Return the error code if idr_alloc_cyclic() fails.  Currently it
potentially could return either -ENOMEM or an uninitialized variable.

Fixes: 72c52e46a517 ("afs: Change dynroot to create contents on demand")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 fs/afs/cell.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/afs/cell.c b/fs/afs/cell.c
index 9f6b7718836c..dc56b0203b53 100644
--- a/fs/afs/cell.c
+++ b/fs/afs/cell.c
@@ -200,8 +200,10 @@ static struct afs_cell *afs_alloc_cell(struct afs_net *net,
 	atomic_inc(&net->cells_outstanding);
 	cell->dynroot_ino = idr_alloc_cyclic(&net->cells_dyn_ino, cell,
 					     2, INT_MAX / 2, GFP_KERNEL);
-	if ((int)cell->dynroot_ino < 0)
+	if ((int)cell->dynroot_ino < 0) {
+		ret = cell->dynroot_ino;
 		goto error;
+	}
 	cell->debug_id = atomic_inc_return(&cell_debug_id);
 
 	trace_afs_cell(cell->debug_id, 1, 0, afs_cell_trace_alloc);
-- 
2.47.2

Dan Carpenter <dan.carpenter@linaro.org> wrote:

> Return the error code if idr_alloc_cyclic() fails.  Currently it
> potentially could return either -ENOMEM or an uninitialized variable.

Thanks, but Christian has already pulled an updated version into his tree.  It
may not have made it into linux-next yet:

--- a/fs/afs/cell.c
+++ b/fs/afs/cell.c
@@ -203,7 +203,13 @@ static struct afs_cell *afs_alloc_cell(struct afs_net *net,
 	cell->dns_status = vllist->status;
 	smp_store_release(&cell->dns_lookup_count, 1); /* vs source/status */
 	atomic_inc(&net->cells_outstanding);
+	ret = idr_alloc_cyclic(&net->cells_dyn_ino, cell,
+			       2, INT_MAX / 2, GFP_KERNEL);
+	if (ret < 0)
+		goto error;
+	cell->dynroot_ino = ret;
 	cell->debug_id = atomic_inc_return(&cell_debug_id);
+
 	trace_afs_cell(cell->debug_id, 1, 0, afs_cell_trace_alloc);
 
 	_leave(" = %p", cell);

David