MIME-Version: 1.0
In-Reply-To: <20170607102649.14713-1-mjurczyk@google.com>
References: <20170607102649.14713-1-mjurczyk@google.com>
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Fri, 9 Jun 2017 11:20:48 +0200
Message-ID: <CAJfpegsi76U6ss_W-aUMsp3=mFTnv8fNzg_Ntzb23_6-9SbSXg@mail.gmail.com>
Subject: Re: [PATCH] fuse: Initialize the flock flag in the fuse_file
 structure upon allocation
To: Mateusz Jurczyk <mjurczyk@google.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1327
Lines: 42

On Wed, Jun 7, 2017 at 12:26 PM, Mateusz Jurczyk <mjurczyk@google.com> wrote:
> Add initialization of the flock flag in the fuse_file structure after it
> is allocated.
>
> Before the patch, the flock flag could remain uninitialized for the
> lifespan of the fuse_file allocation: it was not pre-set by kmalloc() or
> later in the fuse_file_alloc() function. Unless set to true in
> fuse_file_flock(), it would remain in an indeterminate state until
> read in an if statement in fuse_release_common(). This could consequently
> lead to taking an unexpected branch in the code.
>
> The bug was discovered by a runtime instrumentation designed to detect use
> of uninitialized memory in the kernel.
>
> Signed-off-by: Mateusz Jurczyk <mjurczyk@google.com>

Thanks for spotting this.   Pushed a modified version (kzalloc instead
of explicit init) to the fuse git tree.

Thanks,
Miklos

> ---
>  fs/fuse/file.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index 3ee4fdc3da9e..c9a86a748ceb 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -66,6 +66,8 @@ struct fuse_file *fuse_file_alloc(struct fuse_conn *fc)
>         ff->kh = ++fc->khctr;
>         spin_unlock(&fc->lock);
>
> +       ff->flock = false;
> +
>         return ff;
>  }
>
> --
> 2.13.1.508.gb3defc5cc-goog
>