| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zv_-SRguWC4sxWBJ@kbusch-mbp> Date: Fri, 4 Oct 2024 08:40:09 -0600 From: Keith Busch <kbusch@...nel.org> To: John Garry <john.g.garry@...cle.com> Cc: SurajSonawane2415 <surajsonawane0215@...il.com>, hch@...radead.org, axboe@...nel.dk, linux-block@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Explanation on Uninitialized Variable bio in blk_rq_prep_clone On Fri, Oct 04, 2024 at 03:33:00PM +0100, John Garry wrote: > On 04/10/2024 15:10, SurajSonawane2415 wrote: > > Explaination of how bio could be used uninitialized in this function: > > > > In the function blk_rq_prep_clone, the variable bio is declared but can remain uninitialized > > if the allocation with bio_alloc_clone fails. This can lead to undefined behavior when the > > function attempts to free bio in the error handling section using bio_put(bio). > > By initializing bio to NULL at declaration, we ensure that the cleanup code will only > > interact with bio if it has been successfully allocated. > > > > > > What about if rq_src->bio is NULL for blk_rq_prep_clone() -> > __rq_for_each_bio(,rq_src): > > #define __rq_for_each_bio(_bio, rq) \ > if ((rq->bio)) \ > for (_bio = (rq)->bio; _bio; _bio = _bio->bi_next) > > Then I don't think bio it get init'ed. Whether this is possible (rq_src->bio > is NULL) is another question. If the source request doesn't have a bio, then the onstack 'bio' is never referenced, so should be okay if it's not initialized in that case.
Powered by blists - more mailing lists