Patchwork [V2] UBI: block: fix dereference on uninitialized dev

login
register
mail settings
Submitter Colin King
Date Aug. 20, 2014, 9:19 a.m.
Message ID <1408526378-12972-1-git-send-email-colin.king@canonical.com>
Download mbox | patch
Permalink /patch/381593/
State New
Headers show

Comments

Colin King - Aug. 20, 2014, 9:19 a.m.
From: Colin Ian King <colin.king@canonical.com>

commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
introduced a dereference on dev (which is not initialized at that
point) when printing a warning message.  Re-order disk_capacity check
after the dev is found.

Found by cppcheck:
 [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 drivers/mtd/ubi/block.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
Ezequiel Garcia - Aug. 21, 2014, 7:12 p.m.
On 20 Aug 10:19 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> introduced a dereference on dev (which is not initialized at that
> point) when printing a warning message.  Re-order disk_capacity check
> after the dev is found.
> 
> Found by cppcheck:
>  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>

Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

Thanks a lot,
Artem Bityutskiy - Sept. 8, 2014, 10:26 a.m.
On Thu, 2014-08-21 at 16:12 -0300, Ezequiel Garcia wrote:
> On 20 Aug 10:19 AM, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> > 
> > commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> > introduced a dereference on dev (which is not initialized at that
> > point) when printing a warning message.  Re-order disk_capacity check
> > after the dev is found.
> > 
> > Found by cppcheck:
> >  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev
> > 
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> 
> Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

Do we want to have this patch in @stable?
Artem Bityutskiy - Sept. 8, 2014, 12:56 p.m.
On Wed, 2014-08-20 at 10:19 +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> commit 4df38926f337 ("UBI: block: Avoid disk size integer overflow")
> introduced a dereference on dev (which is not initialized at that
> point) when printing a warning message.  Re-order disk_capacity check
> after the dev is found.
> 
> Found by cppcheck:
>  [drivers/mtd/ubi/block.c:509]: (error) Uninitialized variable: dev

Picked this one, thanks!

Patch

diff --git a/drivers/mtd/ubi/block.c b/drivers/mtd/ubi/block.c
index 33c6495..7a9805a 100644
--- a/drivers/mtd/ubi/block.c
+++ b/drivers/mtd/ubi/block.c
@@ -504,11 +504,6 @@  static int ubiblock_resize(struct ubi_volume_info *vi)
 	struct ubiblock *dev;
 	u64 disk_capacity = ((u64)vi->size * vi->usable_leb_size) >> 9;
 
-	if ((sector_t)disk_capacity != disk_capacity) {
-		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
-			 dev->gd->disk_name, vi->size);
-		return -EFBIG;
-	}
 	/*
 	 * Need to lock the device list until we stop using the device,
 	 * otherwise the device struct might get released in
@@ -520,6 +515,12 @@  static int ubiblock_resize(struct ubi_volume_info *vi)
 		mutex_unlock(&devices_mutex);
 		return -ENODEV;
 	}
+	if ((sector_t)disk_capacity != disk_capacity) {
+		mutex_unlock(&devices_mutex);
+		ubi_warn("%s: the volume is too big, cannot resize (%d LEBs)",
+			dev->gd->disk_name, vi->size);
+		return -EFBIG;
+	}
 
 	mutex_lock(&dev->dev_mutex);
 	set_capacity(dev->gd, disk_capacity);