lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1669c05c-7468-4347-a924-cfc4145c8c75@kernel.org>
Date: Tue, 24 Jun 2025 22:16:05 +0800
From: Chao Yu <chao@...nel.org>
To: Abinash Singh <abinashlalotra@...il.com>,
 linux-f2fs-devel@...ts.sourceforge.net
Cc: chao@...nel.org, jaegeuk@...nel.org, linux-kernel@...r.kernel.org,
 Abinash Singh <abinashsinghlalotra@...il.com>,
 syzbot+b8c1d60e95df65e827d4@...kaller.appspotmail.com
Subject: Re: [PATCH v2] f2fs: fix KMSAN uninit-value in extent_info usage

On 2025/6/19 20:09, Abinash Singh wrote:
> KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and
> `__is_back_mergeable()` via the read extent tree path.
> 
> The root cause is that `get_read_extent_info()` only initializes three fields
> (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields
> uninitialized. This leads to undefined behavior when those fields are accessed
> later, especially during extent merging.
> 
> Fix it by zero-initializing the `extent_info` struct before population.
> 

It needs to add a fixes line, otherwise, it looks good to me.

Thanks,

> Reported-by: syzbot+b8c1d60e95df65e827d4@...kaller.appspotmail.com
> Signed-off-by: Abinash Singh <abinashsinghlalotra@...il.com>
> 
> ---
> v2 : Corrected Author name
> ---
>   fs/f2fs/extent_cache.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
> index cfe925a3d555..4ce19a310f38 100644
> --- a/fs/f2fs/extent_cache.c
> +++ b/fs/f2fs/extent_cache.c
> @@ -414,7 +414,7 @@ void f2fs_init_read_extent_tree(struct inode *inode, struct folio *ifolio)
>   	struct f2fs_extent *i_ext = &F2FS_INODE(&ifolio->page)->i_ext;
>   	struct extent_tree *et;
>   	struct extent_node *en;
> -	struct extent_info ei;
> +	struct extent_info ei = {0};
>   
>   	if (!__may_extent_tree(inode, EX_READ)) {
>   		/* drop largest read extent */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ