From: Gianfranco Trad <gianf.trad@gmail.com>
To: brauner@kernel.org, josef@toxicpanda.com, akpm@linux-foundation.org
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
skhan@linuxfoundation.org,
syzbot+2e6fb1f89ce5e13cd02d@syzkaller.appspotmail.com
Subject: Re: [PATCH] hfs: use kzalloc in hfs_find_init() to fix KMSAN bug
Date: Tue, 12 Nov 2024 17:08:53 +0100 [thread overview]
Message-ID: <f1c3998e-1eaf-465c-9708-bae30d9832cd@gmail.com> (raw)
In-Reply-To: <20241022225732.1614156-2-gianf.trad@gmail.com>
On 23/10/24 00:57, Gianfranco Trad wrote:
> Syzbot reports KMSAN uninit-value use in hfs_free_fork [1].
> Use kzalloc() instead of kmalloc() to zero-init fd->search_key
> in hfs_find_init() in order to mitigate such KMSAN bug.
>
> [1] https://syzkaller.appspot.com/bug?extid=2e6fb1f89ce5e13cd02d
>
> Reported-by: syzbot+2e6fb1f89ce5e13cd02d@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=2e6fb1f89ce5e13cd02d
> Tested-by: syzbot+2e6fb1f89ce5e13cd02d@syzkaller.appspotmail.com
> Signed-off-by: Gianfranco Trad <gianf.trad@gmail.com>
> ---
>
> Notes: since there's no maintainer for hfs I included Andrew as stated
> in the Documentation. I also considered to include the top 2 commiters
> to hfs subsytem given by scripts/get_maintainers.pl. Hope it's not a
> problem, if so apologies.
>
> fs/hfs/bfind.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/hfs/bfind.c b/fs/hfs/bfind.c
> index ef9498a6e88a..c74d864bc29e 100644
> --- a/fs/hfs/bfind.c
> +++ b/fs/hfs/bfind.c
> @@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd)
>
> fd->tree = tree;
> fd->bnode = NULL;
> - ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
> + ptr = kzalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
> if (!ptr)
> return -ENOMEM;
> fd->search_key = ptr;
I ensured syzbot reproducer still triggers KMSAN bug upstream[1].
I ensured that the above patch was tested by syzbot upstream, not
triggering any issue[2].
I know hfs is orphaned, but if anyone can pick it up or review it for
additional feedback I'd highly appreciate it, as it addresses bug in
stable releases.
Thanks for your time,
[1] https://syzkaller.appspot.com/x/log.txt?x=12cd38c0580000
[2] https://syzkaller.appspot.com/x/log.txt?x=136874e8580000
--Gian
prev parent reply other threads:[~2024-11-12 16:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-22 22:57 [PATCH] hfs: use kzalloc in hfs_find_init() to fix KMSAN bug Gianfranco Trad
2024-11-12 16:08 ` Gianfranco Trad [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f1c3998e-1eaf-465c-9708-bae30d9832cd@gmail.com \
--to=gianf.trad@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=josef@toxicpanda.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=syzbot+2e6fb1f89ce5e13cd02d@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).