Commit 83ee50f5 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] use-before-uninitialized value in ext3(2)_find_ goal

From: Mingming Cao <cmm@us.ibm.com>

There is a uninitialized goal value being referenced in both ext3 and ext2
find goal block functions (ext3_find_goal() and ext2_find_goal()).

In the non-sequential write case, these functions check the goal value(non
zero) before calling ext3(2)_find_near() to find the goal block to
allocate.

Since the goal value is uninitialized(non zero), the ext3(2)_find_near() is
never being called in the non-sequential write, thus ext3(2)_find_goal()
failed to guide a goal block in the random write case.

ext3(2)_new_block() takes the junk goal value and will turn it to goal 0
since it's normally beyond the filesystem block number limit.  The fix is
trivial.
parent 2cb2f31f
...@@ -584,6 +584,7 @@ static int ext2_get_block(struct inode *inode, sector_t iblock, struct buffer_he ...@@ -584,6 +584,7 @@ static int ext2_get_block(struct inode *inode, sector_t iblock, struct buffer_he
if (err == -EAGAIN) if (err == -EAGAIN)
goto changed; goto changed;
goal = 0;
if (ext2_find_goal(inode, iblock, chain, partial, &goal) < 0) if (ext2_find_goal(inode, iblock, chain, partial, &goal) < 0)
goto changed; goto changed;
......
...@@ -811,6 +811,7 @@ ext3_get_block_handle(handle_t *handle, struct inode *inode, sector_t iblock, ...@@ -811,6 +811,7 @@ ext3_get_block_handle(handle_t *handle, struct inode *inode, sector_t iblock,
if (err == -EAGAIN) if (err == -EAGAIN)
goto changed; goto changed;
goal = 0;
down(&ei->truncate_sem); down(&ei->truncate_sem);
if (ext3_find_goal(inode, iblock, chain, partial, &goal) < 0) { if (ext3_find_goal(inode, iblock, chain, partial, &goal) < 0) {
up(&ei->truncate_sem); up(&ei->truncate_sem);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment