Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

ocfs2: fix possible uninitialized variable access

In ocfs2_local_alloc_find_clear_bits and ocfs2_get_dentry, variable
numfound and set may be uninitialized and then used in tracepoint.  In
ocfs2_xattr_block_get and ocfs2_delete_xattr_in_bucket, variable block_off
and xv may be uninitialized and then used in the following logic due to
unchecked return value.

This patch fixes these possible issues.

Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joseph Qi 10 years ago
parent
7c01ad8fe7
commit
023d4ea358
3 changed files with 10 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      fs/ocfs2/export.c
  2. 1 1
      fs/ocfs2/localalloc.c
  3. 8 0
      fs/ocfs2/xattr.c

+ 1 - 1
fs/ocfs2/export.c
View File 

@@ -82,7 +82,6 @@ static struct dentry *ocfs2_get_dentry(struct super_block *sb,
 
 	}
 
 
 	status = ocfs2_test_inode_bit(osb, blkno, &set);
 
-	trace_ocfs2_get_dentry_test_bit(status, set);
 
 	if (status < 0) {
 
 		if (status == -EINVAL) {
 
 			/*
 
@@ -96,6 +95,7 @@ static struct dentry *ocfs2_get_dentry(struct super_block *sb,
 
 		goto unlock_nfs_sync;
 
 	}
 
 
+	trace_ocfs2_get_dentry_test_bit(status, set);
 
 	/* If the inode allocator bit is clear, this inode must be stale */
 
 	if (!set) {
 
 		status = -ESTALE;

+ 1 - 1
fs/ocfs2/localalloc.c
View File 

@@ -839,7 +839,7 @@ static int ocfs2_local_alloc_find_clear_bits(struct ocfs2_super *osb,
 
 				     u32 *numbits,
 
 				     struct ocfs2_alloc_reservation *resv)
 
 {
 
-	int numfound, bitoff, left, startoff, lastzero;
 
+	int numfound = 0, bitoff, left, startoff, lastzero;
 
 	int local_resv = 0;
 
 	struct ocfs2_alloc_reservation r;
 
 	void *bitmap = NULL;

+ 8 - 0
fs/ocfs2/xattr.c
View File 

@@ -1238,6 +1238,10 @@ static int ocfs2_xattr_block_get(struct inode *inode,
 
 								i,
 
 								&block_off,
 
 								&name_offset);
 
+			if (ret) {
 
+				mlog_errno(ret);
 
+				goto cleanup;
 
+			}
 
 			xs->base = bucket_block(xs->bucket, block_off);
 
 		}
 
 		if (ocfs2_xattr_is_local(xs->here)) {
 
@@ -5665,6 +5669,10 @@ static int ocfs2_delete_xattr_in_bucket(struct inode *inode,
 
 
 		ret = ocfs2_get_xattr_tree_value_root(inode->i_sb, bucket,
 
 						      i, &xv, NULL);
 
+		if (ret) {
 
+			mlog_errno(ret);
 
+			break;
 
+		}
 
 
 		ret = ocfs2_lock_xattr_remove_allocators(inode, xv,
 
 							 args->ref_ci,