Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp112462pxk; Tue, 15 Sep 2020 22:43:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx8haxX2PGmLM2HE7PxT1s7nLRZOcKMS0ViqIZ8DMpJyZqKakuqJHtHpf0bdScmrzMMbh6q X-Received: by 2002:a17:906:edca:: with SMTP id sb10mr23172088ejb.60.1600235029857; Tue, 15 Sep 2020 22:43:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600235029; cv=none; d=google.com; s=arc-20160816; b=fRdIuRhz3FIKWevSAIWrTx6m5KxmexoHtJZhhfdvXA/td9ARs2T0RDLXsbJIz0ttsQ jdSnPjfgTwzU9Tb1uxLLlE8Ef5Whp8nkOfEC1D8nMnvwScR3K0PYfL5ZjKEyUnP7yk4u R3RMuEzDtpPIK7q9dkUvoWZTzj5GW9LxtOSUKpwGmcs0H6rLAVLcdvUnPF//5g01v9R2 OTlNMwsFRZxQyDAZwsiJ/rB9wqYEUnFM4OJmEf3uyS6k1EmLWigQ58mSIkXVoohNo7lT hdNVYmQVYf94WXIiwR7KpOE+S2fSYd5zM2SXMhtkTf3/LFudKSUzsZLU6kzkr1gFOYYF NO1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=+pbwEMFexk6xyQ9h0jqU0912ukaaXBh0HJZ3KB+mB84=; b=yJpmEDe02N7CIyWlT2yvk5P0M9PMuK/XQX1rUsw+BC/mCqqk7/4Hhj1sxK6PpQlFeL evYG8D3bjho3dkb3pZA5v7gMO+wyBfnUCFWnyY7Cl5tMCRlqEEQRp9rgHH8QF8raEhwF thH05jZ8Fnwli5Cq2zD4yECZj7QfzpEe9c/f0jaypujM1jKoGy9yWbqi50BNZyl5v7r3 5h9RBGMSwdfCSwnHSqEmEqOvgpWMFwJvAB1mqyQ7Ibuh1SIiOnRnPJViLqgqj//joeaJ JtLQgWJycwmBl8N8zzRKVwOKPROb/wcdxXTN4+nNwyfsoaDSc4Wn/4WdbnAe+LSOqDDq fx8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=z6DxVqWL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s22si10825816ejr.179.2020.09.15.22.43.27; Tue, 15 Sep 2020 22:43:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=z6DxVqWL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726241AbgIPFmA (ORCPT + 99 others); Wed, 16 Sep 2020 01:42:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:34706 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726159AbgIPFl7 (ORCPT ); Wed, 16 Sep 2020 01:41:59 -0400 Received: from sol.localdomain (172-10-235-113.lightspeed.sntcca.sbcglobal.net [172.10.235.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 88F1D206F7; Wed, 16 Sep 2020 05:41:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1600234918; bh=hSP4gRwVEWhysa34HuwuUeUWtwGLR+7qBuvWJ/US/xI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=z6DxVqWLpWKYFixD+gwLxBRh1iUCN5ANUHZOZ773rz+A3XDsFwA3/qz5POT3/X5pv MEO3ATs0i1zhe9mEIRHRP3dHjUStgDnGX5eRK4iG4LawIRdKytaRh1Wlvx2gNGSION MwoogpUb3sI4lAbZ2Mi8BbgtPd4HPKJXYKsFyazc= Date: Tue, 15 Sep 2020 22:41:57 -0700 From: Eric Biggers To: Anant Thazhemadam Cc: linux-kernel-mentees@lists.linuxfoundation.org, syzbot+4191a44ad556eacc1a7a@syzkaller.appspotmail.com, Alexander Viro , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fs: fix KMSAN uninit-value bug by initializing nd in do_file_open_root Message-ID: <20200916054157.GC825@sol.localdomain> References: <20200916052657.18683-1-anant.thazhemadam@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200916052657.18683-1-anant.thazhemadam@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 16, 2020 at 10:56:56AM +0530, Anant Thazhemadam wrote: > The KMSAN bug report for the bug indicates that there exists; > Local variable ----nd@do_file_open_root created at: > do_file_open_root+0xa4/0xb40 fs/namei.c:3385 > do_file_open_root+0xa4/0xb40 fs/namei.c:3385 > > Initializing nd fixes this issue, and doesn't break anything else either > > Fixes: https://syzkaller.appspot.com/bug?extid=4191a44ad556eacc1a7a > Reported-by: syzbot+4191a44ad556eacc1a7a@syzkaller.appspotmail.com > Tested-by: syzbot+4191a44ad556eacc1a7a@syzkaller.appspotmail.com > Signed-off-by: Anant Thazhemadam > --- > fs/namei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/namei.c b/fs/namei.c > index e99e2a9da0f7..b27382586209 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -3404,7 +3404,7 @@ struct file *do_filp_open(int dfd, struct filename *pathname, > struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt, > const char *name, const struct open_flags *op) > { > - struct nameidata nd; > + struct nameidata nd = {}; > struct file *file; > struct filename *filename; > int flags = op->lookup_flags | LOOKUP_ROOT; Looking at the actual KMSAN report, it looks like it's nameidata::dir_mode or nameidata::dir_uid that is uninitialized. You need to figure out the correct solution, not just blindly initialize with zeroes -- that could hide a bug. Is there a bug that is preventing these fields from being initialized to the correct values, are these fields being used when they shouldn't be, etc... - Eric