[PATCH AUTOSEL 5.16 04/52] NFSv4.1: Fix uninitialised variable in devicenotify

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Trond Myklebust <trond.myklebust@hammerspace.com>,
	rtm@csail.mit.edu, Anna Schumaker <Anna.Schumaker@Netapp.com>,
	Sasha Levin <sashal@kernel.org>,
	anna.schumaker@netapp.com, linux-nfs@vger.kernel.org
Subject: [PATCH AUTOSEL 5.16 04/52] NFSv4.1: Fix uninitialised variable in devicenotify
Date: Thu,  3 Feb 2022 15:28:58 -0500	[thread overview]
Message-ID: <20220203202947.2304-4-sashal@kernel.org> (raw)
In-Reply-To: <20220203202947.2304-1-sashal@kernel.org>

From: Trond Myklebust <trond.myklebust@hammerspace.com>

[ Upstream commit b05bf5c63b326ce1da84ef42498d8e0e292e694c ]

When decode_devicenotify_args() exits with no entries, we need to
ensure that the struct cb_devicenotifyargs is initialised to
{ 0, NULL } in order to avoid problems in
nfs4_callback_devicenotify().

Reported-by: <rtm@csail.mit.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfs/callback.h      |  2 +-
 fs/nfs/callback_proc.c |  2 +-
 fs/nfs/callback_xdr.c  | 18 +++++++++---------
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/fs/nfs/callback.h b/fs/nfs/callback.h
index 6a2033131c068..ccd4f245cae24 100644
--- a/fs/nfs/callback.h
+++ b/fs/nfs/callback.h
@@ -170,7 +170,7 @@ struct cb_devicenotifyitem {
 };
 
 struct cb_devicenotifyargs {
-	int				 ndevs;
+	uint32_t			 ndevs;
 	struct cb_devicenotifyitem	 *devs;
 };
 
diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c
index 09c5b1cb3e075..c343666d9a428 100644
--- a/fs/nfs/callback_proc.c
+++ b/fs/nfs/callback_proc.c
@@ -358,7 +358,7 @@ __be32 nfs4_callback_devicenotify(void *argp, void *resp,
 				  struct cb_process_state *cps)
 {
 	struct cb_devicenotifyargs *args = argp;
-	int i;
+	uint32_t i;
 	__be32 res = 0;
 	struct nfs_client *clp = cps->clp;
 	struct nfs_server *server = NULL;
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index a67c41ec545fd..f90de8043b0f9 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -258,11 +258,9 @@ __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
 				void *argp)
 {
 	struct cb_devicenotifyargs *args = argp;
+	uint32_t tmp, n, i;
 	__be32 *p;
 	__be32 status = 0;
-	u32 tmp;
-	int n, i;
-	args->ndevs = 0;
 
 	/* Num of device notifications */
 	p = xdr_inline_decode(xdr, sizeof(uint32_t));
@@ -271,7 +269,7 @@ __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
 		goto out;
 	}
 	n = ntohl(*p++);
-	if (n <= 0)
+	if (n == 0)
 		goto out;
 	if (n > ULONG_MAX / sizeof(*args->devs)) {
 		status = htonl(NFS4ERR_BADXDR);
@@ -330,19 +328,21 @@ __be32 decode_devicenotify_args(struct svc_rqst *rqstp,
 			dev->cbd_immediate = 0;
 		}
 
-		args->ndevs++;
-
 		dprintk("%s: type %d layout 0x%x immediate %d\n",
 			__func__, dev->cbd_notify_type, dev->cbd_layout_type,
 			dev->cbd_immediate);
 	}
+	args->ndevs = n;
+	dprintk("%s: ndevs %d\n", __func__, args->ndevs);
+	return 0;
+err:
+	kfree(args->devs);
 out:
+	args->devs = NULL;
+	args->ndevs = 0;
 	dprintk("%s: status %d ndevs %d\n",
 		__func__, ntohl(status), args->ndevs);
 	return status;
-err:
-	kfree(args->devs);
-	goto out;
 }
 
 static __be32 decode_sessionid(struct xdr_stream *xdr,
-- 
2.34.1

next prev parent reply	other threads:[~2022-02-03 20:30 UTC|newest]

Thread overview: 74+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-03 20:28 [PATCH AUTOSEL 5.16 01/52] NFS: change nfs_access_get_cached to only report the mask Sasha Levin
2022-02-03 20:28 ` [PATCH AUTOSEL 5.16 02/52] NFSv4 only print the label when its queried Sasha Levin
2022-02-03 20:28 ` [PATCH AUTOSEL 5.16 03/52] nfs: nfs4clinet: check the return value of kstrdup() Sasha Levin
2022-02-03 20:28 ` Sasha Levin [this message]
2022-02-03 20:28 ` [PATCH AUTOSEL 5.16 05/52] netfilter: nf_conntrack_netbios_ns: fix helper module alias Sasha Levin
2022-02-03 21:46   ` Jakub Kicinski
2022-02-03 22:23     ` Florian Westphal
2022-02-11 14:41       ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 06/52] NFSv4 remove zero number of fs_locations entries error check Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 07/52] NFSv4 store server support for fs_location attribute Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 08/52] NFSv4.1 query for fs_location attr on a new file system Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 09/52] NFSv4 expose nfs_parse_server_name function Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 10/52] NFSv4 handle port presence in fs_location server string Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 11/52] SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 12/52] net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 13/52] sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 14/52] irqchip/realtek-rtl: Service all pending interrupts Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 15/52] perf/x86/rapl: fix AMD event handling Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 16/52] x86/perf: Avoid warning for Arch LBR without XSAVE Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 17/52] sched/pelt: Relax the sync of runnable_sum with runnable_avg Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 18/52] sched: Avoid double preemption in __cond_resched_*lock*() Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 19/52] drm/vc4: Fix deadlock on DSI device attach error Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 20/52] drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 21/52] net: sched: Clarify error message when qdisc kind is unknown Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 22/52] powerpc/fixmap: Fix VM debug warning on unmap Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 23/52] s390/module: test loading modules with a lot of relocations Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 24/52] arm64: Add Cortex-X2 CPU part definition Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 25/52] arm64: errata: Update ARM64_ERRATUM_[2119858|2224489] with Cortex-X2 ranges Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 26/52] scsi: target: iscsi: Make sure the np under each tpg is unique Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 27/52] scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 28/52] scsi: qedf: Add stag_work to all the vports Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 29/52] scsi: qedf: Fix refcount issue when LOGO is received during TMF Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 30/52] scsi: qedf: Change context reset messages to ratelimited Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 31/52] scsi: pm8001: Fix bogus FW crash for maxcpus=1 Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 32/52] scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 33/52] scsi: ufs: Treat link loss as fatal error Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 34/52] scsi: myrs: Fix crash in error case Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 35/52] net: stmmac: reduce unnecessary wakeups from eee sw timer Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 36/52] PM: wakeup: simplify the output logic of pm_show_wakelocks() Sasha Levin
2022-02-04  8:29   ` Greg Kroah-Hartman
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 37/52] PM: hibernate: Remove register_nosave_region_late() Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 38/52] drm/amd/display: Correct MPC split policy for DCN301 Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 39/52] drm/amdgpu/display: adjust msleep limit in dp_wait_for_training_aux_rd_interval Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 40/52] drm/amdgpu/display: use msleep rather than udelay for long delays Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 41/52] usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 42/52] perf: Always wake the parent event Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 43/52] nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 44/52] MIPS: Fix build error due to PTR used in more places Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 45/52] net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 46/52] arm64: Add Cortex-A510 CPU part definition Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 47/52] arm64: errata: Add detection for TRBE ignored system register writes Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 48/52] arm64: errata: Add detection for TRBE invalid prohibited states Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 49/52] arm64: errata: Add detection for TRBE trace data corruption Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 50/52] arm64: cpufeature: List early Cortex-A510 parts as having broken dbm Sasha Levin
2022-02-03 20:29   ` Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 51/52] block: add bio_start_io_acct_time() to control start_time Sasha Levin
2022-02-03 20:29 ` [PATCH AUTOSEL 5.16 52/52] kasan: test: fix compatibility with FORTIFY_SOURCE Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6a2033131c06 dfblob:ccd4f245cae2 dfblob:09c5b1cb3e07
dfblob:c343666d9a42 dfblob:a67c41ec545f dfblob:f90de8043b0f )
 OR (
bs:"[PATCH AUTOSEL 5.16 04/52] NFSv4.1: Fix uninitialised variable in devicenotify" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220203202947.2304-4-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=Anna.Schumaker@Netapp.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=rtm@csail.mit.edu \
    --cc=stable@vger.kernel.org \
    --cc=trond.myklebust@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.