[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 3 Mar 2016 11:00:21 +0100
From: Jan Kara <jack@...e.cz>
To: Nikolay Borisov <kernel@...p.com>
Cc: jack@...e.com, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] quota: Fix possible GFP due to uninitialised pointers
On Wed 02-03-16 18:19:29, Nikolay Borisov wrote:
> While debugging some issues with quota I realized that
> it's possible to pass array with bogus dquot pointers from
> __dquot_initialize to dqput. This can happen if the initialisation
> of the dquot objects for an inode fail and the control flow is
> transferred to the out_put label. In case only the USR or GRP quota
> are initialised then the PRJ pointer in the "got" array would remain
> uninitialised. This will cause the NULL ptr check in dqput to pass
> but actually the pointer is going to be invalid. Eventually this would
> cause a GFP.
>
> To fix this just zero out the got array
>
> Signed-off-by: Nikolay Borisov <kernel@...p.com>
Thanks for spotting this and for the fix. There are couple of issues with
your patch:
a) You should use MAXQUOTAS instead of hardcoded 3 in the memset(). Even
better just leave, specify proper initializer directly.
b) You could remove the array initialization from the for loop.
I have cleaned up the patch as attached and merged it into my tree.
Honza
> ---
> fs/quota/dquot.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
> index ef0d64b2a6d9..a0ab58fd85ae 100644
> --- a/fs/quota/dquot.c
> +++ b/fs/quota/dquot.c
> @@ -1408,6 +1408,8 @@ static int __dquot_initialize(struct inode *inode, int type)
>
> dquots = i_dquot(inode);
>
> + memset(got, 0, 3 * sizeof(struct dquot *));
> +
> /* First get references to structures we might need. */
> for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
> struct kqid qid;
> --
> 2.5.0
>
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
View attachment "0001-quota-Fix-possible-GPF-due-to-uninitialised-pointers.patch" of type "text/x-patch" (1300 bytes)
Powered by blists - more mailing lists