Unverified Commit 73e6b9da authored by Raphael Pinsonneault-Thibeault's avatar Raphael Pinsonneault-Thibeault Committed by Konstantin Komarov
Browse files

ntfs3: fix uninit memory after failed mi_read in mi_format_new 



Fix a KMSAN un-init bug found by syzkaller.

ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be
uptodate. We do not bring the buffer uptodate before setting it as
uptodate. If the buffer were to not be uptodate, it could mean adding a
buffer with un-init data to the mi record. Attempting to load that record
will trigger KMSAN.

Avoid this by setting the buffer as uptodate, if it’s not already, by
overwriting it.

Reported-by: default avatar <syzbot+7a2ba6b7b66340cff225@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=7a2ba6b7b66340cff225


Tested-by: default avatar <syzbot+7a2ba6b7b66340cff225@syzkaller.appspotmail.com>
Fixes: 4342306f ("fs/ntfs3: Add file operations and implementation")
Signed-off-by: default avatarRaphael Pinsonneault-Thibeault <rpthibeault@gmail.com>
Signed-off-by: default avatarKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
parent 02f31275

fs/ntfs3/fsntfs.c

+8 −1
Original line number Diff line number Diff line
@@ -1349,7 +1349,14 @@ int ntfs_get_bh(struct ntfs_sb_info *sbi, const struct runs_tree *run, u64 vbo, 
				}

				if (buffer_locked(bh))

					__wait_on_buffer(bh);



				lock_buffer(bh);

				if (!buffer_uptodate(bh))

				{

					memset(bh->b_data, 0, blocksize);

					set_buffer_uptodate(bh);

				}

				unlock_buffer(bh);

			} else {

				bh = ntfs_bread(sb, block);

				if (!bh) {