From 634c6f184b17e30ade86c0a838ab55ddddc730d6 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Wed, 22 Feb 2012 15:40:20 -0600 Subject: [PATCH] LINUX: Use afs_convert_code in afs_notify_change afs_notify_change currently just returns "-code". This can cause a panic if the error code is negative, since we will return a positive error code, which may get interpreted as a valid pointer value in higher levels. Specifically, if we hit afs_notify_change via something like this code path: do_sys_open -> do_filp_open -> open_namei -> may_open -> do_truncate -> notify_change -> afs_notify_change (via inode->i_op->setattr) the positive error value will be interpreted by do_sys_open as a valid 'struct file' pointer, and will be dereferenced. So pass the return value through afs_convert_code, like all of the other vnode ops, so we ensure we return an error properly. Change-Id: I941cc2d77d5a96cf86dfe133d30af4ccf6e9f2cb Reviewed-on: http://gerrit.openafs.org/6776 Reviewed-by: Derrick Brashear Tested-by: BuildBot --- src/afs/LINUX/osi_vnodeops.c | 2 +- src/afs/LINUX24/osi_vnodeops.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c index 1754a5cf7f..9caaf5a2a7 100644 --- a/src/afs/LINUX/osi_vnodeops.c +++ b/src/afs/LINUX/osi_vnodeops.c @@ -960,7 +960,7 @@ afs_notify_change(struct dentry *dp, struct iattr *iattrp) } AFS_GUNLOCK(); crfree(credp); - return -code; + return afs_convert_code(code); } static int diff --git a/src/afs/LINUX24/osi_vnodeops.c b/src/afs/LINUX24/osi_vnodeops.c index aebc051315..5821a74999 100644 --- a/src/afs/LINUX24/osi_vnodeops.c +++ b/src/afs/LINUX24/osi_vnodeops.c @@ -964,7 +964,7 @@ afs_notify_change(struct dentry *dp, struct iattr *iattrp) } AFS_GUNLOCK(); crfree(credp); - return -code; + return afs_convert_code(code); } /* Validate a dentry. Return 1 if unchanged, 0 if VFS layer should re-evaluate.