From: John Groves <John@Groves.net>
Date: Sun, 12 Apr 2026 15:50:06 +0000 (+0000)
Subject: dax/fsdev: fix uninitialized kaddr in fsdev_dax_zero_page_range()
X-Git-Tag: v7.1-rc1~55^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=45df9111692c62d5f09fc4345ae36dae31024797;p=thirdparty%2Fkernel%2Flinux.git

dax/fsdev: fix uninitialized kaddr in fsdev_dax_zero_page_range()

__fsdev_dax_direct_access() returns -EFAULT without setting *kaddr when
dax_pgoff_to_phys() returns -1 (pgoff out of range). The return value
was ignored, leaving kaddr uninitialized before being passed to
fsdev_write_dax().

Check the return value and propagate the error.

Thanks to Dan Carpenter and the smatch project for reporting this.

Signed-off-by: John Groves <john@groves.net>
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://patch.msgid.link/0100019d8262cda2-9714d31c-8fc1-4ca5-b32d-4df678240d14-000000@email.amazonses.com
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
---

diff --git a/drivers/dax/fsdev.c b/drivers/dax/fsdev.c
index 4499d9621f33..188b2526bee4 100644
--- a/drivers/dax/fsdev.c
+++ b/drivers/dax/fsdev.c
@@ -80,9 +80,12 @@ static int fsdev_dax_zero_page_range(struct dax_device *dax_dev,
 			pgoff_t pgoff, size_t nr_pages)
 {
 	void *kaddr;
+	long rc;
 
 	WARN_ONCE(nr_pages > 1, "%s: nr_pages > 1\n", __func__);
-	__fsdev_dax_direct_access(dax_dev, pgoff, 1, DAX_ACCESS, &kaddr, NULL);
+	rc = __fsdev_dax_direct_access(dax_dev, pgoff, 1, DAX_ACCESS, &kaddr, NULL);
+	if (rc < 0)
+		return rc;
 	fsdev_write_dax(kaddr, ZERO_PAGE(0), 0, PAGE_SIZE);
 	return 0;
 }