fs/cramfs/inode.c: initialize file_ra_state

akpm00 · akpm00 · commit 3e35102666f8 · 2023-03-02T21:54:23.000-08:00
file_ra_state_init() assumes that the file_ra_state has been zeroed out. Fixes a KMSAN used-unintialized issue (at least). Fixes: cf948cb ("cramfs: read_mapping_page() is synchronous") Reported-by: syzbot <syzbot+8ce7f8308d91e6b8bbe2@syzkaller.appspotmail.com> Link: https://lkml.kernel.org/r/0000000000008f74e905f56df987@google.com Cc: Matthew Wilcox <willy@infradead.org> Cc: Nicolas Pitre <nico@fluxnic.net> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
diff --git a/fs/cramfs/inode.c b/fs/cramfs/inode.c
@@ -183,7 +183,7 @@ static void *cramfs_blkdev_read(struct super_block *sb, unsigned int offset,
 				unsigned int len)
 {
 	struct address_space *mapping = sb->s_bdev->bd_inode->i_mapping;
-	struct file_ra_state ra;
+	struct file_ra_state ra = {};
 	struct page *pages[BLKS_PER_BUF];
 	unsigned i, blocknr, buffer;
 	unsigned long devsize;

Original file line number	Diff line number	Diff line change
`@@ -183,7 +183,7 @@ static void cramfs_blkdev_read(struct super_block sb, unsigned int offset,`
`183`	`183`	`unsigned int len)`
`184`	`184`	`{`
`185`	`185`	`struct address_space *mapping = sb->s_bdev->bd_inode->i_mapping;`
`186`		`- struct file_ra_state ra;`
	`186`	`+ struct file_ra_state ra = {};`
`187`	`187`	`struct page *pages[BLKS_PER_BUF];`
`188`	`188`	`unsigned i, blocknr, buffer;`
`189`	`189`	`unsigned long devsize;`