search

yshigeru / linux-devel

Linux kernel source tree
Other
0 stars 0 forks source link

KMSAN: uninit-value in exfat_set_entry_time #15

Closed yshigeru closed 1 year ago

yshigeru commented 1 year ago 
=====================================================
BUG: KMSAN: uninit-value in exfat_set_entry_time+0x309/0x360 fs/exfat/misc.c:99
 exfat_set_entry_time+0x309/0x360 fs/exfat/misc.c:99
 __exfat_write_inode+0x7ae/0xdb0 fs/exfat/inode.c:59
 __exfat_truncate+0x70e/0xb20 fs/exfat/file.c:163
 exfat_truncate+0x121/0x540 fs/exfat/file.c:211
 exfat_setattr+0x116c/0x1a40 fs/exfat/file.c:312
 notify_change+0x1934/0x1a30 fs/attr.c:499
 do_truncate+0x224/0x2a0 fs/open.c:66
 handle_truncate fs/namei.c:3280 [inline]
 do_open fs/namei.c:3626 [inline]
 path_openat+0x56c6/0x5f20 fs/namei.c:3779
 do_filp_open+0x21c/0x5a0 fs/namei.c:3809
 do_sys_openat2+0x1ba/0x2f0 fs/open.c:1440
 do_sys_open fs/open.c:1455 [inline]
 __do_sys_creat fs/open.c:1531 [inline]
 __se_sys_creat fs/open.c:1525 [inline]
 __x64_sys_creat+0xe3/0x140 fs/open.c:1525
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was stored to memory at:
 exfat_set_entry_time+0x302/0x360 fs/exfat/misc.c:99
 __exfat_write_inode+0x7ae/0xdb0 fs/exfat/inode.c:59
 __exfat_truncate+0x70e/0xb20 fs/exfat/file.c:163
 exfat_truncate+0x121/0x540 fs/exfat/file.c:211
 exfat_setattr+0x116c/0x1a40 fs/exfat/file.c:312
 notify_change+0x1934/0x1a30 fs/attr.c:499
 do_truncate+0x224/0x2a0 fs/open.c:66
 handle_truncate fs/namei.c:3280 [inline]
 do_open fs/namei.c:3626 [inline]
 path_openat+0x56c6/0x5f20 fs/namei.c:3779
 do_filp_open+0x21c/0x5a0 fs/namei.c:3809
 do_sys_openat2+0x1ba/0x2f0 fs/open.c:1440
 do_sys_open fs/open.c:1455 [inline]
 __do_sys_creat fs/open.c:1531 [inline]
 __se_sys_creat fs/open.c:1525 [inline]
 __x64_sys_creat+0xe3/0x140 fs/open.c:1525
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Local variable ts created at:
 __exfat_write_inode+0x102/0xdb0 fs/exfat/inode.c:29
 __exfat_truncate+0x70e/0xb20 fs/exfat/file.c:163

CPU: 0 PID: 13839 Comm: syz-executor.7 Not tainted 6.6.0-14500-g1c41041124bd #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
=====================================================
yshigeru commented 1 year ago

repro.c.gz

yshigeru commented 1 year ago

Degraded by this patch: https://github.com/yshigeru/linux-devel/commit/4c72a36edd54f59353cee00b31db46d196dfbd58

yshigeru commented 1 year ago

A similar fix is needed: https://lore.kernel.org/all/20231018-amtime-v1-1-e066bae97285@kernel.org/

yshigeru commented 1 year ago

Sent a patch: https://lore.kernel.org/all/20231107143002.1342295-1-syoshida@redhat.com/

yshigeru commented 1 year ago

A similar fix has already been queued: https://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat.git/commit/?h=dev&id=fc12a722e6b799d1d3c1520dc9ba9aab4fda04bf