Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 023d4ea3 authored by Joseph Qi's avatar Joseph Qi Committed by Linus Torvalds
Browse files

ocfs2: fix possible uninitialized variable access 



In ocfs2_local_alloc_find_clear_bits and ocfs2_get_dentry, variable
numfound and set may be uninitialized and then used in tracepoint.  In
ocfs2_xattr_block_get and ocfs2_delete_xattr_in_bucket, variable block_off
and xv may be uninitialized and then used in the following logic due to
unchecked return value.

This patch fixes these possible issues.

Signed-off-by: default avatarJoseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 7c01ad8f

fs/ocfs2/export.c

+1 −1
Original line number Diff line number Diff line
@@ -82,7 +82,6 @@ static struct dentry *ocfs2_get_dentry(struct super_block *sb, 
	}



	status = ocfs2_test_inode_bit(osb, blkno, &set);

	trace_ocfs2_get_dentry_test_bit(status, set);

	if (status < 0) {

		if (status == -EINVAL) {

			/*
@@ -96,6 +95,7 @@ static struct dentry *ocfs2_get_dentry(struct super_block *sb, 
		goto unlock_nfs_sync;

	}



	trace_ocfs2_get_dentry_test_bit(status, set);

	/* If the inode allocator bit is clear, this inode must be stale */

	if (!set) {

		status = -ESTALE;

fs/ocfs2/localalloc.c

+1 −1
Original line number Diff line number Diff line
@@ -839,7 +839,7 @@ static int ocfs2_local_alloc_find_clear_bits(struct ocfs2_super *osb, 
				     u32 *numbits,

				     struct ocfs2_alloc_reservation *resv)

{

	int numfound, bitoff, left, startoff, lastzero;

	int numfound = 0, bitoff, left, startoff, lastzero;

	int local_resv = 0;

	struct ocfs2_alloc_reservation r;

	void *bitmap = NULL;

fs/ocfs2/xattr.c

+8 −0
Original line number Diff line number Diff line
@@ -1238,6 +1238,10 @@ static int ocfs2_xattr_block_get(struct inode *inode, 
								i,

								&block_off,

								&name_offset);

			if (ret) {

				mlog_errno(ret);

				goto cleanup;

			}

			xs->base = bucket_block(xs->bucket, block_off);

		}

		if (ocfs2_xattr_is_local(xs->here)) {
@@ -5665,6 +5669,10 @@ static int ocfs2_delete_xattr_in_bucket(struct inode *inode, 


		ret = ocfs2_get_xattr_tree_value_root(inode->i_sb, bucket,

						      i, &xv, NULL);

		if (ret) {

			mlog_errno(ret);

			break;

		}



		ret = ocfs2_lock_xattr_remove_allocators(inode, xv,

							 args->ref_ci,