bcachefs: Fix KMSAN uninit-value in __bch2_read_endio

[PATCH RFC] bcachefs: Fix KMSAN uninit-value in __bch2_read_endio

Posted by Abinash Singh 2 days, 13 hours ago

KMSAN reported a use of uninitialized memory in __bch2_read_endio():

  BUG: KMSAN: uninit-value in __bch2_read_endio+0xb2a/0x2240
  fs/bcachefs/io_read.c:832
  ...
  Uninit was stored to memory at:
  poly1305_core_emit+0x46a/0x480 lib/crypto/poly1305-donna64.c:183
  ...
  __bch2_checksum_bio+0x1048/0x1130 fs/bcachefs/checksum.c:237

The local `digest` buffer in __bch2_checksum_bio() was left
uninitialized before being passed into Poly1305 routines, which
caused KMSAN to flag it as an uninitialized read.

Fix this by explicitly zero-initializing `digest`.

Reported-by: syzbot+7fb23a5461e8c9d38a3e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7fb23a5461e8c9d38a3e
Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit")
Signed-off-by: Abinash Singh <abinashsinghlalotra@gmail.com>
---
 fs/bcachefs/checksum.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c
index a6795e73f0b9..433ded62c77a 100644
--- a/fs/bcachefs/checksum.c
+++ b/fs/bcachefs/checksum.c
@@ -216,7 +216,7 @@ static struct bch_csum __bch2_checksum_bio(struct bch_fs *c, unsigned type,
 	case BCH_CSUM_chacha20_poly1305_80:
 	case BCH_CSUM_chacha20_poly1305_128: {
 		struct poly1305_desc_ctx dctx;
-		u8 digest[POLY1305_DIGEST_SIZE];
+		u8 digest[POLY1305_DIGEST_SIZE] = { 0 };
 		struct bch_csum ret = { 0 };
 
 		bch2_poly1305_init(&dctx, c, nonce);
-- 
2.43.0