[PATCH v6 08/24] netfs: Fix potential uninitialised var in netfs_extract_user_iter()

Tue May 12 06:22:58 PDT 2026

Hi, David.

Sorry for the confusion. I was looking at the current mainline code,
but after checking
the version with commit 8ef352bc015d, I agree that `ret` needs to be
initialized to 0.

Looks good to me.

Thanks.
DaeMyung

2026년 5월 12일 (화) 오후 10:07, CharSyam <charsyam at gmail.com>님이 작성:
>
> Hi, David.
>
> It looks like ret does not need to be initialized to 0, because it is
> only used after being assigned the
> return value of iov_iter_extract_pages(). In the zero-length case, the
> loop is skipped and ret is not used at all.
> What do you think?
>
> Thanks
> DaeMyung
>
> 2026년 5월 12일 (화) 오후 9:43, David Howells <dhowells at redhat.com>님이 작성:
> >
> > In netfs_extract_user_iter(), if it's given a zero-length iterator, it will
> > fall through the loop without setting ret, and so the error handling
> > behaviour will be undefined, depending on whether ret happens to be
> > negative.  The value of ret then propagates back up the callstack.
> >
> > Fix this by presetting ret to 0.
> >
> > Fixes: 85dd2c8ff368 ("netfs: Add a function to extract a UBUF or IOVEC into a BVEC iterator")
> > Closes: https://sashiko.dev/#/patchset/20260414082004.3756080-1-dhowells%40redhat.com
> > Signed-off-by: David Howells <dhowells at redhat.com>
> > cc: Paulo Alcantara <pc at manguebit.org>
> > cc: Matthew Wilcox <willy at infradead.org>
> > cc: netfs at lists.linux.dev
> > cc: linux-fsdevel at vger.kernel.org
> > ---
> >  fs/netfs/iterator.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/netfs/iterator.c b/fs/netfs/iterator.c
> > index 154a14bb2d7f..6903028b7162 100644
> > --- a/fs/netfs/iterator.c
> > +++ b/fs/netfs/iterator.c
> > @@ -43,7 +43,7 @@ ssize_t netfs_extract_user_iter(struct iov_iter *orig, size_t orig_len,
> >         unsigned int max_pages;
> >         unsigned int npages = 0;
> >         unsigned int i;
> > -       ssize_t ret;
> > +       ssize_t ret = 0;
> >         size_t count = orig_len, offset, len;
> >         size_t bv_size, pg_size;
> >
> >
> >