| Message ID | Zu4doSKzXfSuVipQ@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | netfs: Fix a KMSAN uninit-value error in netfs_clear_buffer | expand |
Chang Yu <marcus.yu.56@gmail.com> wrote: > - tail = kmalloc(sizeof(*tail), GFP_NOFS); > + tail = kzalloc(sizeof(*tail), GFP_NOFS); I'm deliberately not doing that because of the performance hit. That's 31 pointers of which, in many cases, we're only going to use the first couple. There's a bitmask indicating which pointers need putting and a counter that indicates how many are used. David
Chang Yu <marcus.yu.56@gmail.com> wrote: > Use kzalloc instead of kmalloc in netfs_buffer_append_folio to fix > a KMSAN uninit-value error in netfs_clear_buffer Btw, is this a theoretical error or are you actually seeing an uninitialised pointer being dereferenced? David
On Mon, Sep 23, 2024 at 08:12:23AM +0100, David Howells wrote: > Chang Yu <marcus.yu.56@gmail.com> wrote: > > > Use kzalloc instead of kmalloc in netfs_buffer_append_folio to fix > > a KMSAN uninit-value error in netfs_clear_buffer > > Btw, is this a theoretical error or are you actually seeing an uninitialised > pointer being dereferenced? Apologies for the late reply. Yes this bug was reported by syzbot (https://syzkaller.appspot.com/bug?extid=921873345a95f4dae7e9) and I was able to reproduce it locally on my machine. I've just tested it with the latest upstream and confirmed that the bug is still present. I will send a revised patch shortly, please feel free to take a look. Chang
diff --git a/fs/netfs/misc.c b/fs/netfs/misc.c index 0ad0982ce0e2..6f967b6d30b6 100644 --- a/fs/netfs/misc.c +++ b/fs/netfs/misc.c @@ -22,7 +22,7 @@ int netfs_buffer_append_folio(struct netfs_io_request *rreq, struct folio *folio return -EIO; if (!tail || folioq_full(tail)) { - tail = kmalloc(sizeof(*tail), GFP_NOFS); + tail = kzalloc(sizeof(*tail), GFP_NOFS); if (!tail) return -ENOMEM; netfs_stat(&netfs_n_folioq);
Use kzalloc instead of kmalloc in netfs_buffer_append_folio to fix a KMSAN uninit-value error in netfs_clear_buffer Signed-off-by: Chang Yu <marcus.yu.56@gmail.com> Reported-by: syzbot+921873345a95f4dae7e9@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=921873345a95f4dae7e9 Fixes: cd0277ed0c18 ("netfs: Use new folio_queue data type and iterator instead of xarray iter") --- fs/netfs/misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)