lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHbLzkrQVcVL6UtDf6cwvTshFT25uGZVn_DKL_=RCU7KR=wV3w@mail.gmail.com>
Date:   Fri, 22 Oct 2021 10:35:12 -0700
From:   Yang Shi <shy828301@...il.com>
To:     Arnd Bergmann <arnd@...nel.org>
Cc:     Naoya Horiguchi <naoya.horiguchi@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Arnd Bergmann <arnd@...db.de>,
        Oscar Salvador <osalvador@...e.de>,
        Miaohe Lin <linmiaohe@...wei.com>,
        Linux MM <linux-mm@...ck.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] mm: shmem: fix uninitialized variable use in me_pagecache_clean()

On Thu, Oct 21, 2021 at 11:47 PM Arnd Bergmann <arnd@...nel.org> wrote:
>
> From: Arnd Bergmann <arnd@...db.de>
>
> It appears that the has_extra_refcount() is now in the wrong place:
>
> mm/memory-failure.c:892:6: error: variable 'extra_pins' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
>         if (!mapping) {
>             ^~~~~~~~
> mm/memory-failure.c:915:32: note: uninitialized use occurs here
>         if (has_extra_refcount(ps, p, extra_pins))
>                                       ^~~~~~~~~~
> mm/memory-failure.c:892:2: note: remove the 'if' if its condition is always false
>         if (!mapping) {
>         ^~~~~~~~~~~~~~~
> mm/memory-failure.c:879:6: error: variable 'extra_pins' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
>         if (PageAnon(p)) {
>             ^~~~~~~~~~~
> mm/memory-failure.c:915:32: note: uninitialized use occurs here
>         if (has_extra_refcount(ps, p, extra_pins))
>                                       ^~~~~~~~~~
> mm/memory-failure.c:879:2: note: remove the 'if' if its condition is always false
>         if (PageAnon(p)) {
>         ^~~~~~~~~~~~~~~~~~
> mm/memory-failure.c:871:17: note: initialize the variable 'extra_pins' to silence this warning
>         bool extra_pins;
>                        ^
>                         = 0
>
> In both of those cases, we already set an error code and don't
> need to override that one.

Hi Arnd,

Thanks for catching this. There has been a fix
(https://lore.kernel.org/linux-mm/20211021180336.2328086-1-nathan@kernel.org/).
But I think yours makes more sense. It seems better to have the "out:"
label after has_extra_refcount().

Andrew,

Could you please take this patch? And either keeping or dropping
Nathan's patch is fine to me. Thanks.

>
> Fixes: d882a43a0011 ("mm: shmem: don't truncate page if memory failure happens")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> This is caused by a commit im -mm, so the commit ID is not stable.
> If the fix is correct, I'd suggest folding it into the original
> change
> ---
>  mm/memory-failure.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index 3b04f0361a58..e8c38e27b753 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -909,12 +909,12 @@ static int me_pagecache_clean(struct page_state *ps, struct page *p)
>          * Open: to take i_rwsem or not for this? Right now we don't.
>          */
>         ret = truncate_error_page(p, page_to_pfn(p), mapping);
> -out:
> -       unlock_page(p);
> -
>         if (has_extra_refcount(ps, p, extra_pins))
>                 ret = MF_FAILED;
>
> +out:
> +       unlock_page(p);
> +
>         return ret;
>  }
>
> --
> 2.29.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ