From patchwork Mon Mar 4 05:33:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Edward Adam Davis X-Patchwork-Id: 209384 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:fa17:b0:10a:f01:a869 with SMTP id ju23csp1233074dyc; Sun, 3 Mar 2024 21:39:59 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWslor7vmbto8GkwQiOqlSePplQw3HGCARVc+7OvwXYtoKGNWSfspx3KQMVNNyScpj/43LwuBtxKoPhxN/8G62MaDrvBQ== X-Google-Smtp-Source: AGHT+IFJYf1OdpiPFV9NQOokAHXzk0favkPLogGT129Ncg236hzW1/sbF+lgfHeH2pMU+qeHFzOC X-Received: by 2002:a05:6a20:f3aa:b0:1a0:f5b9:bd88 with SMTP id qr42-20020a056a20f3aa00b001a0f5b9bd88mr8638967pzb.55.1709530799228; Sun, 03 Mar 2024 21:39:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709530799; cv=pass; d=google.com; s=arc-20160816; b=Zpwtt1wiKXZfphpbSvVyILtwHw7dk5X4+KAPJFpXvdlPOvl3Y/zM0jdzWPhR50o/PI Dnwm6L27P96M4lJojOI7h4ThnbGmhYDz8cLXMv400vPXqa5ptVwxzSgZdY97GNyVHHW2 I/2j22oZ6SkdK/nWyYWNpeFKCKA/QHs3HW5uFwzzt46piHNejjkxhvG83eLd0nyKX27V oj7a+FHjivIlo+qWHFGBoLxJ88qTfe3ZKCn4HabNowLhkWlQNruHHFNhPqos80/VrrXD 61kUiOHMl5ZqsLh3a8C/40tsmVuGXI6NJmdzeIhalmZIQQ44udzOFzby0sZkl7VRVK6f HXKQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=9uK2GXZq/8xku+2xavhS19lwiemprvBmG1eFe+2OCLs=; fh=/jYrw+EggKWjdbJzPQWicvgHUgfnHyaDVkqza1BzDMA=; b=d+H4ihZAgvomFKx1DgaOcHxPa8fnelBfXS7Lyu7QlpsxhMtEdcJ7F65AiDR4LyfcCB wdggj6byngp+NjaJLFCZhKee/E140R7DIJKgxxngW1g0p4f+x2DBkS5Q8V79U91wuz+K UG32gjR9f9wLciqf8ZRx3UmlMktGc6wIJ8tAoob4URap42hK+c28p0BznE1dtD/4oScT TfPI3Tktu8lv4I1nxJGdbVHw2l1nzLj2GSpzU17lWCwGkM/8fLBli6KVxKUMUEeq/5HT szJvfRT3B8F6R9EdYZYJ7vREUJZHgraclSl8633X1es2qca03Qc0hRmuLGp2/DyEqsE2 Qcxg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=NQm3wyKg; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-90060-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90060-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id ct9-20020a056a000f8900b006e62c712c5esi124283pfb.58.2024.03.03.21.39.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 03 Mar 2024 21:39:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-90060-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=NQm3wyKg; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-90060-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-90060-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 11B40280FAB for ; Mon, 4 Mar 2024 05:39:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 760BACA73; Mon, 4 Mar 2024 05:39:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="NQm3wyKg" Received: from out162-62-58-216.mail.qq.com (out162-62-58-216.mail.qq.com [162.62.58.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8737DBA27; Mon, 4 Mar 2024 05:39:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=162.62.58.216 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709530781; cv=none; b=kEN9+/xpoDq1rShHozMQXhnvaR832UmMjE41ebpGTRIJNlWgFsP+7OPg8XvE4WJFc9o6UoIpA91CmVyVMqUgpqw4wOKeTEY7PStzNzSaJFMtLcZehoqwoiTNKRnwL/OdSUyrYv5XBZ82OM4L5TRngXO5hOH6XMexPGTARx2I3EM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709530781; c=relaxed/simple; bh=Tpaq8N4Av+5b7UEGdG8PwgpDYuzB6CY0twmRaDGvc9c=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=bcAL1+6dHxErXmOt3PASSj1RMxgK4wS0ado+BnrKNNydahuJXRE3ZrIKzMMZbfvQEIMwuy/s3tYJJYk6Gys4zifE0f/F0D56jQS7FUWfXTPN0MScwX0102G4Rp5iZUUakZhgAib6PL4ot3LfwOT0hO83uzwnpvmKanPValfcXs0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=NQm3wyKg; arc=none smtp.client-ip=162.62.58.216 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1709530768; bh=9uK2GXZq/8xku+2xavhS19lwiemprvBmG1eFe+2OCLs=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=NQm3wyKgm5Aqp3NDC8DWg2gOSmyDwHzkhFJ1bXea7QCGni4yID8HjoSwByoaoyrb1 2vhD1VGFS1xV+4UvgAz5bDPTY/2NuuhnAZpWWSGHhYK/U9mzO34vnBab/nyynkULzN F5gKA0r+uyXZItFICYRo8Rv9Hc+Kx39VA4JUPLmc= Received: from pek-lxu-l1.wrs.com ([111.198.228.140]) by newxmesmtplogicsvrszc5-1.qq.com (NewEsmtp) with SMTP id 8519C245; Mon, 04 Mar 2024 13:33:17 +0800 X-QQ-mid: xmsmtpt1709530397t95cf53rs Message-ID: X-QQ-XMAILINFO: MCBt/x1q9XETxrFVo/g+iR8gh3Ugc6QxMk3Dka791CH3s4c66cR8rXCdzN/7lV PRCDITTWKfntfxPgWWTm+nbPDap91lTwj+SFBL+zISZ/50EgeaoENMj5tPNHpE5r6slE92H3dsb7 rmx5P3zIDMXPyRENfZqcVqpJeR9qIXQJMIDGnaQaBqSACVASAO1+ik9TeNRitDfbEWcZ1K2e2q+2 43hTcsnzypTVNZcFvHUFoa1kpDNYup50rIQeuj3ew7EvcAM/GDLB9aRWwUEqIMrFamKq97X/fl4o shJPC1F+VFP+t33gsLOt6sVogYDL+SnWB6/W43BUtqDtFzhCgoGC+m8Pu6iVs5Bl6x6UhKZD/ZXs KGEqw8+u0+jKpm7/98PEyfigpGhkDw2zjF+WqU71CcI7Kl93OHqZpS1JWkUIU2XgA6yAnNVPUj0H aafEJp9virIkmuih3E1hJimKl4y2OQQft9fbYRwsuWoYKSWvt7p6IaWIN+V/d8vmjVs7sKByAQv6 lYW5+L3Q5ba9F+ZqknLINOdYw/UQVeLtYMYEjVAzKRe2zt3ZFy13f0E+HS3oAbg/lpRP7+8UFUED kyhOePvnWgpKRgTOJ2pgtKrGUIo8AfByIrEButrSVvxAi7nDFZa7uYo9piBxS3sE+MmQFcEcHDpL 62NiFz8PN2Jr0PPE+BoQBOaDb1krpKD4YyOB6s7oJOSW1+VIX6p0k9px2ykYqd9yoBM2EgWaRzHv jH3Nw5oxJzBlx5d0C9wVBcRy0010yJUyk6LWS6y0g9uG3YK3dwfqg1/zmMb2NgMw0jYfDvspkWBL WmLctm5RgXynGVFQ/Jmps3RKlQlHZ74nl3iK9ILrjMk0RcoXrzDiSjQOHnVPnrY/W5ogObURLRfm G5DcYm9VR9TbGKmDalVuXOj6orEKdG22Pa09MXrD8DUMgBw0QRNHevFeS43CBy+90I/dX4/Gpp X-QQ-XMRINFO: NI4Ajvh11aEj8Xl/2s1/T8w= From: Edward Adam Davis To: syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com Cc: glider@google.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: [PATCH] hfsplus: fix uninit-value in hfsplus_attr_bin_cmp_key Date: Mon, 4 Mar 2024 13:33:18 +0800 X-OQ-MSGID: <20240304053317.1237946-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <00000000000037444e0612c39434@google.com> References: <00000000000037444e0612c39434@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1792572967663338552 X-GMAIL-MSGID: 1792572967663338552 [Syzbot reported] BUG: KMSAN: uninit-value in hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42 hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42 hfs_find_rec_by_key+0xb0/0x240 fs/hfsplus/bfind.c:100 __hfsplus_brec_find+0x26b/0x7b0 fs/hfsplus/bfind.c:135 hfsplus_brec_find+0x445/0x970 fs/hfsplus/bfind.c:195 hfsplus_find_attr+0x30c/0x390 hfsplus_attr_exists+0x1c6/0x260 fs/hfsplus/attributes.c:182 __hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336 hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434 hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30 __vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201 __vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235 __vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296 vfs_setxattr+0x294/0x650 fs/xattr.c:322 do_setxattr fs/xattr.c:630 [inline] setxattr+0x45f/0x540 fs/xattr.c:653 path_setxattr+0x1f5/0x3c0 fs/xattr.c:672 __do_sys_setxattr fs/xattr.c:688 [inline] __se_sys_setxattr fs/xattr.c:684 [inline] __x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook mm/slub.c:3819 [inline] slab_alloc_node mm/slub.c:3860 [inline] __do_kmalloc_node mm/slub.c:3980 [inline] __kmalloc+0x919/0xf80 mm/slub.c:3994 kmalloc include/linux/slab.h:594 [inline] hfsplus_find_init+0x91/0x250 fs/hfsplus/bfind.c:21 hfsplus_attr_exists+0xde/0x260 fs/hfsplus/attributes.c:178 __hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336 hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434 hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30 __vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201 __vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235 __vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296 vfs_setxattr+0x294/0x650 fs/xattr.c:322 do_setxattr fs/xattr.c:630 [inline] setxattr+0x45f/0x540 fs/xattr.c:653 path_setxattr+0x1f5/0x3c0 fs/xattr.c:672 __do_sys_setxattr fs/xattr.c:688 [inline] __se_sys_setxattr fs/xattr.c:684 [inline] __x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b [Fix] Let's clear all search_key fields at alloc time. Reported-and-tested-by: syzbot+c6d8e1bffb0970780d5c@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- fs/hfsplus/bfind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/hfsplus/bfind.c b/fs/hfsplus/bfind.c index ca2ba8c9f82e..b939dc879dac 100644 --- a/fs/hfsplus/bfind.c +++ b/fs/hfsplus/bfind.c @@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd) fd->tree = tree; fd->bnode = NULL; - ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL); + ptr = kzalloc(tree->max_key_len * 2 + 4, GFP_KERNEL); if (!ptr) return -ENOMEM; fd->search_key = ptr;