[RFC PATCH] quota: Fix possible GFP due to uninitialised pointers

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nikolay Borisov <kernel@kyup.com>
To: jack@suse.com
Cc: linux-kernel@vger.kernel.org
Subject: [RFC PATCH] quota: Fix possible GFP due to uninitialised pointers
Date: Wed,  2 Mar 2016 18:19:29 +0200	[thread overview]
Message-ID: <1456935569-20053-1-git-send-email-kernel@kyup.com> (raw)

While debugging some issues with quota I realized that
it's possible to pass array with bogus dquot pointers from
__dquot_initialize to dqput. This can happen if the initialisation
of the dquot objects for an inode fail and the control flow is
transferred to the out_put label. In case only the USR or GRP quota
are initialised then the PRJ pointer in the "got" array would remain
uninitialised. This will cause the NULL ptr check in dqput to pass
but actually the pointer is going to be invalid. Eventually this would
cause a GFP.

To fix this just zero out the got array

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
---
 fs/quota/dquot.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index ef0d64b2a6d9..a0ab58fd85ae 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -1408,6 +1408,8 @@ static int __dquot_initialize(struct inode *inode, int type)

 	dquots = i_dquot(inode);

+	memset(got, 0, 3 * sizeof(struct dquot *));
+
 	/* First get references to structures we might need. */
 	for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
 		struct kqid qid;
-- 
2.5.0

next             reply	other threads:[~2016-03-02 16:19 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-02 16:19 Nikolay Borisov [this message]
2016-03-03 10:00 ` [RFC PATCH] quota: Fix possible GFP due to uninitialised pointers Jan Kara

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ef0d64b2a6d dfblob:a0ab58fd85a )
 OR (
bs:"[RFC PATCH] quota: Fix possible GFP due to uninitialised pointers" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1456935569-20053-1-git-send-email-kernel@kyup.com \
    --to=kernel@kyup.com \
    --cc=jack@suse.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).