[V2] UBI: block: fix dereference on uninitialized dev

Message ID	1408526378-12972-1-git-send-email-colin.king@canonical.com
State	Accepted
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Colin King <colin.king@canonical.com> To: Artem Bityutskiy <dedekind1@gmail.com>, David Woodhouse <dwmw2@infradead.org>, Brian Norris <computersforpeace@gmail.com>, linux-mtd@lists.infradead.org Subject: [PATCH][V2] UBI: block: fix dereference on uninitialized dev Date: Wed, 20 Aug 2014 10:19:38 +0100 Message-Id: <1408526378-12972-1-git-send-email-colin.king@canonical.com> summary: Content analysis details: (-3.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [91.189.89.112 listed in list.dnswl.org] -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain Cc: linux-kernel@vger.kernel.org, ezequiel.garcia@free-electrons.com Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

1408526378-12972-1-git-send-email-colin.king@canonical.com

State

Accepted

Headers

From: Colin King <colin.king@canonical.com>
To: Artem Bityutskiy <dedekind1@gmail.com>,
	David Woodhouse <dwmw2@infradead.org>,
	Brian Norris <computersforpeace@gmail.com>, linux-mtd@lists.infradead.org
Subject: [PATCH][V2] UBI: block: fix dereference on uninitialized dev
Date: Wed, 20 Aug 2014 10:19:38 +0100
Message-Id: <1408526378-12972-1-git-send-email-colin.king@canonical.com>
Cc: linux-kernel@vger.kernel.org, ezequiel.garcia@free-electrons.com
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

Colin Ian King Aug. 20, 2014, 9:19 a.m. UTC

From: Colin Ian King <colin.king@canonical.com>

commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
introduced a dereference on dev (which is not initialized at that
point) when printing a warning message.  Re-order disk_capacity check
after the dev is found.

Found by cppcheck:
 [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/mtd/ubi/block.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

Comments

Ezequiel Garcia Aug. 21, 2014, 7:12 p.m. UTC | #1

On 20 Aug 10:19 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> introduced a dereference on dev (which is not initialized at that
> point) when printing a warning message.  Re-order disk_capacity check
> after the dev is found.
> 
> Found by cppcheck:
>  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

Thanks a lot,

Artem Bityutskiy Sept. 8, 2014, 10:26 a.m. UTC | #2

On Thu, 2014-08-21 at 16:12 -0300, Ezequiel Garcia wrote:
> On 20 Aug 10:19 AM, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> > 
> > commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> > introduced a dereference on dev (which is not initialized at that
> > point) when printing a warning message.  Re-order disk_capacity check
> > after the dev is found.
> > 
> > Found by cppcheck:
> >  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev
> > 
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> 
> Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

Do we want to have this patch in @stable?

Artem Bityutskiy Sept. 8, 2014, 12:56 p.m. UTC | #3

On Wed, 2014-08-20 at 10:19 +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> introduced a dereference on dev (which is not initialized at that
> point) when printing a warning message.  Re-order disk_capacity check
> after the dev is found.
> 
> Found by cppcheck:
>  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Picked this one, thanks!

diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 33c6495..7a9805a 100644
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -504,11 +504,6 @@  static int ubiblock_resize(struct ubi_volume_info *vi)
 	struct ubiblock *dev;
 	u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
 
-	if ((sector_t)disk_capacity != disk_capacity) {
-		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
-			 dev->gd->disk_name, vi->size);
-		return -EFBIG;
-	}
 	/*
 	 * Need to lock the device list until we stop using the device,
 	 * otherwise the device struct might get released in
@@ -520,6 +515,12 @@  static int ubiblock_resize(struct ubi_volume_info *vi)
 		mutex_unlock(&devices_mutex);
 		return -ENODEV;
 	}
+	if ((sector_t)disk_capacity != disk_capacity) {
+		mutex_unlock(&devices_mutex);
+		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
+			dev->gd->disk_name, vi->size);
+		return -EFBIG;
+	}
 
 	mutex_lock(&dev->dev_mutex);
 	set_capacity(dev->gd, disk_capacity);

[V2] UBI: block: fix dereference on uninitialized dev

Commit Message

Comments

Patch