From 398999bac6ea8842706d613630f907b817f47c6d Mon Sep 17 00:00:00 2001 From: Julian Wiedmann Date: Thu, 1 Oct 2020 19:21:26 +0200 Subject: [PATCH 1/2] net/af_iucv: right-size the uid variable in iucv_sock_bind() smatch complains about net/iucv/af_iucv.c:624 iucv_sock_bind() error: memcpy() 'sa->siucv_user_id' too small (8 vs 9) Which is absolutely correct - the memcpy() takes 9 bytes (sizeof(uid)) from an 8-byte field (sa->siucv_user_id). Luckily the sockaddr_iucv struct contains more data after the .siucv_user_id field, and we checked the size of the passed data earlier on. So the memcpy() won't accidentally read from an invalid location. Fix the warning by reducing the size of the uid variable to what's actually needed, and thus reducing the amount of copied data. Signed-off-by: Julian Wiedmann Reviewed-by: Karsten Graul Signed-off-by: David S. Miller --- net/iucv/af_iucv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index a95af62acb529..d805720746672 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -588,11 +588,11 @@ static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) { struct sockaddr_iucv *sa = (struct sockaddr_iucv *) addr; + char uid[sizeof(sa->siucv_user_id)]; struct sock *sk = sock->sk; struct iucv_sock *iucv; int err = 0; struct net_device *dev; - char uid[9]; /* Verify the input sockaddr */ if (addr_len < sizeof(struct sockaddr_iucv) || From a29f245ec97f83f697c7442e0f1222f2ac7c9507 Mon Sep 17 00:00:00 2001 From: Julian Wiedmann Date: Thu, 1 Oct 2020 19:21:27 +0200 Subject: [PATCH 2/2] net/iucv: fix indentation in __iucv_message_receive() smatch complains about net/iucv/iucv.c:1119 __iucv_message_receive() warn: inconsistent indenting While touching this line, also make the return logic consistent and thus get rid of a goto label. Signed-off-by: Julian Wiedmann Reviewed-by: Karsten Graul Signed-off-by: David S. Miller --- net/iucv/iucv.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index cd2e468852e78..349c6ac3313f7 100644 --- a/net/iucv/iucv.c +++ b/net/iucv/iucv.c @@ -1116,10 +1116,9 @@ int __iucv_message_receive(struct iucv_path *path, struct iucv_message *msg, if (msg->flags & IUCV_IPRMDATA) return iucv_message_receive_iprmdata(path, msg, flags, buffer, size, residual); - if (cpumask_empty(&iucv_buffer_cpumask)) { - rc = -EIO; - goto out; - } + if (cpumask_empty(&iucv_buffer_cpumask)) + return -EIO; + parm = iucv_param[smp_processor_id()]; memset(parm, 0, sizeof(union iucv_param)); parm->db.ipbfadr1 = (u32)(addr_t) buffer; @@ -1135,7 +1134,6 @@ int __iucv_message_receive(struct iucv_path *path, struct iucv_message *msg, if (residual) *residual = parm->db.ipbfln1f; } -out: return rc; } EXPORT_SYMBOL(__iucv_message_receive);