From: Qasim Ijaz <qasdev00@gmail.com>
To: kent.overstreet@linux.dev
Cc: linux-bcachefs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] bcachefs: fix uninitialised-access bug in bch2_alloc_sectors_start_trans
Date: Wed, 28 May 2025 20:06:10 +0100 [thread overview]
Message-ID: <20250528190610.50604-1-qasdev00@gmail.com> (raw)
During bch2_alloc_sectors_start_trans() if bch2_trans_relock() fails
the code jumps to label "err", skipping "cl" initialisation. Once at
the "err" label "cl" could potentially be accessed leading to a uinit
access.
Fix this by moving "cl" initialisation before bch2_trans_relock().
Fixes: c2e7fa88544d ("bcachefs: Use a loop for open_bucket_add_buckets() retries")
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
---
fs/bcachefs/alloc_foreground.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/bcachefs/alloc_foreground.c b/fs/bcachefs/alloc_foreground.c
index 1410a4afb36a..ccd51bcbcec5 100644
--- a/fs/bcachefs/alloc_foreground.c
+++ b/fs/bcachefs/alloc_foreground.c
@@ -1277,6 +1277,11 @@ int bch2_alloc_sectors_start_trans(struct btree_trans *trans,
req->data_type = req->wp->data_type;
+ /* If we're going to fall back to the whole fs, try nonblocking first */
+ struct closure *cl = req->target && !(flags & BCH_WRITE_only_specified_devs)
+ ? _cl
+ : NULL;
+
ret = bch2_trans_relock(trans);
if (ret)
goto err;
@@ -1285,10 +1290,6 @@ int bch2_alloc_sectors_start_trans(struct btree_trans *trans,
if (req->data_type != BCH_DATA_user)
req->have_cache = true;
- /* If we're going to fall back to the whole fs, try nonblocking first */
- struct closure *cl = req->target && !(flags & BCH_WRITE_only_specified_devs)
- ? _cl
- : NULL;
while (1) {
ret = open_bucket_add_buckets(trans, req, cl);
if (!ret ||
--
2.39.5
next reply other threads:[~2025-05-28 19:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 19:06 Qasim Ijaz [this message]
2025-05-30 4:39 ` [PATCH] bcachefs: fix uninitialised-access bug in bch2_alloc_sectors_start_trans Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250528190610.50604-1-qasdev00@gmail.com \
--to=qasdev00@gmail.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.