lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f1c3998e-1eaf-465c-9708-bae30d9832cd@gmail.com>
Date: Tue, 12 Nov 2024 17:08:53 +0100
From: Gianfranco Trad <gianf.trad@...il.com>
To: brauner@...nel.org, josef@...icpanda.com, akpm@...ux-foundation.org
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
 skhan@...uxfoundation.org,
 syzbot+2e6fb1f89ce5e13cd02d@...kaller.appspotmail.com
Subject: Re: [PATCH] hfs: use kzalloc in hfs_find_init() to fix KMSAN bug

On 23/10/24 00:57, Gianfranco Trad wrote:
> Syzbot reports KMSAN uninit-value use in hfs_free_fork [1].
> Use kzalloc() instead of kmalloc() to zero-init fd->search_key
> in hfs_find_init() in order to mitigate such KMSAN bug.
> 
> [1] https://syzkaller.appspot.com/bug?extid=2e6fb1f89ce5e13cd02d
> 
> Reported-by: syzbot+2e6fb1f89ce5e13cd02d@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=2e6fb1f89ce5e13cd02d
> Tested-by: syzbot+2e6fb1f89ce5e13cd02d@...kaller.appspotmail.com
> Signed-off-by: Gianfranco Trad <gianf.trad@...il.com>
> ---
> 
> Notes: since there's no maintainer for hfs I included Andrew as stated
> in the Documentation. I also considered to include the top 2 commiters
> to hfs subsytem given by scripts/get_maintainers.pl. Hope it's not a
> problem, if so apologies.
> 
>   fs/hfs/bfind.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/hfs/bfind.c b/fs/hfs/bfind.c
> index ef9498a6e88a..c74d864bc29e 100644
> --- a/fs/hfs/bfind.c
> +++ b/fs/hfs/bfind.c
> @@ -18,7 +18,7 @@ int hfs_find_init(struct hfs_btree *tree, struct hfs_find_data *fd)
>   
>   	fd->tree = tree;
>   	fd->bnode = NULL;
> -	ptr = kmalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
> +	ptr = kzalloc(tree->max_key_len * 2 + 4, GFP_KERNEL);
>   	if (!ptr)
>   		return -ENOMEM;
>   	fd->search_key = ptr;

I ensured syzbot reproducer still triggers KMSAN bug upstream[1].
I ensured that the above patch was tested by syzbot upstream, not 
triggering any issue[2].

I know hfs is orphaned, but if anyone can pick it up or review it for 
additional feedback I'd highly appreciate it, as it addresses bug in 
stable releases.

Thanks for your time,

[1] https://syzkaller.appspot.com/x/log.txt?x=12cd38c0580000
[2] https://syzkaller.appspot.com/x/log.txt?x=136874e8580000

--Gian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ