From: Eric Biggers <ebiggers@kernel.org>
To: "Bartłomiej Kubik" <kubik.bartlomiej@gmail.com>
Cc: Baokun Li <libaokun1@huawei.com>,
tytso@mit.edu, adilger.kernel@dilger.ca,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
david.hunter.linux@gmail.com, skhan@linuxfoundation.org,
khalid@kernel.org, linux-kernel-mentees@lists.linux.dev,
syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com
Subject: Re: [PATCH] fs/ext4: Initialize new folios before use
Date: Sun, 28 Dec 2025 12:09:28 -0800 [thread overview]
Message-ID: <20251228200928.GA2431@quark> (raw)
In-Reply-To: <CAPqLRf224VcJJM1rmiJTnFXg+5tNeF4HC+AEBWpBpWZO6VxbiQ@mail.gmail.com>
On Sun, Dec 28, 2025 at 02:00:46PM +0100, Bartłomiej Kubik wrote:
> Hi,
>
> Thank you for your suggestions.
>
> On Wed, 24 Dec 2025 at 02:39, Baokun Li <libaokun1@huawei.com> wrote:
> >
> > Hi Bartlomiej,
> >
> > On 2025-12-24 05:58, Bartlomiej Kubik wrote:
> > > KMSAN reports an uninitialized value in adiantum_crypt, created at
> > > write_begin_get_folio(). New folios are allocated with the FGP_CREAT
> > > flag and may be returned uninitialized. These uninitialized folios are
> > > then used without proper initialization.
> > >
> > > Fixes: b799474b9aeb ("mm/pagemap: add write_begin_get_folio() helper function")
> > > Tested-by: syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com
> > > Reported-by: syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com
> > > Closes: https://syzkaller.appspot.com/bug?extid=703d8a2cd20971854b06
> > >
> > > Signed-off-by: Bartlomiej Kubik <kubik.bartlomiej@gmail.com>
> > > ---
> > > include/linux/pagemap.h | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
> > > index 31a848485ad9..31bbc8299e08 100644
> > > --- a/include/linux/pagemap.h
> > > +++ b/include/linux/pagemap.h
> > > @@ -787,7 +787,8 @@ static inline struct folio *write_begin_get_folio(const struct kiocb *iocb,
> > > fgp_flags |= FGP_DONTCACHE;
> > >
> > > return __filemap_get_folio(mapping, index, fgp_flags,
> > > - mapping_gfp_mask(mapping));
> > > + mapping_gfp_mask(mapping)|
> > > + __GFP_ZERO);
> > We do need to perform some initialization, but doing it in this common
> > path is clearly unreasonable. It would introduce unnecessary zeroing
> > overhead even for non-crypto scenarios.
>
> Yes. That could introduce unnecessary zeroing in other paths.
>
> > Therefore, I suspect something was missed in certain crypto-related
> > initialization paths where the zeroing should have been handled instead.
>
> I will try to fix this in the crypto-path only and send [PATCH v2].
Please see https://lore.kernel.org/linux-ext4/20251210022202.GB4128@sol/
for my earlier analysis of this issue.
- Eric
prev parent reply other threads:[~2025-12-28 20:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-23 21:58 [PATCH] fs/ext4: Initialize new folios before use Bartlomiej Kubik
2025-12-24 1:39 ` Baokun Li
2025-12-28 13:00 ` Bartłomiej Kubik
2025-12-28 20:09 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251228200928.GA2431@quark \
--to=ebiggers@kernel.org \
--cc=adilger.kernel@dilger.ca \
--cc=david.hunter.linux@gmail.com \
--cc=khalid@kernel.org \
--cc=kubik.bartlomiej@gmail.com \
--cc=libaokun1@huawei.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel-mentees@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.