lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <439cb2078a8eefa782bc8da4a77bb8ac43725ba4.camel@kernel.org>
Date: Wed, 09 Oct 2024 18:39:59 -0400
From: Jeff Layton <jlayton@...nel.org>
To: Dan Carpenter <dan.carpenter@...aro.org>, "Everest K.C."
	 <everestkc@...restkc.com.np>
Cc: viro@...iv.linux.org.uk, brauner@...nel.org, jack@...e.cz, 
	skhan@...uxfoundation.org, linux-fsdevel@...r.kernel.org, 
	kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] fs: Fix uninitialized scalar variable now

On Wed, 2024-10-09 at 23:45 +0300, Dan Carpenter wrote:
> On Wed, Oct 09, 2024 at 02:05:25PM -0600, Everest K.C. wrote:
> > Variable `now` is declared without initialization. The variable
> > could be accessed inside the if-else statements following the
> > variable declaration, before it has been initialized.
> > 
> > This patch initializes the variable to
> > `inode_set_ctime_current(inode)` by default.
> > 
> > This issue was reported by Coverity Scan.
> > 
> > Signed-off-by: Everest K.C. <everestkc@...restkc.com.np>
> 
> Fixes: d8d11298e8a1 ("fs: handle delegated timestamps in setattr_copy_mgtime")
> 
> Maybe the WARN_ON_ONCE() should be updated to check ATTR_ATIME as well?
> 
> regards,
> dan carpenter
> 
> > ---
> >  fs/attr.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> > diff --git a/fs/attr.c b/fs/attr.c
> > index c614b954bda5..77523af2e62d 100644
> > --- a/fs/attr.c
> > +++ b/fs/attr.c
> > @@ -284,7 +284,7 @@ EXPORT_SYMBOL(inode_newsize_ok);
> >  static void setattr_copy_mgtime(struct inode *inode, const struct iattr *attr)
> >  {
> >  	unsigned int ia_valid = attr->ia_valid;
> > -	struct timespec64 now;
> > +	struct timespec64 now = inode_set_ctime_current(inode);
> >  
> >  	if (ia_valid & ATTR_CTIME) {
> >  		/*
> > @@ -293,8 +293,6 @@ static void setattr_copy_mgtime(struct inode *inode, const struct iattr *attr)
> >  		 */
> >  		if (ia_valid & ATTR_DELEG)
> >  			now = inode_set_ctime_deleg(inode, attr->ia_ctime);
> > -		else
> > -			now = inode_set_ctime_current(inode);
> >  	} else {
> >  		/* If ATTR_CTIME isn't set, then ATTR_MTIME shouldn't be either. */
> >  		WARN_ON_ONCE(ia_valid & ATTR_MTIME);
> > -- 
> > 2.43.0
> > 

This doesn't look correct. inode_set_ctime_current will update the time
to the current time and then inode_set_ctime_deleg() won't work
properly if the time being set is earlier than that.

I proposed a different fix earlier today which should be correct:

https://lore.kernel.org/linux-fsdevel/20241009-mgtime-v1-1-383b9e0481b5@kernel.org/

Thanks,
-- 
Jeff Layton <jlayton@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ