In afs_update_cell(), ret is the result of the DNS lookup and the errors
are to be handled by a switch - however, the value gets clobbered in
between by setting it to -ENOMEM in case afs_alloc_vlserver_list() fails.
Fix this by moving the setting of -ENOMEM into the error handling for OOM
failure. Further, only do it if we don't have an alternative error to
return.
Found by Linux Verification Center (linuxtesting.org) with SVACE. Based on
a patch from Anastasia Belova[1].
Fixes: d5c32c89b208 ("afs: Fix cell DNS lookup")
Signed-off-by: David Howells <[email protected]>
cc: Anastasia Belova <[email protected]>
cc: Marc Dionne <[email protected]>
cc: [email protected]
cc: [email protected]
Link: https://lore.kernel.org/r/[email protected]/ [1]
---
fs/afs/cell.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/afs/cell.c b/fs/afs/cell.c
index 988c2ac7cece..926cb1188eba 100644
--- a/fs/afs/cell.c
+++ b/fs/afs/cell.c
@@ -409,10 +409,12 @@ static int afs_update_cell(struct afs_cell *cell)
if (ret == -ENOMEM)
goto out_wake;
- ret = -ENOMEM;
vllist = afs_alloc_vlserver_list(0);
- if (!vllist)
+ if (!vllist) {
+ if (ret >= 0)
+ ret = -ENOMEM;
goto out_wake;
+ }
switch (ret) {
case -ENODATA:
On 12/21/2023 9:23 AM, David Howells wrote:
> In afs_update_cell(), ret is the result of the DNS lookup and the errors
> are to be handled by a switch - however, the value gets clobbered in
> between by setting it to -ENOMEM in case afs_alloc_vlserver_list() fails.
>
> Fix this by moving the setting of -ENOMEM into the error handling for OOM
> failure. Further, only do it if we don't have an alternative error to
> return.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE. Based on
> a patch from Anastasia Belova[1].
>
> Fixes: d5c32c89b208 ("afs: Fix cell DNS lookup")
> Signed-off-by: David Howells<[email protected]>
> cc: Anastasia Belova<[email protected]>
> cc: Marc Dionne<[email protected]>
> cc:[email protected]
> cc:[email protected]
> Link:https://lore.kernel.org/r/[email protected]/ [1]
>
> ---
> fs/afs/cell.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/afs/cell.c b/fs/afs/cell.c
> index 988c2ac7cece..926cb1188eba 100644
> --- a/fs/afs/cell.c
> +++ b/fs/afs/cell.c
> @@ -409,10 +409,12 @@ static int afs_update_cell(struct afs_cell *cell)
> if (ret == -ENOMEM)
> goto out_wake;
>
> - ret = -ENOMEM;
> vllist = afs_alloc_vlserver_list(0);
> - if (!vllist)
> + if (!vllist) {
> + if (ret >= 0)
> + ret = -ENOMEM;
> goto out_wake;
> + }
>
> switch (ret) {
> case -ENODATA:
>
Reviewed-by: Jeffrey Altman <[email protected]>
On 12/21/2023 9:23 AM, David Howells wrote:
> In afs_update_cell(), ret is the result of the DNS lookup and the errors
> are to be handled by a switch - however, the value gets clobbered in
> between by setting it to -ENOMEM in case afs_alloc_vlserver_list() fails.
>
> Fix this by moving the setting of -ENOMEM into the error handling for OOM
> failure. Further, only do it if we don't have an alternative error to
> return.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE. Based on
> a patch from Anastasia Belova[1].
>
> Fixes: d5c32c89b208 ("afs: Fix cell DNS lookup")
> Signed-off-by: David Howells<[email protected]>
> cc: Anastasia Belova<[email protected]>
> cc: Marc Dionne<[email protected]>
> cc:[email protected]
> cc:[email protected]
> Link:https://lore.kernel.org/r/[email protected]/ [1]
>
> ---
> fs/afs/cell.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/afs/cell.c b/fs/afs/cell.c
> index 988c2ac7cece..926cb1188eba 100644
> --- a/fs/afs/cell.c
> +++ b/fs/afs/cell.c
> @@ -409,10 +409,12 @@ static int afs_update_cell(struct afs_cell *cell)
> if (ret == -ENOMEM)
> goto out_wake;
>
> - ret = -ENOMEM;
> vllist = afs_alloc_vlserver_list(0);
> - if (!vllist)
> + if (!vllist) {
> + if (ret >= 0)
> + ret = -ENOMEM;
> goto out_wake;
> + }
>
> switch (ret) {
> case -ENODATA:
>
Reviewed-by: Jeffrey Altman <[email protected]>