On Mon, Aug 29, 2022 at 10:25:21PM +0300, Rustam Subkhankulov wrote: > If function security_inode_alloc() returns a nonzero value due to an > error (e.g. fail to allocate memory), then some of the fields, including > 'i_private', will not be initialized. > > After that, if the fs-specfic free_inode function is called in > i_callback(), the nonzero value of 'i_private' field can be interpreted > as initialized. As a result, this can cause dereferencing of random > value pointer (e.g. nilfs2). > > In earlier versions, a similar situation could occur with the 'u' union > in 'inode' structure. See vfs.git#work.inode (included into #for-next); I agree that your commit message looks better, but...
