[PATCH] hfsplus: fix uninit-value in hfsplus_attr_bin_cmp_key

From: Edward Adam Davis
Date: Mon Mar 04 2024 - 00:39:52 EST

Next message: Dikshita Agarwal: "Re: [PATCH v2 05/20] media: venus: pm_helpers: Kill dead code"
Previous message: Dharma Balasubiramani: "[PATCH v2] dt-bindings: display: atmel,lcdc: convert to dtschema"
In reply to: syzbot: "Re: [syzbot] [hfs?] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Syzbot reported]
BUG: KMSAN: uninit-value in hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42
hfsplus_attr_bin_cmp_key+0xf1/0x190 fs/hfsplus/attributes.c:42
hfs_find_rec_by_key+0xb0/0x240 fs/hfsplus/bfind.c:100
__hfsplus_brec_find+0x26b/0x7b0 fs/hfsplus/bfind.c:135
hfsplus_brec_find+0x445/0x970 fs/hfsplus/bfind.c:195
hfsplus_find_attr+0x30c/0x390
hfsplus_attr_exists+0x1c6/0x260 fs/hfsplus/attributes.c:182
__hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336
hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434
hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30
__vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201
__vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235
__vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296
vfs_setxattr+0x294/0x650 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x45f/0x540 fs/xattr.c:653
path_setxattr+0x1f5/0x3c0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
__do_kmalloc_node mm/slub.c:3980 [inline]
__kmalloc+0x919/0xf80 mm/slub.c:3994
kmalloc include/linux/slab.h:594 [inline]
hfsplus_find_init+0x91/0x250 fs/hfsplus/bfind.c:21
hfsplus_attr_exists+0xde/0x260 fs/hfsplus/attributes.c:178
__hfsplus_setxattr+0x510/0x3580 fs/hfsplus/xattr.c:336
hfsplus_setxattr+0x129/0x1e0 fs/hfsplus/xattr.c:434
hfsplus_trusted_setxattr+0x55/0x70 fs/hfsplus/xattr_trusted.c:30
__vfs_setxattr+0x7aa/0x8b0 fs/xattr.c:201
__vfs_setxattr_noperm+0x24f/0xa30 fs/xattr.c:235
__vfs_setxattr_locked+0x441/0x480 fs/xattr.c:296
vfs_setxattr+0x294/0x650 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x45f/0x540 fs/xattr.c:653
path_setxattr+0x1f5/0x3c0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xf7/0x180 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b

[Fix]
Let's clear all search_key fields at alloc time.

Reported-and-tested-by: syzbot+c6d8e1bffb0970780d5c@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
---
fs/hfsplus/bfind.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/hfsplus/bfind.c b/fs/hfsplus/bfind.c
index ca2ba8c9f82e..b939dc879dac 100644
--- a/fs/hfsplus/bfind.c
+++ b/fs/hfsplus/bfind.c
@@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd)

fd->tree = tree;
fd->bnode = NULL;
- ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
+ ptr = kzalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
if (!ptr)
return -ENOMEM;
fd->search_key = ptr;
--
2.43.0

Next message: Dikshita Agarwal: "Re: [PATCH v2 05/20] media: venus: pm_helpers: Kill dead code"
Previous message: Dharma Balasubiramani: "[PATCH v2] dt-bindings: display: atmel,lcdc: convert to dtschema"
In reply to: syzbot: "Re: [syzbot] [hfs?] KMSAN: uninit-value in hfsplus_attr_bin_cmp_key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]