Re: [PATCH v2] fs: make d_path-like functions all have unsigned size

From: Andy Shevchenko
Date: Tue Jul 27 2021 - 08:39:42 EST

On Tue, Jul 27, 2021 at 02:07:54PM +0200, Greg Kroah-Hartman wrote:
> When running static analysis tools to find where signed values could
> potentially wrap the family of d_path() functions turn out to trigger a
> lot of mess. In evaluating the code, all of these usages seem safe, but
> pointer math is involved so if a negative number is ever somehow passed
> into these functions, memory can be traversed backwards in ways not
> intended.
> Resolve all of the abuguity by just making "size" an unsigned value,
> which takes the guesswork out of everything involved.

Are you sure it's correct change?

Look into extract_string() implementation.

if (likely(p->len >= 0))
return p->buf;

Your change makes it equal to

return p->buf;

if I'm not mistaken.

With Best Regards,
Andy Shevchenko