cifs: fix a sign extension bug

The problem is the mismatched types between "ctx->total_len" which is
an unsigned int, "rc" which is an int, and "ctx->rc" which is a
ssize_t.  The code does:

	ctx->rc = (rc == 0) ? ctx->total_len : rc;

We want "ctx->rc" to store the negative "rc" error code.  But what
happens is that "rc" is type promoted to a high unsigned int and
'ctx->rc" will store the high positive value instead of a negative
value.

The fix is to change "rc" from an int to a ssize_t.

Fixes: a6ca12faa1fc ("CIFS: Add asynchronous write support through kernel AIO")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 6796fc73b30453b6213d7a43074037770b6e4309..0ab5bb24b8ca1520fffcb143d51e11ee2de9e99b 100644 (file)
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3113,7 +3113,7 @@ static void collect_uncached_write_data(struct cifs_aio_ctx *ctx)
        struct cifs_tcon *tcon;
        struct cifs_sb_info *cifs_sb;
        struct dentry *dentry = ctx->cfile->dentry;
-       int rc;
+       ssize_t rc;
 
        tcon = tlink_tcon(ctx->cfile->tlink);
        cifs_sb = CIFS_SB(dentry->d_sb);