udf: Avoid accessing uninitialized data on failed inode read

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When we fail to read inode, some data accessed in udf_evict_inode() may
be uninitialized. Move the accesses to !is_bad_inode() branch.

Reported-by: syzbot+91f02b28f9bb5f5f1341@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>

Jan Kara 5 years ago 044e2e26 3d3dc274

+14 -11

1 changed file

expand all

udf

inode.c

+14 -11

fs/udf/inode.c

··· 139 139 struct udf_inode_info *iinfo = UDF_I(inode); 140 140 int want_delete = 0; 141 141 142 - if (!inode->i_nlink && !is_bad_inode(inode)) { 143 - want_delete = 1; 144 - udf_setsize(inode, 0); 145 - udf_update_inode(inode, IS_SYNC(inode)); 142 + if (!is_bad_inode(inode)) { 143 + if (!inode->i_nlink) { 144 + want_delete = 1; 145 + udf_setsize(inode, 0); 146 + udf_update_inode(inode, IS_SYNC(inode)); 147 + } 148 + if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB && 149 + inode->i_size != iinfo->i_lenExtents) { 150 + udf_warn(inode->i_sb, 151 + "Inode %lu (mode %o) has inode size %llu different from extent length %llu. Filesystem need not be standards compliant.\n", 152 + inode->i_ino, inode->i_mode, 153 + (unsigned long long)inode->i_size, 154 + (unsigned long long)iinfo->i_lenExtents); 155 + } 146 156 } 147 157 truncate_inode_pages_final(&inode->i_data); 148 158 invalidate_inode_buffers(inode); 149 159 clear_inode(inode); 150 - if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB && 151 - inode->i_size != iinfo->i_lenExtents) { 152 - udf_warn(inode->i_sb, "Inode %lu (mode %o) has inode size %llu different from extent length %llu. Filesystem need not be standards compliant.\n", 153 - inode->i_ino, inode->i_mode, 154 - (unsigned long long)inode->i_size, 155 - (unsigned long long)iinfo->i_lenExtents); 156 - } 157 160 kfree(iinfo->i_ext.i_data); 158 161 iinfo->i_ext.i_data = NULL; 159 162 udf_clear_extent_cache(inode);