent integer overflow on 32 bit systems")
> > Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> > ---
> >  include/linux/sunrpc/xdr.h | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
> > index f89ec4b5ea169..6736121ee6a03 100644
> > --- a/include/linux/sunrpc/xdr.h
> > +++ b/include/linux/sunrpc/xdr.h
> > @@ -775,7 +775,7 @@ xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
> >
> >       if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
> >               return -EBADMSG;
> > -     if (len > SIZE_MAX / sizeof(*p))
> > +     if ((size_t)len > SIZE_MAX / sizeof(*p))
> >               return -EBADMSG;
> >       p = xdr_inline_decode(xdr, len * sizeof(*p));
>
> I sent a patch for this last week that takes a different approach.
>
> https://lore.kernel.org/all/2390fdc8-13fa-4456-ab67-44f0744db412@moroto.mountain/
>
> I probably should have used a Fixes tag just for informational purposes.

I have a slight preference for retaining the existing error handling
here, but am happy to have 2 fixes in hand rather than 0; thank you
both for your time looking at this.

Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

>
> regards,
> dan carpenter
>
  

Patch

diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index f89ec4b5ea169..6736121ee6a03 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -775,7 +775,7 @@  xdr_stream_decode_uint32_array(struct xdr_stream *xdr,
 
 	if (unlikely(xdr_stream_decode_u32(xdr, &len) < 0))
 		return -EBADMSG;
-	if (len > SIZE_MAX / sizeof(*p))
+	if ((size_t)len > SIZE_MAX / sizeof(*p))
 		return -EBADMSG;
 	p = xdr_inline_decode(xdr, len * sizeof(*p));
 	if (unlikely(!p))