From: Chengguang Xu <cgxu519@mykernel.net> mainline inclusion from mainline-v5.10-rc1 commit 82c596ebaa104f994d25256523ae2f9047323fe7 category: bugfix bugzilla: NA CVE: NA -------------------------------- The variable error is ssize_t, which is signed and will cast to unsigned when comapre with variable size, so add a check to avoid unexpected result in case of negative value of error. Signed-off-by: Chengguang Xu <cgxu519@mykernel.net> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com> Reviewed-by: Zhang Yi <yi.zhang@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- fs/nfs/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index ffb7a6e7f5664..ba68138a0c0e5 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -7246,7 +7246,7 @@ nfs4_listxattr_nfs4_label(struct inode *inode, char *list, size_t list_len) if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) { len = security_inode_listsecurity(inode, list, list_len); - if (list_len && len > list_len) + if (len >= 0 && list_len && len > list_len) return -ERANGE; } return len; -- 2.25.1