One may write some shit to unpriv_sgio file (introduced by import RHEL7 kernel-3.10.0-229.7.2.el7), which will result in corectness check by function queue_var_store returning -EINVAL. Since return value of this function is not checked in queue_store_unpriv_sgio, function may result in random QUEUE_FLAG_UNPRIV_SGIO flag value. Since it's all done under CAP_SYS_ADMIN, it's not too critical.
Found by warning: block/blk-sysfs.c: In function ‘queue_store_unpriv_sgio’: block/blk-sysfs.c:211:5: warning: ‘val’ may be used uninitialized in this function [-Wmaybe-uninitialized] if (val) Signed-off-by: Dmitry Safonov <[email protected]> --- block/blk-sysfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index 21bc0c7..c08d91c 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -207,6 +207,9 @@ queue_store_unpriv_sgio(struct request_queue *q, const char *page, size_t count) return -EPERM; ret = queue_var_store(&val, page, count); + if (ret < 0) + return ret; + spin_lock_irq(q->queue_lock); if (val) queue_flag_set(QUEUE_FLAG_UNPRIV_SGIO, q); -- 2.7.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
