| Message ID | 1482409815-89034-1-git-send-email-glider@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, Dec 22, 2016 at 01:30:15PM +0100, Alexander Potapenko wrote: > KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of > uninitialized memory in ext4_update_bh_state(): > > ================================================================== > BUG: KMSAN: use of unitialized memory > CPU: 3 PID: 1 Comm: swapper/0 Tainted: G B 4.8.0-rc6+ #597 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs > 01/01/2011 > 0000000000000282 ffff88003cc96f68 ffffffff81f30856 0000003000000008 > ffff88003cc96f78 0000000000000096 ffffffff8169742a ffff88003cc96ff8 > ffffffff812fc1fc 0000000000000008 ffff88003a1980e8 0000000100000000 > Call Trace: > [< inline >] __dump_stack lib/dump_stack.c:15 > [<ffffffff81f30856>] dump_stack+0xa6/0xc0 lib/dump_stack.c:51 > [<ffffffff812fc1fc>] kmsan_report+0x1ec/0x300 mm/kmsan/kmsan.c:? > [<ffffffff812fc33b>] __msan_warning+0x2b/0x40 ??:? > [< inline >] ext4_update_bh_state fs/ext4/inode.c:727 > [<ffffffff8169742a>] _ext4_get_block+0x6ca/0x8a0 fs/ext4/inode.c:759 > [<ffffffff81696d4c>] ext4_get_block+0x8c/0xa0 fs/ext4/inode.c:769 > [<ffffffff814a2d36>] generic_block_bmap+0x246/0x2b0 fs/buffer.c:2991 > [<ffffffff816ca30e>] ext4_bmap+0x5ee/0x660 fs/ext4/inode.c:3177 > ... > origin description: ----tmp@generic_block_bmap > ================================================================== > > (the line numbers are relative to 4.8-rc6, but the bug persists > upstream) > > The local |tmp| is created in generic_block_bmap() and then passed into > ext4_bmap() => ext4_get_block() => _ext4_get_block() => > ext4_update_bh_state(). Along the way tmp.b_page is never initialized > before ext4_update_bh_state() checks its value. > > Signed-off-by: Alexander Potapenko <glider@google.com> This is a one-line fix to fs/buffer.c; but I've investigated, and since it only affects ext4, and no one else has responded, I'll take the change through the ext4 git tree. Thanks!! - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jan 18, 2017 at 5:32 PM, Theodore Ts'o <tytso@mit.edu> wrote: > On Thu, Dec 22, 2016 at 01:30:15PM +0100, Alexander Potapenko wrote: >> KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of >> uninitialized memory in ext4_update_bh_state(): >> >> ================================================================== >> BUG: KMSAN: use of unitialized memory >> CPU: 3 PID: 1 Comm: swapper/0 Tainted: G B 4.8.0-rc6+ #597 >> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs >> 01/01/2011 >> 0000000000000282 ffff88003cc96f68 ffffffff81f30856 0000003000000008 >> ffff88003cc96f78 0000000000000096 ffffffff8169742a ffff88003cc96ff8 >> ffffffff812fc1fc 0000000000000008 ffff88003a1980e8 0000000100000000 >> Call Trace: >> [< inline >] __dump_stack lib/dump_stack.c:15 >> [<ffffffff81f30856>] dump_stack+0xa6/0xc0 lib/dump_stack.c:51 >> [<ffffffff812fc1fc>] kmsan_report+0x1ec/0x300 mm/kmsan/kmsan.c:? >> [<ffffffff812fc33b>] __msan_warning+0x2b/0x40 ??:? >> [< inline >] ext4_update_bh_state fs/ext4/inode.c:727 >> [<ffffffff8169742a>] _ext4_get_block+0x6ca/0x8a0 fs/ext4/inode.c:759 >> [<ffffffff81696d4c>] ext4_get_block+0x8c/0xa0 fs/ext4/inode.c:769 >> [<ffffffff814a2d36>] generic_block_bmap+0x246/0x2b0 fs/buffer.c:2991 >> [<ffffffff816ca30e>] ext4_bmap+0x5ee/0x660 fs/ext4/inode.c:3177 >> ... >> origin description: ----tmp@generic_block_bmap >> ================================================================== >> >> (the line numbers are relative to 4.8-rc6, but the bug persists >> upstream) >> >> The local |tmp| is created in generic_block_bmap() and then passed into >> ext4_bmap() => ext4_get_block() => _ext4_get_block() => >> ext4_update_bh_state(). Along the way tmp.b_page is never initialized >> before ext4_update_bh_state() checks its value. >> >> Signed-off-by: Alexander Potapenko <glider@google.com> > > This is a one-line fix to fs/buffer.c; but I've investigated, and > since it only affects ext4, and no one else has responded, I'll take > the change through the ext4 git tree. > > Thanks!! > > - Ted Hi Ted, any updates on this patch? Looks like it hasn't been landed yet. Alex
Hi Theodore, Looks like the patch hasn't been landed yet, could you please revisit it? Thanks, Alex On Wed, Jan 18, 2017 at 5:32 PM, Theodore Ts'o <tytso@mit.edu> wrote: > On Thu, Dec 22, 2016 at 01:30:15PM +0100, Alexander Potapenko wrote: >> KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of >> uninitialized memory in ext4_update_bh_state(): >> >> ================================================================== >> BUG: KMSAN: use of unitialized memory >> CPU: 3 PID: 1 Comm: swapper/0 Tainted: G B 4.8.0-rc6+ #597 >> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs >> 01/01/2011 >> 0000000000000282 ffff88003cc96f68 ffffffff81f30856 0000003000000008 >> ffff88003cc96f78 0000000000000096 ffffffff8169742a ffff88003cc96ff8 >> ffffffff812fc1fc 0000000000000008 ffff88003a1980e8 0000000100000000 >> Call Trace: >> [< inline >] __dump_stack lib/dump_stack.c:15 >> [<ffffffff81f30856>] dump_stack+0xa6/0xc0 lib/dump_stack.c:51 >> [<ffffffff812fc1fc>] kmsan_report+0x1ec/0x300 mm/kmsan/kmsan.c:? >> [<ffffffff812fc33b>] __msan_warning+0x2b/0x40 ??:? >> [< inline >] ext4_update_bh_state fs/ext4/inode.c:727 >> [<ffffffff8169742a>] _ext4_get_block+0x6ca/0x8a0 fs/ext4/inode.c:759 >> [<ffffffff81696d4c>] ext4_get_block+0x8c/0xa0 fs/ext4/inode.c:769 >> [<ffffffff814a2d36>] generic_block_bmap+0x246/0x2b0 fs/buffer.c:2991 >> [<ffffffff816ca30e>] ext4_bmap+0x5ee/0x660 fs/ext4/inode.c:3177 >> ... >> origin description: ----tmp@generic_block_bmap >> ================================================================== >> >> (the line numbers are relative to 4.8-rc6, but the bug persists >> upstream) >> >> The local |tmp| is created in generic_block_bmap() and then passed into >> ext4_bmap() => ext4_get_block() => _ext4_get_block() => >> ext4_update_bh_state(). Along the way tmp.b_page is never initialized >> before ext4_update_bh_state() checks its value. >> >> Signed-off-by: Alexander Potapenko <glider@google.com> > > This is a one-line fix to fs/buffer.c; but I've investigated, and > since it only affects ext4, and no one else has responded, I'll take > the change through the ext4 git tree. > > Thanks!! > > - Ted
================================================================== BUG: KMSAN: use of unitialized memory CPU: 3 PID: 1 Comm: swapper/0 Tainted: G B 4.8.0-rc6+ #597 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 0000000000000282 ffff88003cc96f68 ffffffff81f30856 0000003000000008 ffff88003cc96f78 0000000000000096 ffffffff8169742a ffff88003cc96ff8 ffffffff812fc1fc 0000000000000008 ffff88003a1980e8 0000000100000000 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [<ffffffff81f30856>] dump_stack+0xa6/0xc0 lib/dump_stack.c:51 [<ffffffff812fc1fc>] kmsan_report+0x1ec/0x300 mm/kmsan/kmsan.c:? [<ffffffff812fc33b>] __msan_warning+0x2b/0x40 ??:? [< inline >] ext4_update_bh_state fs/ext4/inode.c:727 [<ffffffff8169742a>] _ext4_get_block+0x6ca/0x8a0 fs/ext4/inode.c:759 [<ffffffff81696d4c>] ext4_get_block+0x8c/0xa0 fs/ext4/inode.c:769 [<ffffffff814a2d36>] generic_block_bmap+0x246/0x2b0 fs/buffer.c:2991 [<ffffffff816ca30e>] ext4_bmap+0x5ee/0x660 fs/ext4/inode.c:3177 ... origin description: ----tmp@generic_block_bmap ================================================================== (the line numbers are relative to 4.8-rc6, but the bug persists upstream) The local |tmp| is created in generic_block_bmap() and then passed into ext4_bmap() => ext4_get_block() => _ext4_get_block() => ext4_update_bh_state(). Along the way tmp.b_page is never initialized before ext4_update_bh_state() checks its value. Signed-off-by: Alexander Potapenko <glider@google.com> --- fs/buffer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/buffer.c b/fs/buffer.c index d21771f..3fb104e 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -3029,6 +3029,7 @@ sector_t generic_block_bmap(struct address_space *mapping, sector_t block, tmp.b_state = 0; tmp.b_blocknr = 0; tmp.b_size = 1 << inode->i_blkbits; + tmp.b_page = NULL; get_block(inode, block, &tmp, 0); return tmp.b_blocknr; }