DEBIAN-CVE-2024-39301

In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9clientrpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace9pclientres include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit-value in p9clientrpc+0x1314/0x1340 net/9p/client.c:754 trace9pclientres include/trace/events/9p.h:146 [inline] p9clientrpc+0x1314/0x1340 net/9p/client.c:754 p9clientcreate+0x1551/0x1ff0 net/9p/client.c:1031 v9fssessioninit+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fsmount+0xe2/0x12b0 fs/9p/vfssuper.c:122 legacygettree+0x114/0x290 fs/fscontext.c:662 vfsgettree+0xa7/0x570 fs/super.c:1797 donewmount+0x71f/0x15e0 fs/namespace.c:3352 pathmount+0x742/0x1f20 fs/namespace.c:3679 domount fs/namespace.c:3692 [inline] dosysmount fs/namespace.c:3898 [inline] _sesysmount+0x725/0x810 fs/namespace.c:3875 _x64sysmount+0xe4/0x150 fs/namespace.c:3875 dosyscall64+0xd5/0x1f0 entrySYSCALL64afterhwframe+0x6d/0x75 Uninit was created at: _allocpages+0x9d6/0xe70 mm/pagealloc.c:4598 _allocpagesnode include/linux/gfp.h:238 [inline] allocpagesnode include/linux/gfp.h:261 [inline] allocslabpage mm/slub.c:2175 [inline] allocateslab mm/slub.c:2338 [inline] newslab+0x2de/0x1400 mm/slub.c:2391 _slaballoc+0x1184/0x33d0 mm/slub.c:3525 _slaballoc mm/slub.c:3610 [inline] _slaballocnode mm/slub.c:3663 [inline] slaballocnode mm/slub.c:3835 [inline] kmemcachealloc+0x6d3/0xbe0 mm/slub.c:3852 p9tagalloc net/9p/client.c:278 [inline] p9clientpreparereq+0x20a/0x1770 net/9p/client.c:641 p9clientrpc+0x27e/0x1340 net/9p/client.c:688 p9clientcreate+0x1551/0x1ff0 net/9p/client.c:1031 v9fssessioninit+0x1b9/0x28e0 fs/9p/v9fs.c:410 v9fsmount+0xe2/0x12b0 fs/9p/vfssuper.c:122 legacygettree+0x114/0x290 fs/fscontext.c:662 vfsgettree+0xa7/0x570 fs/super.c:1797 donewmount+0x71f/0x15e0 fs/namespace.c:3352 pathmount+0x742/0x1f20 fs/namespace.c:3679 domount fs/namespace.c:3692 [inline] _dosysmount fs/namespace.c:3898 [inline] _sesysmount+0x725/0x810 fs/namespace.c:3875 _x64sysmount+0xe4/0x150 fs/namespace.c:3875 dosyscall64+0xd5/0x1f0 entrySYSCALL64afterhwframe+0x6d/0x75 If p9checkerrors() fails early in p9clientrpc(), req->rc.tag will not be properly initialized. However, trace9pclientres() ends up trying to print it out anyway before p9clientrpc() finishes. Fix this issue by assigning default values to p9fcall fields such as 'tag' and (just in case KMSAN unearths something new) 'id' during the tag allocation stage.