[PATCH][V2] UBI: block: fix dereference on uninitialized dev

[PATCH][V2] UBI: block: fix dereference on uninitialized dev

[Colin King]

From: Colin Ian King <colin.king@canonical.com>

commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
introduced a dereference on dev (which is not initialized at that
point) when printing a warning message.  Re-order disk_capacity check
after the dev is found.

Found by cppcheck:
 [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/mtd/ubi/block.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 33c6495..7a9805a 100644
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -504,11 +504,6 @@ static int ubiblock_resize(struct ubi_volume_info *vi)
 	struct ubiblock *dev;
 	u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
 
-	if ((sector_t)disk_capacity != disk_capacity) {
-		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
-			 dev->gd->disk_name, vi->size);
-		return -EFBIG;
-	}
 	/*
 	 * Need to lock the device list until we stop using the device,
 	 * otherwise the device struct might get released in
@@ -520,6 +515,12 @@ static int ubiblock_resize(struct ubi_volume_info *vi)
 		mutex_unlock(&devices_mutex);
 		return -ENODEV;
 	}
+	if ((sector_t)disk_capacity != disk_capacity) {
+		mutex_unlock(&devices_mutex);
+		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
+			dev->gd->disk_name, vi->size);
+		return -EFBIG;
+	}
 
 	mutex_lock(&dev->dev_mutex);
 	set_capacity(dev->gd, disk_capacity);
-- 
2.1.0

Re: [PATCH][V2] UBI: block: fix dereference on uninitialized dev

[Ezequiel Garcia]

On 20 Aug 10:19 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> introduced a dereference on dev (which is not initialized at that
> point) when printing a warning message.  Re-order disk_capacity check
> after the dev is found.
> 
> Found by cppcheck:
>  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

Thanks a lot,
-- 
Ezequiel García, Free Electrons
Embedded Linux, Kernel and Android Engineering
http://free-electrons.com

Re: [PATCH][V2] UBI: block: fix dereference on uninitialized dev

[Artem Bityutskiy]

On Thu, 2014-08-21 at 16:12 -0300, Ezequiel Garcia wrote:
> On 20 Aug 10:19 AM, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> > 
> > commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> > introduced a dereference on dev (which is not initialized at that
> > point) when printing a warning message.  Re-order disk_capacity check
> > after the dev is found.
> > 
> > Found by cppcheck:
> >  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev
> > 
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> 
> Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

Do we want to have this patch in @stable?

-- 
Best Regards,
Artem Bityutskiy

Re: [PATCH][V2] UBI: block: fix dereference on uninitialized dev

[Artem Bityutskiy]

On Wed, 2014-08-20 at 10:19 +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> introduced a dereference on dev (which is not initialized at that
> point) when printing a warning message.  Re-order disk_capacity check
> after the dev is found.
> 
> Found by cppcheck:
>  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Picked this one, thanks!

-- 
Best Regards,
Artem Bityutskiy