From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D18818C011
	for <linux-kernel@vger.kernel.org>; Wed, 29 Jan 2025 05:28:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.199
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1738128520; cv=none; b=dqvYjuLQR6bB0OzzDOTPEflZfxu9z3xqnuREycFm0F7OPBTvWCLpUnQlmy5qiTzth2xLUrYWA8RJCNay9WdFC5iFVcYnv93RdYDm/P1V9Q0Cz5shFPikuMD5bZmA1YkIZ5xbeI3EGBRn1ZHrpugpfYAAhv9BjrXQ5pGMb1aPdj8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1738128520; c=relaxed/simple;
	bh=6VKG3JI2d69jMwLqPusWlAuPkwGphbvyrykUhSOZfqc=;
	h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To:
	 Content-Type; b=Flwsgwo0yHmfvM2nBQHQhotXCuSpP0ZtW0DMFUbqi53BWAXPwpH743PpgazwQjNx6KNjfxWIFiGSIttTxODGqxf9L4mEiVjDaBs6gofbWyecd0QiNmLHO8nM0zJ2erc1+RmhzmEsuQ71XI5pjLtyri7XGGmNRBxq3yWxlm1jf1s=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.166.199
Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-il1-f199.google.com with SMTP id e9e14a558f8ab-3cfe6030df7so18598595ab.3
        for <linux-kernel@vger.kernel.org>; Tue, 28 Jan 2025 21:28:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738128518; x=1738733318;
        h=to:from:subject:message-id:in-reply-to:date:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=1jHlsp76SbPfvdA4BZIPBqH9uyzXVmeWeKW4ZRRSUGk=;
        b=ngzm93x/roZzKZie5dnImJ6SKMuyovJ1yOOZjbb+7YH7P32JZFj+Az4S6uUaAcgEV6
         8Y20rRwmIsn5Q600yVVUTRLAbhhi00E3t0i8bw1C4hsQCZiR9TfRJTn0CXjjfTE1XJuI
         8XOxvskhzJKJhx5jQyZTudu43CJ42aNVHyVsneXZWdTpXRKHGSMmWTqeejz45MKvp92B
         baq8GwL8VieZJYOa671T9ai/gajdSfOJ+hTbhTE8+Tz3XIJWT+CmBYtwdZR9ETbeTYlp
         U3xqWvQVSzH/HzG2r/1g6yLyCfZWQrsMA5MBBFeC6i75UmjJZfHIH0PkLFGHqJExBxa9
         xzDA==
X-Gm-Message-State: AOJu0YziP77+Tdg8rpAqJNxh9iiM2W5gopnOJspP19FrpWAf13jG8Fxu
	K/gQ3e0RNTQb5m8PEbdFCH69ZVXDubgHxFLCAQdNR9NiSZhLnXyAVjm6TkmJcZ7r9crd1um1/BV
	gb51YIwLBUxF2LAImj/bfk5aI/HvPHDi3tmnH85xfvOxIHlGQRZzNoto=
X-Google-Smtp-Source: AGHT+IEXPW6yxPwsRu2OwqUKp1xQS4VaN5jCx2xNeSygVEt5S5PoOo4/mWaNXaXKD2mUyDwHArUBk/rLvrGXQJdYDLOdQkI88jl1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a05:6e02:1c84:b0:3cf:c92e:b3a9 with SMTP id
 e9e14a558f8ab-3cffe6b8499mr17889625ab.22.1738128518571; Tue, 28 Jan 2025
 21:28:38 -0800 (PST)
Date: Tue, 28 Jan 2025 21:28:38 -0800
In-Reply-To: <0000000000001a0a38060e875458@google.com>
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <6799bc86.050a0220.ac840.02c4.GAE@google.com>
Subject: Re: [syzbot] [PATCH] fs/ntfs3: Fix KMSAN warning in longest_match_std()
From: syzbot <syzbot+08d8956768c96a2c52cf@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: [PATCH] fs/ntfs3: Fix KMSAN warning in longest_match_std()
Author: gauthamgujjula@gmail.com

#syz test

Syzkaller reported uninitialized memory in longest_match_std(),
originating from ntfs_compress_write(). In the case where a frame's
pages are not up to date, but that frame is not read in due to the
overlapping bounds of the write, the end of the frame will remain
uninitialized if the user data copied in is not frame-aligned.

To init the memory without invoking ni_read_frame() in cases where the
data will be overwritten anyways, add an additional clause to zero out
the section of the frame from the end of the user's data to the end of
the frame.

Reported-by: syzbot+08d8956768c96a2c52cf@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
Signed-off-by: Gautham Gujjula <gauthamgujjula@gmail.com>
---
 fs/ntfs3/file.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index fad68ff0b6ed..6fc4f960f4d9 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -1122,6 +1122,13 @@ static ssize_t ntfs_compress_write(struct kiocb *iocb, struct iov_iter *from)
 					}
 					goto out;
 				}
+			} else if (to & (frame_size - 1)) {
+				for (ip = to >> PAGE_SHIFT, off = offset_in_page(to);
+				     ip < pages_per_frame;
+				     ip++, off = 0) {
+					zero_user_segment(pages[ip], off, PAGE_SIZE);
+					flush_dcache_page(pages[ip]);
+				}
 			}
 		}
 
-- 
2.45.3