exportfs: check for error return value from exportfs_encode_*()

The exportfs_encode_*() helpers call the filesystem ->encode_fh()
method which returns a signed int.

All the in-tree implementations of ->encode_fh() return a positive
integer and FILEID_INVALID (255) for error.

Fortify the callers for possible future ->encode_fh() implementation
that will return a negative error value.

name_to_handle_at() would propagate the returned error to the users
if filesystem ->encode_fh() method returns an error.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/linux-fsdevel/ca02955f-1877-4fde-b453-3c1d22794740@kili.mountain/
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230524154825.881414-1-amir73il@gmail.com>

diff --git a/fs/fhandle.c b/fs/fhandle.c
index 4a635cf787fc7da90c3b192e52954cc532760cd0..fd0d6a3b3699b917476f4cd39b730b41d4935c98 100644 (file)
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -57,18 +57,19 @@ static long do_sys_name_to_handle(const struct path *path,
        handle_bytes = handle_dwords * sizeof(u32);
        handle->handle_bytes = handle_bytes;
        if ((handle->handle_bytes > f_handle.handle_bytes) ||
-           (retval == FILEID_INVALID) || (retval == -ENOSPC)) {
+           (retval == FILEID_INVALID) || (retval < 0)) {
                /* As per old exportfs_encode_fh documentation
                 * we could return ENOSPC to indicate overflow
                 * But file system returned 255 always. So handle
                 * both the values
                 */
+               if (retval == FILEID_INVALID || retval == -ENOSPC)
+                       retval = -EOVERFLOW;
                /*
                 * set the handle size to zero so we copy only
                 * non variable part of the file_handle
                 */
                handle_bytes = 0;
-               retval = -EOVERFLOW;
        } else
                retval = 0;
        /* copy the mount id */

diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c
index 31e4505c0df3472c546da03b2851ddfbde63e96c..0f5eacae5f43ee1154714b94d4a513b51a67f517 100644 (file)
--- a/fs/nfsd/nfsfh.c
+++ b/fs/nfsd/nfsfh.c
@@ -416,9 +416,11 @@ static void _fh_update(struct svc_fh *fhp, struct svc_export *exp,
                int maxsize = (fhp->fh_maxsize - fhp->fh_handle.fh_size)/4;
                int fh_flags = (exp->ex_flags & NFSEXP_NOSUBTREECHECK) ? 0 :
                                EXPORT_FH_CONNECTABLE;
+               int fileid_type =
+                       exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);
 
                fhp->fh_handle.fh_fileid_type =
-                       exportfs_encode_fh(dentry, fid, &maxsize, fh_flags);
+                       fileid_type > 0 ? fileid_type : FILEID_INVALID;
                fhp->fh_handle.fh_size += maxsize * 4;
        } else {
                fhp->fh_handle.fh_fileid_type = FILEID_ROOT;

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index d2bbf1445a9e5719ec4bd1308f1500cd0deb75cc..9dac7f6e72d2bd63402cadc402590546b1d6d2c1 100644 (file)
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -445,7 +445,7 @@ static int fanotify_encode_fh(struct fanotify_fh *fh, struct inode *inode,
        dwords = fh_len >> 2;
        type = exportfs_encode_fid(inode, buf, &dwords);
        err = -EINVAL;
-       if (!type || type == FILEID_INVALID || fh_len != dwords << 2)
+       if (type <= 0 || type == FILEID_INVALID || fh_len != dwords << 2)
                goto out_err;
 
        fh->type = type;