Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935041AbcJUUsv (ORCPT <rfc822;w@1wt.eu>);
        Fri, 21 Oct 2016 16:48:51 -0400
Received: from mx0b-00003501.pphosted.com ([67.231.152.68]:48403 "EHLO
        mx0a-000cda01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S934564AbcJUUsf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Oct 2016 16:48:35 -0400
Authentication-Results: seagate.com;
        dkim=pass header.s="google" header.d=seagate.com
MIME-Version: 1.0
In-Reply-To: <20161021153246.3456962-1-arnd@arndb.de>
References: <20161021153246.3456962-1-arnd@arndb.de>
From: Shaun Tancheff <shaun.tancheff@seagate.com>
Date: Fri, 21 Oct 2016 15:48:12 -0500
Message-ID: <CAJVOszB6TFE=kYS0KMO7baKmS6rt0Fk8MTWK+n26Xvtr=GSeFg@mail.gmail.com>
Subject: Re: [PATCH] sd: fix uninitialized variable access in error handling
To: Arnd Bergmann <arnd@arndb.de>
Cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Hannes Reinecke <hare@suse.de>, Jens Axboe <axboe@fb.com>,
        Damien Le Moal <damien.lemoal@hgst.com>, linux-scsi@vger.kernel.org,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
X-Proofpoint-PolicyRoute: Outbound
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-10-21_12:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0
 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015
 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0
 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1610210369
X-Proofpoint-Spam-Policy: Default Domain Policy
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id u9LKmwov005479
Content-Length: 1354
Lines: 39

On Fri, Oct 21, 2016 at 10:32 AM, Arnd Bergmann <arnd@arndb.de> wrote:
> If sd_zbc_report_zones fails, the check for 'zone_blocks == 0'
> later in the function accesses uninitialized data:
>
> drivers/scsi/sd_zbc.c: In function ‘sd_zbc_read_zones’:
> drivers/scsi/sd_zbc.c:520:7: error: ‘zone_blocks’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
>
> This sets it to zero, which has the desired effect of leaving
> the sd_zbc_read_zones successfully with sdkp->zone_blocks = 0.
>
> Fixes: 89d947561077 ("sd: Implement support for ZBC devices")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
>  drivers/scsi/sd_zbc.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c
> index 16d3fa62d8ac..d5b3bd915d9e 100644
> --- a/drivers/scsi/sd_zbc.c
> +++ b/drivers/scsi/sd_zbc.c
> @@ -455,8 +455,10 @@ static int sd_zbc_check_zone_size(struct scsi_disk *sdkp)
>
>         /* Do a report zone to get the same field */
>         ret = sd_zbc_report_zones(sdkp, buf, SD_ZBC_BUF_SIZE, 0);
> -       if (ret)
> +       if (ret) {
> +               zone_blocks = 0;
>                 goto out;
> +       }
>
>         same = buf[4] & 0x0f;
>         if (same > 0) {
> --
> 2.9.0
>

Reviewed-by: Shaun Tancheff <shaun.tancheff@seagate.com>
-- 
Shaun Tancheff