From 54cc3794cec410ec2f7daa00089777562218780a Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 29 Oct 2015 16:51:23 +0300 Subject: [PATCH] staging: lustre: potential underflow in libcfs_kkuc_group_add() My static checker says that "group" is a user controlled number that can be negative leading to an array underflow. I have looked at it, and I'm not an expert enough in lustre to say for sure if it is really a bug. Anyway, it's simple enough to make the variable unsigned which pleases the static checker and makes it easier to audit. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- .../staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h | 2 +- drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h b/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h index a989d2666230..41f3d810aea4 100644 --- a/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h +++ b/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h @@ -91,7 +91,7 @@ typedef int (*libcfs_kkuc_cb_t)(__u32 data, void *cb_arg); /* Kernel methods */ int libcfs_kkuc_msg_put(struct file *fp, void *payload); int libcfs_kkuc_group_put(int group, void *payload); -int libcfs_kkuc_group_add(struct file *fp, int uid, int group, +int libcfs_kkuc_group_add(struct file *fp, int uid, unsigned int group, __u32 data); int libcfs_kkuc_group_rem(int uid, int group); int libcfs_kkuc_group_foreach(int group, libcfs_kkuc_cb_t cb_func, diff --git a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c index ad661a33a211..d8230aec9a2b 100644 --- a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c +++ b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c @@ -110,7 +110,8 @@ static DECLARE_RWSEM(kg_sem); * @param uid identifier for this receiver * @param group group number */ -int libcfs_kkuc_group_add(struct file *filp, int uid, int group, __u32 data) +int libcfs_kkuc_group_add(struct file *filp, int uid, unsigned int group, + __u32 data) { struct kkuc_reg *reg; -- 2.39.5