[PATCH 1/2] fs: ubifs: zero initialize allocated inode

[PATCH 1/2] fs: ubifs: zero initialize allocated inode

[Sascha Hauer]

UBIFS uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
returned from kmem_cache_alloc() is not zeroed. ubifs_alloc_inode()
zeroes all fields in the ubifs_inode except the embedded struct inode.
In Linux this is done in the kmem_cache constructor function which calls
inode_init_once(). In barebox we have the constructor function as well,
but we don't have an equivalent of inode_init_once(), so the constructor
is empty.  zero the inode in the constructor instead so that barebox
gets a zeroed inode.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 fs/ubifs/super.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 45037b42ea..8eb8e574a8 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1128,6 +1128,9 @@ static void kill_ubifs_super(struct super_block *s)
  */
 static void inode_slab_ctor(void *obj)
 {
+	struct ubifs_inode *ui = obj;
+
+	memset(&ui->vfs_inode, 0, sizeof(ui->vfs_inode));
 }
 
 static int __init ubifs_init(void)
-- 
2.47.3

[PATCH 2/2] fs: jffs2: zero initialize allocated inode

[Sascha Hauer]

JFFS2 uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
returned from kmem_cache_alloc() is not zeroed. jffs2_alloc_inode()
zeroes all fields in the ubifs_inode except the embedded struct inode.
In Linux this is done in the kmem_cache constructor function which calls
inode_init_once(). In barebox we have the constructor function as well,
but we don't have an equivalent of inode_init_once(), so the constructor
is empty.  zero the inode in the constructor instead so that barebox
gets a zeroed inode.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 fs/jffs2/super.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c
index b9a5b99744..6546943173 100644
--- a/fs/jffs2/super.c
+++ b/fs/jffs2/super.c
@@ -55,8 +55,11 @@ static void jffs2_destroy_inode(struct inode *inode)
 	kmem_cache_free(jffs2_inode_cachep, f);
 }
 
-static void jffs2_i_init_once(void *foo)
+static void jffs2_i_init_once(void *obj)
 {
+	struct jffs2_inode_info *f = obj;
+
+	memset(&f->vfs_inode, 0, sizeof(f->vfs_inode));
 }
 
 static const struct super_operations jffs2_super_operations =
-- 
2.47.3

Re: [PATCH 2/2] fs: jffs2: zero initialize allocated inode

[Ahmad Fatoum]

On 5/19/26 3:28 PM, Sascha Hauer wrote:
> JFFS2 uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
> returned from kmem_cache_alloc() is not zeroed. jffs2_alloc_inode()
> zeroes all fields in the ubifs_inode except the embedded struct inode.
> In Linux this is done in the kmem_cache constructor function which calls
> inode_init_once(). In barebox we have the constructor function as well,
> but we don't have an equivalent of inode_init_once(), so the constructor
> is empty.  zero the inode in the constructor instead so that barebox
> gets a zeroed inode.
> 
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

> ---
>  fs/jffs2/super.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c
> index b9a5b99744..6546943173 100644
> --- a/fs/jffs2/super.c
> +++ b/fs/jffs2/super.c
> @@ -55,8 +55,11 @@ static void jffs2_destroy_inode(struct inode *inode)
>  	kmem_cache_free(jffs2_inode_cachep, f);
>  }
>  
> -static void jffs2_i_init_once(void *foo)
> +static void jffs2_i_init_once(void *obj)
>  {
> +	struct jffs2_inode_info *f = obj;
> +
> +	memset(&f->vfs_inode, 0, sizeof(f->vfs_inode));
>  }
>  
>  static const struct super_operations jffs2_super_operations =

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |

Re: [PATCH 2/2] fs: jffs2: zero initialize allocated inode

[Sascha Hauer]

On Tue, 19 May 2026 15:28:46 +0200, Sascha Hauer wrote:
> JFFS2 uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
> returned from kmem_cache_alloc() is not zeroed. jffs2_alloc_inode()
> zeroes all fields in the ubifs_inode except the embedded struct inode.
> In Linux this is done in the kmem_cache constructor function which calls
> inode_init_once(). In barebox we have the constructor function as well,
> but we don't have an equivalent of inode_init_once(), so the constructor
> is empty.  zero the inode in the constructor instead so that barebox
> gets a zeroed inode.
> 
> [...]

Applied, thanks!

[2/2] fs: jffs2: zero initialize allocated inode
      https://git.pengutronix.de/cgit/barebox/commit/?id=e6610f524cec (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>

[PATCH 1/2] fs: ubifs: zero initialize allocated inode

[Sascha Hauer]

UBIFS uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
returned from kmem_cache_alloc() is not zeroed. ubifs_alloc_inode()
zeroes all fields in the ubifs_inode except the embedded struct inode.
In Linux this is done in the kmem_cache constructor function which calls
inode_init_once(). In barebox we have the constructor function as well,
but we don't have an equivalent of inode_init_once(), so the constructor
is empty.  zero the inode in the constructor instead so that barebox
gets a zeroed inode.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 fs/ubifs/super.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 45037b42ea..4022270d4c 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1128,6 +1128,7 @@ static void kill_ubifs_super(struct super_block *s)
  */
 static void inode_slab_ctor(void *obj)
 {
+	memset(obj, 0, sizeof(struct inode));
 }
 
 static int __init ubifs_init(void)
-- 
2.47.3

Re: [PATCH 1/2] fs: ubifs: zero initialize allocated inode

[Ahmad Fatoum]

Hi,

On 5/19/26 2:44 PM, Sascha Hauer wrote:
> UBIFS uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
> returned from kmem_cache_alloc() is not zeroed. ubifs_alloc_inode()
> zeroes all fields in the ubifs_inode except the embedded struct inode.
> In Linux this is done in the kmem_cache constructor function which calls
> inode_init_once(). In barebox we have the constructor function as well,
> but we don't have an equivalent of inode_init_once(), so the constructor
> is empty.  zero the inode in the constructor instead so that barebox
> gets a zeroed inode.
> 
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
>  fs/ubifs/super.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
> index 45037b42ea..4022270d4c 100644
> --- a/fs/ubifs/super.c
> +++ b/fs/ubifs/super.c
> @@ -1128,6 +1128,7 @@ static void kill_ubifs_super(struct super_block *s)
>   */
>  static void inode_slab_ctor(void *obj)
>  {
> +	memset(obj, 0, sizeof(struct inode));

This works because inode is the first member of struct ubifs_inode, but
I would prefer to avoid depending on that as it might change with a
future update.

Can't we just zero all of struct ubifs_inode here to be on the safe side?

Cheers,
Ahmad

>  }
>  
>  static int __init ubifs_init(void)

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |

Re: [PATCH 1/2] fs: ubifs: zero initialize allocated inode

[Sascha Hauer]

On 2026-05-19 15:03, Ahmad Fatoum wrote:
> Hi,
> 
> On 5/19/26 2:44 PM, Sascha Hauer wrote:
> > UBIFS uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
> > returned from kmem_cache_alloc() is not zeroed. ubifs_alloc_inode()
> > zeroes all fields in the ubifs_inode except the embedded struct inode.
> > In Linux this is done in the kmem_cache constructor function which calls
> > inode_init_once(). In barebox we have the constructor function as well,
> > but we don't have an equivalent of inode_init_once(), so the constructor
> > is empty.  zero the inode in the constructor instead so that barebox
> > gets a zeroed inode.
> > 
> > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> > ---
> >  fs/ubifs/super.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
> > index 45037b42ea..4022270d4c 100644
> > --- a/fs/ubifs/super.c
> > +++ b/fs/ubifs/super.c
> > @@ -1128,6 +1128,7 @@ static void kill_ubifs_super(struct super_block *s)
> >   */
> >  static void inode_slab_ctor(void *obj)
> >  {
> > +	memset(obj, 0, sizeof(struct inode));
> 
> This works because inode is the first member of struct ubifs_inode, but
> I would prefer to avoid depending on that as it might change with a
> future update.
> 
> Can't we just zero all of struct ubifs_inode here to be on the safe side?

That was my first approach as well, but I was afraid this could be lost
on an UBIFS update.

I could treat obj as a struct ubifs_inode and zero the inode member
instead.

That would have prevented the bug I introduced with the JFFS2 patch as
well.

Sascha

--
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Re: [PATCH 1/2] fs: ubifs: zero initialize allocated inode

[Ahmad Fatoum]

Hi,

On 5/19/26 3:14 PM, Sascha Hauer wrote:
> On 2026-05-19 15:03, Ahmad Fatoum wrote:
>> Hi,
>>
>> On 5/19/26 2:44 PM, Sascha Hauer wrote:
>>> UBIFS uses kmem_cache_alloc() to allocate an ubifs_inode. The memory
>>> returned from kmem_cache_alloc() is not zeroed. ubifs_alloc_inode()
>>> zeroes all fields in the ubifs_inode except the embedded struct inode.
>>> In Linux this is done in the kmem_cache constructor function which calls
>>> inode_init_once(). In barebox we have the constructor function as well,
>>> but we don't have an equivalent of inode_init_once(), so the constructor
>>> is empty.  zero the inode in the constructor instead so that barebox
>>> gets a zeroed inode.
>>>
>>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>>> ---
>>>  fs/ubifs/super.c | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
>>> index 45037b42ea..4022270d4c 100644
>>> --- a/fs/ubifs/super.c
>>> +++ b/fs/ubifs/super.c
>>> @@ -1128,6 +1128,7 @@ static void kill_ubifs_super(struct super_block *s)
>>>   */
>>>  static void inode_slab_ctor(void *obj)
>>>  {
>>> +	memset(obj, 0, sizeof(struct inode));
>>
>> This works because inode is the first member of struct ubifs_inode, but
>> I would prefer to avoid depending on that as it might change with a
>> future update.
>>
>> Can't we just zero all of struct ubifs_inode here to be on the safe side?
> 
> That was my first approach as well, but I was afraid this could be lost
> on an UBIFS update.
> 
> I could treat obj as a struct ubifs_inode and zero the inode member
> instead.

Yes, that would work too.

> 
> That would have prevented the bug I introduced with the JFFS2 patch as
> well.
> 
> Sascha
> 
> --
> Pengutronix e.K.                           |                             |
> Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
> 31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |