From: Alexander Potapenko <glider@google.com>
To: dvyukov@google.com, kcc@google.com, tytso@mit.edu,
viro@zeniv.linux.org.uk
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: [PATCH] fs: Initialize tmp.b_page in generic_block_bmap()
Date: Thu, 22 Dec 2016 13:30:15 +0100 [thread overview]
Message-ID: <1482409815-89034-1-git-send-email-glider@google.com> (raw)
KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of
uninitialized memory in ext4_update_bh_state():
==================================================================
BUG: KMSAN: use of unitialized memory
CPU: 3 PID: 1 Comm: swapper/0 Tainted: G B 4.8.0-rc6+ #597
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
01/01/2011
0000000000000282 ffff88003cc96f68 ffffffff81f30856 0000003000000008
ffff88003cc96f78 0000000000000096 ffffffff8169742a ffff88003cc96ff8
ffffffff812fc1fc 0000000000000008 ffff88003a1980e8 0000000100000000
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff81f30856>] dump_stack+0xa6/0xc0 lib/dump_stack.c:51
[<ffffffff812fc1fc>] kmsan_report+0x1ec/0x300 mm/kmsan/kmsan.c:?
[<ffffffff812fc33b>] __msan_warning+0x2b/0x40 ??:?
[< inline >] ext4_update_bh_state fs/ext4/inode.c:727
[<ffffffff8169742a>] _ext4_get_block+0x6ca/0x8a0 fs/ext4/inode.c:759
[<ffffffff81696d4c>] ext4_get_block+0x8c/0xa0 fs/ext4/inode.c:769
[<ffffffff814a2d36>] generic_block_bmap+0x246/0x2b0 fs/buffer.c:2991
[<ffffffff816ca30e>] ext4_bmap+0x5ee/0x660 fs/ext4/inode.c:3177
...
origin description: ----tmp@generic_block_bmap
==================================================================
(the line numbers are relative to 4.8-rc6, but the bug persists
upstream)
The local |tmp| is created in generic_block_bmap() and then passed into
ext4_bmap() => ext4_get_block() => _ext4_get_block() =>
ext4_update_bh_state(). Along the way tmp.b_page is never initialized
before ext4_update_bh_state() checks its value.
Signed-off-by: Alexander Potapenko <glider@google.com>
---
fs/buffer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/buffer.c b/fs/buffer.c
index d21771f..3fb104e 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -3029,6 +3029,7 @@ sector_t generic_block_bmap(struct address_space *mapping, sector_t block,
tmp.b_state = 0;
tmp.b_blocknr = 0;
tmp.b_size = 1 << inode->i_blkbits;
+ tmp.b_page = NULL;
get_block(inode, block, &tmp, 0);
return tmp.b_blocknr;
}
--
2.8.0.rc3.226.g39d4020
next reply other threads:[~2016-12-22 12:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-22 12:30 Alexander Potapenko [this message]
2017-01-18 16:32 ` [PATCH] fs: Initialize tmp.b_page in generic_block_bmap() Theodore Ts'o
2017-03-28 16:28 ` Alexander Potapenko
2017-05-22 17:58 ` Kees Cook
2017-07-05 2:21 ` Theodore Ts'o
2017-06-26 10:06 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1482409815-89034-1-git-send-email-glider@google.com \
--to=glider@google.com \
--cc=dvyukov@google.com \
--cc=kcc@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.