From nobody Tue Dec 2 01:33:05 2025 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D398338932 for ; Fri, 21 Nov 2025 07:51:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763711480; cv=none; b=XDlGeVeBcWgNPXmyQEyjyec3CXSnkPWxeDqK5Lf4/a7X6dz3pEMDT61/JZjIkdCY8WVlEbagN4/mWKqRHTMF2DELTFa1vf2NDZH9zp/Yx8Cork3pVgiYHvGPlHXE+y2QRIFkjJBzPEZJczBnxxATpkhA6KULTebb9cG2We1zsFo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763711480; c=relaxed/simple; bh=6qqxc++n3lp/1MZ+C0N/Kqmwt3XjytAp9kJbaEylyJI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc; b=uAo05nvig9TPOTl2OCFaTZj0G9YLiN4s2B9/7Sl0pFtgAPFLs8ZX/7rBun+GSTI4cZSJcHTaHd52MbBZk2y2n7siIU4X9PmhxQV6dQXc1IVltdbGN7oJm4b2mtTScXBlNbzDw9rhsPR1ZIT0nuRrpfz7ZYWnseyePULdjl3CMOA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OUNF9Q6b; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OUNF9Q6b" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-7bab7c997eeso1976848b3a.0 for ; Thu, 20 Nov 2025 23:51:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763711476; x=1764316276; darn=vger.kernel.org; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=EsWBmfvjtR5jVNwVNQDY7scvrS6suu+rDwbNJN5shsk=; b=OUNF9Q6bahU/q7xLMm+3LO3QZr3HZhvAQiI37K5clSPn2DsojBMku0wcFBW8q1ETpT Q0Z5eMxM1cIsVsUcdaNeUEWnSIigEp3PJ1NBuVarnM5HVahqsd+gIoSKMkD16ZPVwm/c /xT/4Uqm4LkgH/E1Hr2+texxpD3Cmr9jwTY68p+vozaYpARVidi5dnOJzkUz3OGGSyoC 3eipP1WHUCoR4a8pwFuCiQLpiDLeTJ8h+oeRDZT2LCCpIsvx2i/l5XtFUSgUF+v/d7zg aYGXZXi1XC/8q59PXqVtF5gC7veSZJwyebNpWZaMxL7uvoyMQn4WB4IYJQ/w5pIM/aQ3 apGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763711476; x=1764316276; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=EsWBmfvjtR5jVNwVNQDY7scvrS6suu+rDwbNJN5shsk=; b=mABdqVJaOhelN8L5pRrsuq7zY5RUMFRgs2utQBh9H4XAkQUWc2Ki0gZ+N4WlFlQYgI 6Q0VGStY0iNlqoEfxTyPgRYYIwVJrTjK+TZMbX+Wr1wB7peuxWFHP10gvvwzRf30h/K8 J0IugQqnV7M2kqBPVbXG4WpALXUbAiMxBR4XJRMBzyU4cArpMfIHkyhTxSQwl5pbxlzg YrD/PIuvYoR74ZbcW/mj1c4aHB0fs1KDkACjTBQHfAl0JKEBWo4XfZ+EFKRsLey7M6l0 gaxXtIagSuW5sv2sAtyZafdlQbGH2KuqAx4r+/SHGl64lUDaNJcDNfsCttSLjOcd6IXB mpPA== X-Forwarded-Encrypted: i=1; AJvYcCWiK1+I+/XL38I9JWfR/PC9vGv1Ex/hpZbJes/MAcJX5qCkf2RC9jZzSJgPdRftqaQRsDQJJUZ7hLkmQHE=@vger.kernel.org X-Gm-Message-State: AOJu0Yxz9vHDdQBXJlPCFypuYyaOhyfUaybxGPb8jjiguFko6loNhU2R 28MQIlqWCmzl9OQbIn4y8WAQxyE3UyTJpZRgp7K5u7apx8tEneKmrwI092l1jg== X-Gm-Gg: ASbGnctluWRasXB4YfVAbnsAeNOpTya4TrdD1SooS8nsrwEwxDINzawBjXYCNOwF4FG ZTKSEje8n8FkVUcq6rteOUXRjGKDplMkLf7gVK9t8Wy801HmV0P1ozzY6QoK1xV05sNPqEjwNhp 1IzA9tGoELk5wf41SyHoqi08XxlMqc9NE5x/wc0Bude7kCy7pT80mTnOS9iuQiKXM3s6icfgwDk BgGcPhV2THaSznYngyPdVR/0YQ5vxUAb6A56T6zvCsArSjxWmg5wv9xO6tNxWbfmxk8HdE0yttp TTLTgUCZcbY/ysSEk6njN7rjqN2pWqgh3J+6Gs6NbTWQSlbGK+MyAW0M4SFSyt3KGKDqTjLI6pH cvShg1W4CmvvENp0BkWoe2ZHW79LGVTH6m0ObxHoKywc5SHBk3JC4eWNY35LBnGQGuDchOh3+zn VHYZxLVAG4+g== X-Google-Smtp-Source: AGHT+IG6DWPFSBEdVwXYgVRG9D8vLgq4phzaxO17rW01pLLh9q6GAIlUtdsLVIU+nFtLiHjmiIL5nA== X-Received: by 2002:a05:6a20:3d86:b0:352:eede:89cd with SMTP id adf61e73a8af0-36150e71f54mr1454265637.17.1763711476494; Thu, 20 Nov 2025 23:51:16 -0800 (PST) Received: from aheev.home ([2401:4900:8fcd:4575:1ad3:3d1a:3314:cdd0]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3ecf7d849sm5075009b3a.14.2025.11.20.23.51.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 23:51:16 -0800 (PST) From: Ally Heev Date: Fri, 21 Nov 2025 13:21:09 +0530 Subject: [PATCH v3] overlayfs: fix uninitialized pointers with free attribute Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251121-aheev-uninitialized-free-attr-overlayfs-v3-1-346f631a9c37@gmail.com> X-B4-Tracking: v=1; b=H4sIAOwZIGkC/5XNsQ6CMBSF4Vchnb2GlraAk+9hHCpc4CZATYuNS Hh3CxMr4znD9y/MoyP07JYszGEgT3aMI7skrOrM2CJQHTcTqVCcpwpMhxjgM9JIE5meflhD4xD BTJMDG9D1Zm486CLPSi2lKDFlUXs7bOi7lx7PuDvyk3XzHg58e883AgcO2qDUQmql6te9HQz11 8oObGsEcXD5CVdEt+DKyCLXeSbTo7uu6x9vr7ziNgEAAA== X-Change-ID: 20251105-aheev-uninitialized-free-attr-overlayfs-6873964429e0 To: Miklos Szeredi , Amir Goldstein , Christian Brauner Cc: linux-unionfs@vger.kernel.org, linux-kernel@vger.kernel.org, Dan Carpenter , Ally Heev X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1859; i=allyheev@gmail.com; h=from:subject:message-id; bh=6qqxc++n3lp/1MZ+C0N/Kqmwt3XjytAp9kJbaEylyJI=; b=owGbwMvMwCU2zXbRFfvr1TKMp9WSGDIVJD/M+nSG/U+47WaxQmWB3Nnvqnm/6KjvdZ0Qbtrld n2JkrdORykLgxgXg6yYIgujqJSf3iapCXGHk77BzGFlAhnCwMUpABNRamL4Z+e38OvepJXliQk7 Qv/Pf8PytOrewq3M28orEwIr7q+rUGb4K1ZvtV5gtbFjjcI17RaW7wtqV7k0mWtde7KlmXPt8Qm NvAA= X-Developer-Key: i=allyheev@gmail.com; a=openpgp; fpr=01151A4E2EB21A905EC362F6963DA2D43FD77B1C Uninitialized pointers with `__free` attribute can cause undefined behavior as the memory assigned randomly to the pointer is freed automatically when the pointer goes out of scope. overlayfs doesn't have any bugs related to this as of now, but it is better to initialize and assign pointers with `__free` attribute in one statement to ensure proper scope-based cleanup Reported-by: Dan Carpenter Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/ Acked-by: Amir Goldstein Signed-off-by: Ally Heev --- Changes in v3: - reverted to v1 - Link to v2: https://lore.kernel.org/r/20251115-aheev-uninitialized-free-a= ttr-overlayfs-v2-1-815a48767340@gmail.com Changes in v2: - moved the variable initialization to the top - Link to v1: https://lore.kernel.org/r/20251105-aheev-uninitialized-free-a= ttr-overlayfs-v1-1-6ae4624655db@gmail.com --- fs/overlayfs/params.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c index 63b7346c5ee1c127a9c33b12c3704aa035ff88cf..59445b53b5b88893ef7923128da= 99cd1934bdc6c 100644 --- a/fs/overlayfs/params.c +++ b/fs/overlayfs/params.c @@ -448,10 +448,10 @@ static int ovl_parse_layer(struct fs_context *fc, str= uct fs_parameter *param, err =3D ovl_do_parse_layer(fc, param->string, &layer_path, layer); break; case fs_value_is_file: { - char *buf __free(kfree); char *layer_name; =20 - buf =3D kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT); + char *buf __free(kfree) =3D kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT); + if (!buf) return -ENOMEM; =20 --- base-commit: c9cfc122f03711a5124b4aafab3211cf4d35a2ac change-id: 20251105-aheev-uninitialized-free-attr-overlayfs-6873964429e0 Best regards, --=20 Ally Heev