git.kernel.dk Git - linux-2.6-block.git/commit

author	Ye Bin <yebin10@huawei.com>
	Thu, 19 Jan 2023 01:37:11 +0000 (09:37 +0800)
committer	Theodore Ts'o <tytso@mit.edu>
	Sat, 25 Feb 2023 20:39:07 +0000 (15:39 -0500)
commit	172e344e6f82dc266cb65a69f4bed03428ea8a05
tree	0efc24cc009218d63a86f42ab1ecb25b6b746d9a	tree \| snapshot
parent	0f7bfd6f8164be32dbbdf36aa1e5d00485c53cd7	commit \| diff

ext4: init error handle resource before init group descriptors

Now, 's_err_report' timer is init after ext4_group_desc_init() when fill
super. Theoretically, ext4_group_desc_init() may access to error handle
as follows:
__ext4_fill_super
  ext4_group_desc_init
    ext4_check_descriptors
      ext4_get_group_desc
        ext4_error
          ext4_handle_error
            ext4_commit_super
              ext4_update_super
                if (!es->s_error_count)
                  mod_timer(&sbi->s_err_report, jiffies + 24*60*60*HZ);
  --> Accessing Uninitialized Variables
timer_setup(&sbi->s_err_report, print_daily_error_info, 0);

Maybe above issue is just theoretical, as ext4_check_descriptors() didn't
judge 'gpd' which get from ext4_get_group_desc(), if access to error handle
ext4_get_group_desc() will return NULL, then will trigger null-ptr-deref in
ext4_check_descriptors().
However, from the perspective of pure code, it is better to initialize
resource that may need to be used first.

Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230119013711.86680-1-yebin@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>