Commit d140ccb1 authored Sep 21, 2021 by Dan Carpenter Committed by Greg Kroah-Hartman Sep 30, 2021

cifs: fix a sign extension bug



[ Upstream commit e946d3c887a9dc33aa82a349c6284f4a084163f4 ]

The problem is the mismatched types between "ctx->total_len" which is
an unsigned int, "rc" which is an int, and "ctx->rc" which is a
ssize_t.  The code does:

	ctx->rc = (rc == 0) ? ctx->total_len : rc;

We want "ctx->rc" to store the negative "rc" error code.  But what
happens is that "rc" is type promoted to a high unsigned int and
'ctx->rc" will store the high positive value instead of a negative
value.

The fix is to change "rc" from an int to a ssize_t.

Fixes: c610c4b6 ("CIFS: Add asynchronous write support through kernel AIO")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 1c1062c5

fs/cifs/file.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2989,7 +2989,7 @@ static void collect_uncached_write_data(struct cifs_aio_ctx *ctx)
		struct cifs_tcon *tcon;
		struct cifs_sb_info *cifs_sb;
		struct dentry *dentry = ctx->cfile->dentry;
		int rc;
		ssize_t rc;

		tcon = tlink_tcon(ctx->cfile->tlink);
		cifs_sb = CIFS_SB(dentry->d_sb);