| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250619111407.113334-1-abinashsinghlalotra@gmail.com>
Date: Thu, 19 Jun 2025 16:44:07 +0530
From: avinashlalotra <abinashlalotra@...il.com>
To: linux-f2fs-devel@...ts.sourceforge.net
Cc: jaegeuk@...nel.org,
chao@...nel.org,
linux-kernel@...r.kernel.org,
avinashlalotra <abinashsinghlalotra@...il.com>,
syzbot+b8c1d60e95df65e827d4@...kaller.appspotmail.com
Subject: [PATCH] f2fs: fix KMSAN uninit-value in extent_info usage
KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and
`__is_back_mergeable()` via the read extent tree path.
The root cause is that `get_read_extent_info()` only initializes three fields
(`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields
uninitialized. This leads to undefined behavior when those fields are accessed
later, especially during extent merging.
Fix it by zero-initializing the `extent_info` struct before population.
Reported-by: syzbot+b8c1d60e95df65e827d4@...kaller.appspotmail.com
Signed-off-by: avinashlalotra <abinashsinghlalotra@...il.com>
---
fs/f2fs/extent_cache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
index cfe925a3d555..4ce19a310f38 100644
--- a/fs/f2fs/extent_cache.c
+++ b/fs/f2fs/extent_cache.c
@@ -414,7 +414,7 @@ void f2fs_init_read_extent_tree(struct inode *inode, struct folio *ifolio)
struct f2fs_extent *i_ext = &F2FS_INODE(&ifolio->page)->i_ext;
struct extent_tree *et;
struct extent_node *en;
- struct extent_info ei;
+ struct extent_info ei = {0};
if (!__may_extent_tree(inode, EX_READ)) {
/* drop largest read extent */
--
2.43.0
Powered by blists - more mailing lists