| Message ID | 20210804031832.57154-1-islituo@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() | expand |
Hi Andrew, It seems you haven't picked this patch into -mm tree. Should we resend it or it's fine now? Thanks, Joseph On 8/4/21 11:26 AM, Joseph Qi wrote: > > > On 8/4/21 11:18 AM, Tuo Li wrote: >> A memory block is allocated through kmalloc(), and its return value is >> assigned to the pointer oinfo. However, oinfo->dqi_gqinode is not >> initialized but it is accessed in: >> iput(oinfo->dqi_gqinode); >> >> To fix this possible uninitialized-variable access, assign NULL to >> oinfo->dqi_gqinode, and add ocfs2_qinfo_lock_res_init() >> behind the assignment in ocfs2_local_read_info(). Remove >> ocfs2_qinfo_lock_res_init() in ocfs2_global_read_info(). >> > > Or we can simplify the above description to: > "To fix the possible uninitialized-variable access, initialize > dqi_gqinode and dqi_gqlock first before calling > ocfs2_global_read_info()." > >> Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> >> Signed-off-by: Tuo Li <islituo@gmail.com> > > Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> >> --- >> v3: >> * Update description. >> * Assign NULL to oinfo->dqi_gqinode, and add ocfs2_qinfo_lock_res_init() >> behind the assignment in ocfs2_local_read_info(). Remove >> ocfs2_qinfo_lock_res_init() in ocfs2_global_read_info() >> Thank Joseph Qi for helpful advice. >> v2: >> * Replace kzalloc() with NULL assignment to oinfo->dqi_gqinode. >> Thank Joseph Qi for helpful advice. >> --- >> fs/ocfs2/quota_global.c | 1 - >> fs/ocfs2/quota_local.c | 2 ++ >> 2 files changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c >> index eda83487c9ec..f033de733adb 100644 >> --- a/fs/ocfs2/quota_global.c >> +++ b/fs/ocfs2/quota_global.c >> @@ -357,7 +357,6 @@ int ocfs2_global_read_info(struct super_block *sb, int type) >> } >> oinfo->dqi_gi.dqi_sb = sb; >> oinfo->dqi_gi.dqi_type = type; >> - ocfs2_qinfo_lock_res_init(&oinfo->dqi_gqlock, oinfo); >> oinfo->dqi_gi.dqi_entry_size = sizeof(struct ocfs2_global_disk_dqblk); >> oinfo->dqi_gi.dqi_ops = &ocfs2_global_ops; >> oinfo->dqi_gqi_bh = NULL; >> diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c >> index b1a8b046f4c2..0e4b16d4c037 100644 >> --- a/fs/ocfs2/quota_local.c >> +++ b/fs/ocfs2/quota_local.c >> @@ -702,6 +702,8 @@ static int ocfs2_local_read_info(struct super_block *sb, int type) >> info->dqi_priv = oinfo; >> oinfo->dqi_type = type; >> INIT_LIST_HEAD(&oinfo->dqi_chunk); >> + oinfo->dqi_gqinode = NULL; >> + ocfs2_qinfo_lock_res_init(&oinfo->dqi_gqlock, oinfo); >> oinfo->dqi_rec = NULL; >> oinfo->dqi_lqi_bh = NULL; >> oinfo->dqi_libh = NULL; >>
diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c index eda83487c9ec..f033de733adb 100644 --- a/fs/ocfs2/quota_global.c +++ b/fs/ocfs2/quota_global.c @@ -357,7 +357,6 @@ int ocfs2_global_read_info(struct super_block *sb, int type) } oinfo->dqi_gi.dqi_sb = sb; oinfo->dqi_gi.dqi_type = type; - ocfs2_qinfo_lock_res_init(&oinfo->dqi_gqlock, oinfo); oinfo->dqi_gi.dqi_entry_size = sizeof(struct ocfs2_global_disk_dqblk); oinfo->dqi_gi.dqi_ops = &ocfs2_global_ops; oinfo->dqi_gqi_bh = NULL; diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c index b1a8b046f4c2..0e4b16d4c037 100644 --- a/fs/ocfs2/quota_local.c +++ b/fs/ocfs2/quota_local.c @@ -702,6 +702,8 @@ static int ocfs2_local_read_info(struct super_block *sb, int type) info->dqi_priv = oinfo; oinfo->dqi_type = type; INIT_LIST_HEAD(&oinfo->dqi_chunk); + oinfo->dqi_gqinode = NULL; + ocfs2_qinfo_lock_res_init(&oinfo->dqi_gqlock, oinfo); oinfo->dqi_rec = NULL; oinfo->dqi_lqi_bh = NULL; oinfo->dqi_libh = NULL;
A memory block is allocated through kmalloc(), and its return value is assigned to the pointer oinfo. However, oinfo->dqi_gqinode is not initialized but it is accessed in: iput(oinfo->dqi_gqinode); To fix this possible uninitialized-variable access, assign NULL to oinfo->dqi_gqinode, and add ocfs2_qinfo_lock_res_init() behind the assignment in ocfs2_local_read_info(). Remove ocfs2_qinfo_lock_res_init() in ocfs2_global_read_info(). Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> Signed-off-by: Tuo Li <islituo@gmail.com> --- v3: * Update description. * Assign NULL to oinfo->dqi_gqinode, and add ocfs2_qinfo_lock_res_init() behind the assignment in ocfs2_local_read_info(). Remove ocfs2_qinfo_lock_res_init() in ocfs2_global_read_info() Thank Joseph Qi for helpful advice. v2: * Replace kzalloc() with NULL assignment to oinfo->dqi_gqinode. Thank Joseph Qi for helpful advice. --- fs/ocfs2/quota_global.c | 1 - fs/ocfs2/quota_local.c | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-)