On Wed, 8 Nov 2023 13:35:17 +0900, Sungjong Seo wrote:
> Hello,
>
> A similar fix has already been queued in the dev branch.
> Please refer to below commit.
>
> Commit fc12a722e6b7 ("exfat: fix setting uninitialized time to
> ctime/atime"):
> https://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat.git/commit/
> ?h=dev&id=fc12a722e6b799d1d3c1520dc9ba9aab4fda04bf
Hi,
I've not noticed the commit you mentioned. Thank you so much for your
feedback!
Thanks,
Shigeru
> Thanks.
>
> B.R.
> Sungjong Seo
>
>> KMSAN reported the following uninit-value access issue:
>>
>> =====================================================
>> BUG: KMSAN: uninit-value in exfat_set_entry_time+0x309/0x360
>> fs/exfat/misc.c:99
>> exfat_set_entry_time+0x309/0x360 fs/exfat/misc.c:99
>> __exfat_write_inode+0x7ae/0xdb0 fs/exfat/inode.c:59
>> __exfat_truncate+0x70e/0xb20 fs/exfat/file.c:163
>> exfat_truncate+0x121/0x540 fs/exfat/file.c:211
>> exfat_setattr+0x116c/0x1a40 fs/exfat/file.c:312
>> notify_change+0x1934/0x1a30 fs/attr.c:499
>> do_truncate+0x224/0x2a0 fs/open.c:66
>> handle_truncate fs/namei.c:3280 [inline] do_open fs/namei.c:3626
> [inline]
>> path_openat+0x56c6/0x5f20 fs/namei.c:3779
>> do_filp_open+0x21c/0x5a0 fs/namei.c:3809
>> do_sys_openat2+0x1ba/0x2f0 fs/open.c:1440 do_sys_open fs/open.c:1455
>> [inline] __do_sys_creat fs/open.c:1531 [inline] __se_sys_creat
>> fs/open.c:1525 [inline]
>> __x64_sys_creat+0xe3/0x140 fs/open.c:1525
>> do_syscall_x64 arch/x86/entry/common.c:51 [inline]
>> do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
>> entry_SYSCALL_64_after_hwframe+0x63/0x6b
>>
>> Uninit was stored to memory at:
>> exfat_set_entry_time+0x302/0x360 fs/exfat/misc.c:99
>> __exfat_write_inode+0x7ae/0xdb0 fs/exfat/inode.c:59
>> __exfat_truncate+0x70e/0xb20 fs/exfat/file.c:163
>> exfat_truncate+0x121/0x540 fs/exfat/file.c:211
>> exfat_setattr+0x116c/0x1a40 fs/exfat/file.c:312
>> notify_change+0x1934/0x1a30 fs/attr.c:499
>> do_truncate+0x224/0x2a0 fs/open.c:66
>> handle_truncate fs/namei.c:3280 [inline] do_open fs/namei.c:3626
> [inline]
>> path_openat+0x56c6/0x5f20 fs/namei.c:3779
>> do_filp_open+0x21c/0x5a0 fs/namei.c:3809
>> do_sys_openat2+0x1ba/0x2f0 fs/open.c:1440 do_sys_open fs/open.c:1455
>> [inline] __do_sys_creat fs/open.c:1531 [inline] __se_sys_creat
>> fs/open.c:1525 [inline]
>> __x64_sys_creat+0xe3/0x140 fs/open.c:1525
>> do_syscall_x64 arch/x86/entry/common.c:51 [inline]
>> do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
>> entry_SYSCALL_64_after_hwframe+0x63/0x6b
>>
>> Local variable ts created at:
>> __exfat_write_inode+0x102/0xdb0 fs/exfat/inode.c:29
>> __exfat_truncate+0x70e/0xb20 fs/exfat/file.c:163
>>
>> CPU: 0 PID: 13839 Comm: syz-executor.7 Not tainted 6.6.0-14500-
>> g1c41041124bd #10 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>> BIOS 1.16.2-1.fc38 04/01/2014
>> =====================================================
>>
>> Commit 4c72a36edd54 ("exfat: convert to new timestamp accessors") changed
>> __exfat_write_inode() to use new timestamp accessor functions.
>>
>> As for mtime, inode_set_mtime_to_ts() is called after
>> exfat_set_entry_time(). This causes the above issue because `ts` is not
>> initialized when exfat_set_entry_time() is called. The same issue can
>> occur for atime.
>>
>> This patch resolves this issue by calling inode_get_mtime() and
>> inode_get_atime() before exfat_set_entry_time() to initialize `ts`.
>>
>> Fixes: 4c72a36edd54 ("exfat: convert to new timestamp accessors")
>> Signed-off-by: Shigeru Yoshida <syoshida@xxxxxxxxxx>
>> ---
>> fs/exfat/inode.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/exfat/inode.c b/fs/exfat/inode.c index
>> 875234179d1f..e7ff58b8e68c 100644
>> --- a/fs/exfat/inode.c
>> +++ b/fs/exfat/inode.c
>> @@ -56,18 +56,18 @@ int __exfat_write_inode(struct inode *inode, int sync)
>> &ep->dentry.file.create_time,
>> &ep->dentry.file.create_date,
>> &ep->dentry.file.create_time_cs);
>> + ts = inode_get_mtime(inode);
>> exfat_set_entry_time(sbi, &ts,
>> &ep->dentry.file.modify_tz,
>> &ep->dentry.file.modify_time,
>> &ep->dentry.file.modify_date,
>> &ep->dentry.file.modify_time_cs);
>> - inode_set_mtime_to_ts(inode, ts);
>> + ts = inode_get_atime(inode);
>> exfat_set_entry_time(sbi, &ts,
>> &ep->dentry.file.access_tz,
>> &ep->dentry.file.access_time,
>> &ep->dentry.file.access_date,
>> NULL);
>> - inode_set_atime_to_ts(inode, ts);
>>
>> /* File size should be zero if there is no cluster allocated */
>> on_disk_size = i_size_read(inode);
>> --
>> 2.41.0
>
>
