From 903bf0e67c5d3787c667463788289e83788fc49b Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Thu, 6 Jul 2017 00:03:38 -0400 Subject: [PATCH] add patch make-sure-all-temp-bh-fields-are-initialized --- make-sure-all-temp-bh-fields-are-initialized | 66 ++++++++++++++++++++++++++++ series | 1 + timestamps | 9 ++-- 3 files changed, 72 insertions(+), 4 deletions(-) create mode 100644 make-sure-all-temp-bh-fields-are-initialized diff --git a/make-sure-all-temp-bh-fields-are-initialized b/make-sure-all-temp-bh-fields-are-initialized new file mode 100644 index 00000000..6712e1ad --- /dev/null +++ b/make-sure-all-temp-bh-fields-are-initialized @@ -0,0 +1,66 @@ +fs: generic_block_bmap(): initialize all of the fields in the temp bh + +From: Alexander Potapenko + +KMSAN (KernelMemorySanitizer, a new error detection tool) reports the +use of uninitialized memory in ext4_update_bh_state(): + +================================================================== +BUG: KMSAN: use of unitialized memory +CPU: 3 PID: 1 Comm: swapper/0 Tainted: G B 4.8.0-rc6+ #597 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs +01/01/2011 + 0000000000000282 ffff88003cc96f68 ffffffff81f30856 0000003000000008 + ffff88003cc96f78 0000000000000096 ffffffff8169742a ffff88003cc96ff8 + ffffffff812fc1fc 0000000000000008 ffff88003a1980e8 0000000100000000 +Call Trace: + [< inline >] __dump_stack lib/dump_stack.c:15 + [] dump_stack+0xa6/0xc0 lib/dump_stack.c:51 + [] kmsan_report+0x1ec/0x300 mm/kmsan/kmsan.c:? + [] __msan_warning+0x2b/0x40 ??:? + [< inline >] ext4_update_bh_state fs/ext4/inode.c:727 + [] _ext4_get_block+0x6ca/0x8a0 fs/ext4/inode.c:759 + [] ext4_get_block+0x8c/0xa0 fs/ext4/inode.c:769 + [] generic_block_bmap+0x246/0x2b0 fs/buffer.c:2991 + [] ext4_bmap+0x5ee/0x660 fs/ext4/inode.c:3177 +... +origin description: ----tmp@generic_block_bmap +================================================================== + +(the line numbers are relative to 4.8-rc6, but the bug persists +upstream) + +The local |tmp| is created in generic_block_bmap() and then passed into +ext4_bmap() => ext4_get_block() => _ext4_get_block() => +ext4_update_bh_state(). Along the way tmp.b_page is never initialized +before ext4_update_bh_state() checks its value. + +[ Use the approach suggested by Kees Cook of initializing the whole bh + structure.] + +Signed-off-by: Alexander Potapenko +Signed-off-by: Theodore Ts'o +--- + fs/buffer.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/buffer.c b/fs/buffer.c +index 161be58c5cb0..a3399aa6a2bd 100644 +--- a/fs/buffer.c ++++ b/fs/buffer.c +@@ -3021,11 +3021,11 @@ EXPORT_SYMBOL(block_write_full_page); + sector_t generic_block_bmap(struct address_space *mapping, sector_t block, + get_block_t *get_block) + { +- struct buffer_head tmp; + struct inode *inode = mapping->host; +- tmp.b_state = 0; +- tmp.b_blocknr = 0; +- tmp.b_size = i_blocksize(inode); ++ struct buffer_head tmp = { ++ .b_size = i_blocksize(inode), ++ }; ++ + get_block(inode, block, &tmp, 0); + return tmp.b_blocknr; + } diff --git a/series b/series index 7d861862..27b59f63 100644 --- a/series +++ b/series @@ -46,6 +46,7 @@ dont-bother-checking-for-encryption-key-in-mmap require-key-for-truncate-of-encrypted-files fast-symlink-test-should-not-rely-on-i_blocks +make-sure-all-temp-bh-fields-are-initialized #################################################### # unstable patches diff --git a/timestamps b/timestamps index b23ef941..87d05b63 100755 --- a/timestamps +++ b/timestamps @@ -74,8 +74,9 @@ touch -d @1498193937 fix-off-by-one-fsmap-error-on-1k-block-filesystems touch -d @1498194502 check-return-value-of-kstrtoull-correctly touch -d @1498261298 dont-bother-checking-for-encryption-key-in-mmap touch -d @1498261724 require-key-for-truncate-of-encrypted-files -touch -d @1498261784 stable-boundary touch -d @1499141481 fast-symlink-test-should-not-rely-on-i_blocks -touch -d @1499141494 series -touch -d @1499141501 status -touch -d @1499141504 timestamps +touch -d @1499141541 stable-boundary +touch -d @1499217068 series +touch -d @1499230581 make-sure-all-temp-bh-fields-are-initialized +touch -d @1499230581 status +touch -d @1499313788 timestamps -- 2.11.4.GIT