KMSAN reported a use of uninitialized memory in __bch2_read_endio(): BUG: KMSAN: uninit-value in __bch2_read_endio+0xb2a/0x2240 fs/bcachefs/io_read.c:832 ... Uninit was stored to memory at: poly1305_core_emit+0x46a/0x480 lib/crypto/poly1305-donna64.c:183 ... __bch2_checksum_bio+0x1048/0x1130 fs/bcachefs/checksum.c:237
The local `digest` buffer in __bch2_checksum_bio() was left uninitialized before being passed into Poly1305 routines, which caused KMSAN to flag it as an uninitialized read. Fix this by explicitly zero-initializing `digest`. Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=7fb23a5461e8c9d38a3e Fixes: 1c6fdbd8f246 ("bcachefs: Initial commit") Signed-off-by: Abinash Singh <[email protected]> --- fs/bcachefs/checksum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/bcachefs/checksum.c b/fs/bcachefs/checksum.c index a6795e73f0b9..433ded62c77a 100644 --- a/fs/bcachefs/checksum.c +++ b/fs/bcachefs/checksum.c @@ -216,7 +216,7 @@ static struct bch_csum __bch2_checksum_bio(struct bch_fs *c, unsigned type, case BCH_CSUM_chacha20_poly1305_80: case BCH_CSUM_chacha20_poly1305_128: { struct poly1305_desc_ctx dctx; - u8 digest[POLY1305_DIGEST_SIZE]; + u8 digest[POLY1305_DIGEST_SIZE] = { 0 }; struct bch_csum ret = { 0 }; bch2_poly1305_init(&dctx, c, nonce); -- 2.43.0
