| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b22f1750-c53d-481f-8233-12adac30a807@gmail.com> Date: Sun, 6 Oct 2024 12:28:56 +0530 From: Suraj Sonawane <surajsonawane0215@...il.com> To: John Garry <john.g.garry@...cle.com>, hch@...radead.org Cc: axboe@...nel.dk, linux-block@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: Explanation on Uninitialized Variable bio in blk_rq_prep_clone On 04/10/24 20:03, John Garry wrote: > On 04/10/2024 15:10, SurajSonawane2415 wrote: >> Explaination of how bio could be used uninitialized in this function: >> >> In the function blk_rq_prep_clone, the variable bio is declared but >> can remain uninitialized >> if the allocation with bio_alloc_clone fails. This can lead to >> undefined behavior when the >> function attempts to free bio in the error handling section using >> bio_put(bio). >> By initializing bio to NULL at declaration, we ensure that the cleanup >> code will only >> interact with bio if it has been successfully allocated. >> >> > > What about if rq_src->bio is NULL for blk_rq_prep_clone() -> > __rq_for_each_bio(,rq_src): > > #define __rq_for_each_bio(_bio, rq) \ > if ((rq->bio)) \ > for (_bio = (rq)->bio; _bio; _bio = _bio->bi_next) > > Then I don't think bio it get init'ed. Whether this is possible > (rq_src->bio is NULL) is another question. Hi Keith, You're right to bring this up. If rq_src->bio is NULL, the __rq_for_each_bio macro will skip the loop, meaning the bio variable won't be used at all. So, even if bio isn’t initialized, it won't cause any issues in that case. Thanks for pointing that out. Best regards, Suraj
Powered by blists - more mailing lists