On Wed, Jun 7, 2017 at 12:26 PM, Mateusz Jurczyk <mjurczyk@xxxxxxxxxx> wrote: > Add initialization of the flock flag in the fuse_file structure after it > is allocated. > > Before the patch, the flock flag could remain uninitialized for the > lifespan of the fuse_file allocation: it was not pre-set by kmalloc() or > later in the fuse_file_alloc() function. Unless set to true in > fuse_file_flock(), it would remain in an indeterminate state until > read in an if statement in fuse_release_common(). This could consequently > lead to taking an unexpected branch in the code. > > The bug was discovered by a runtime instrumentation designed to detect use > of uninitialized memory in the kernel. > > Signed-off-by: Mateusz Jurczyk <mjurczyk@xxxxxxxxxx> Thanks for spotting this. Pushed a modified version (kzalloc instead of explicit init) to the fuse git tree. Thanks, Miklos > --- > fs/fuse/file.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/fuse/file.c b/fs/fuse/file.c > index 3ee4fdc3da9e..c9a86a748ceb 100644 > --- a/fs/fuse/file.c > +++ b/fs/fuse/file.c > @@ -66,6 +66,8 @@ struct fuse_file *fuse_file_alloc(struct fuse_conn *fc) > ff->kh = ++fc->khctr; > spin_unlock(&fc->lock); > > + ff->flock = false; > + > return ff; > } > > -- > 2.13.1.508.gb3defc5cc-goog >
