Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2870288lqo; Mon, 20 May 2024 22:22:05 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWJSuGoyKe+VXbeiSH/s6W6aGGbQmZ8jTbN00eRpoD7CVsnkcUIl7K0wFuVxDLXVOqsmdX0wFhlvBtAmOF0WmVQFT+l5X+q1/yEH+fQtQ== X-Google-Smtp-Source: AGHT+IEZEIwZRTLS+Om/8aYqBxt/AXdArqUERDtwLjtdnApQFMVWu62kRE4zd3RpUX097S1qOwoh X-Received: by 2002:a05:6512:1304:b0:51c:5171:bbed with SMTP id 2adb3069b0e04-5221006e625mr24941628e87.15.1716268924859; Mon, 20 May 2024 22:22:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716268924; cv=pass; d=google.com; s=arc-20160816; b=LAjW0jXAo1/T9XqIQrjVsPYJA2VPxB0d9r96fVFyuGv2Mp6XCn+fjSEwH0nrX/bF0A fyGAsD9JJ3j8spwyxFJ2lmFk8jgso3mkFjFTQcJmSHH4v1t4aXYC8hImeJbkuKAZ9vnU 7/loy4koeM3mZjdAsfNHC0KN76Wc6qtEhU7r1mGnQj4k1gGPIn1RizLt1AgxpM776ZNs lwhcEFhJJ4Si6rjhB7ehbhEtnnLpaLhxCvGZ3pINCKiH+SU6BQndXK7npB5vBHH7xfCv clxXtKU+TVchTWx+qFFZ1mCaPZJfZlY7jMUvgEk+L8jnALX3APK0iFaL+Evu8ALEfcKs kJcg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=Casgct2oLQqREqCGC1LCZkyZSznfO6GVNAfVv7GbcGE=; fh=mgTiSWHVUw2p1moi70XnqRbWtNtWlxWlbU2wbvb/cVs=; b=aN8akCTBli3K16WDarRR4DxhJdw2fCP0bJmihgWqPmEBf23/op8stc+lEJx+WahpE8 btFqe/8RlA5A7S120NO11H8DnJdIoqqt1jJMO/xao7ck/RowyjtU0bQk2r5Id3sqLZq4 npRCqw98ZJKXugMPKTakdpv7RTnojIYVJie6yguMs4op5om8UyfzaIvG41cCUiqz+Mkg 03aqwVZs8LnFULsOhoy7V9ZtqCHfScps/GDjr/MxMXR7ghfVGf1hBYCzTNB87fFmHk5I US8Zy7IrZda2Ocaj7xxxeSZFL1L5Vuu9vP8GtbFXTDG7NsKgb4pHWDadOD7hMJ018bl7 UEBA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=Du05iUcY; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-184502-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184502-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a5cdc77c8a9si619908566b.337.2024.05.20.22.22.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 May 2024 22:22:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-184502-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=Du05iUcY; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-184502-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184502-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 88C131F2233A for ; Tue, 21 May 2024 05:22:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 77C5B405E6; Tue, 21 May 2024 05:21:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="Du05iUcY" Received: from out203-205-221-205.mail.qq.com (out203-205-221-205.mail.qq.com [203.205.221.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3A2B2579; Tue, 21 May 2024 05:21:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.205 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716268912; cv=none; b=AlaeSbbzADkif7vNEi0mIiv4dTkszDHPapl9xxel5ibboOw4/tw9uFoSR7RX4FWUfqUzm9+Bq9nkVvkyIA9s2JRpcWV4SAzNAcrBM9JPkjTL2V1FM4PHyb2WKBZSC0m3qf3k+0eYAHsKKzFyuAU14sgaam8R44ouq/mMP387gT4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716268912; c=relaxed/simple; bh=yAgAFccbsLhH5Kh8DfkFVFoeeV5JR++v4A1KPmkBP8M=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=AlzlqzeMQnq599a439QlraZ25is8WfQATJdo6GdPH/KPbbyIyvK4UnzlHDVvBb+uXl9PdD2Gsl8QvcmOj7QAjGAwL3ZPgH0cn0LLIz0JVcdLaYx/FdvFTKyApRiGnI+MAJEKZr3YQ622FCUHREekfGq6JEBWk4RM9SFKXTN3b5s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=Du05iUcY; arc=none smtp.client-ip=203.205.221.205 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1716268907; bh=Casgct2oLQqREqCGC1LCZkyZSznfO6GVNAfVv7GbcGE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Du05iUcYd15znnKT/IWUZKV9ygnEX7S5Yi6GCBfFFeARzR+UZxIMndJAO8kS85Asx 4POVpO9DOdvBFiYIEceK7D0c25sHurNLa5UHnB/amCJUEvVdISe1FgaYL6OECOaNUi rLtoBkoc0DbFgms/x7nqb0gcTg/hV35Ai34oUyX4= Received: from pek-lxu-l1.wrs.com ([111.198.228.153]) by newxmesmtplogicsvrsza29-0.qq.com (NewEsmtp) with SMTP id 56D2841B; Tue, 21 May 2024 13:21:45 +0800 X-QQ-mid: xmsmtpt1716268905tneqdgm41 Message-ID: X-QQ-XMAILINFO: MmPNY57tR1XnX8AD1fRRG+2fdkULK6pSBgCRNUbAQFl3RcY7Fkt+92njyCFoV4 CPkpRI+zwkB1QTxkNLXqDsWxB5dm8SStsGWrBFJbvp0kngZEv6uqQ1LHIcOVdD95da2V6ccq1rpU 8qhrs5EtDbiCQWY0TAqMGnicNK/otgmh8YttjJwp5a/JBf85MEN1huABiklyx3L7JwObn8YP3LLZ STaWl94UosNbDkdRsGxcgxCfIZRvyGJd3GPz1qV3/bRXGC/2S2FWYX96LsGRUAzH9k0miSuccUXc Jj5hb4/O1MRT82zMBd6tDNZ2XUDgwLPgRZBqYPXQL5Q6t2SevaXKSEfsnFpEFL0n8TSfNOVngvC3 oz0R8Ocr/d8QZFnNoL5JXrAIFQZzMmaZMw4sdxGksE3hRY5BlwnF0PiudqK5VzJogI0k1OOf6dco JUk+Rq0cikvpDvj4aZl44/oV3cvra5L27NWzdUbGJ8zVLKzgTlselnYyufawSVGxkimFMVkJCotA ZQlgViY56xP6jxzWqrdMjXBsQxktr7rfkHxEOzBCmLYx2Egqnx6uu48YOMAyHgSEa9YAFoLm5UCJ EacVefi9YFqRbuSNVjTubPdPLLhWF1uGM3zhDN5V4pkfXFegXb1XjkdxqOhKyTtX9BTGWm+w/LnC cBKIqqCdf8J8a3yM7RH78mOu0NbFdatWF5340NGoEj+Qa6QPvNG6PpJygL9a9vlHvjEytGt98k1V O7iLqgg0ROVg/uy34BHnmTVDyUEw3P82NyA2KK1GrbLI5sKZBPIuRbsbDStzAV5+fOpCjLOH8Ev2 8ZUZuY4kpil+6NOhlud/pmIShxnlYFt9BPw2Q9YVwbCos2ipSsCOTsbLxu6MeGPjoXzB9mv3HVZG TDJeEhUzftK47X7GZgzeV6PCLM081jsfmtbn2D4V9II7It1qvcvzHdj4TXEKob1w== X-QQ-XMRINFO: MPJ6Tf5t3I/ycC2BItcBVIA= From: Edward Adam Davis To: syzbot+efde959319469ff8d4d7@syzkaller.appspotmail.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: [PATCH] hfsplus: fix uninit-value in copy_name Date: Tue, 21 May 2024 13:21:46 +0800 X-OQ-MSGID: <20240521052145.562245-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <00000000000037162f0618b6fefb@google.com> References: <00000000000037162f0618b6fefb@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:3877 [inline] slab_alloc_node mm/slub.c:3918 [inline] kmalloc_trace+0x57b/0xbe0 mm/slub.c:4065 kmalloc include/linux/slab.h:628 [inline] hfsplus_listxattr+0x4cc/0x1a50 fs/hfsplus/xattr.c:699 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys_listxattr+0x16b/0x2f0 fs/xattr.c:873 x64_sys_call+0x2ba0/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:195 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [Fix] When allocating memory to strbuf, initialize memory to 0. Reported-and-tested-by: syzbot+efde959319469ff8d4d7@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis --- fs/hfsplus/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c index 9c9ff6b8c6f7..858029b1c173 100644 --- a/fs/hfsplus/xattr.c +++ b/fs/hfsplus/xattr.c @@ -698,7 +698,7 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size) return err; } - strbuf = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + + strbuf = kzalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + XATTR_MAC_OSX_PREFIX_LEN + 1, GFP_KERNEL); if (!strbuf) { res = -ENOMEM; -- 2.43.0