From: Nikolay Borisov <kernel@kyup.com>
Date: Thu, 3 Mar 2016 09:54:57 +0000 (+0100)
Subject: quota: Fix possible GPF due to uninitialised pointers
X-Git-Tag: v4.1.22~93
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab1cc52b3f62f2445c60cbe390d26c50ebc0f3bd;p=thirdparty%2Fkernel%2Fstable.git

quota: Fix possible GPF due to uninitialised pointers

[ Upstream commit ab73ef46398e2c0159f3a71de834586422d2a44a ]

When dqget() in __dquot_initialize() fails e.g. due to IO error,
__dquot_initialize() will pass an array of uninitialized pointers to
dqput_all() and thus can lead to deference of random data. Fix the
problem by properly initializing the array.

CC: stable@vger.kernel.org
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---

diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 20d1f74561cf1..19c777ad00849 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -1393,7 +1393,7 @@ static int dquot_active(const struct inode *inode)
 static void __dquot_initialize(struct inode *inode, int type)
 {
 	int cnt, init_needed = 0;
-	struct dquot **dquots, *got[MAXQUOTAS];
+	struct dquot **dquots, *got[MAXQUOTAS] = {};
 	struct super_block *sb = inode->i_sb;
 	qsize_t rsv;
 
@@ -1408,7 +1408,6 @@ static void __dquot_initialize(struct inode *inode, int type)
 		kprojid_t projid;
 		int rc;
 
-		got[cnt] = NULL;
 		if (type != -1 && cnt != type)
 			continue;
 		/*