From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B458EC433F5 for ; Wed, 18 May 2022 00:08:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3BDB46B0072; Tue, 17 May 2022 20:08:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 36D326B0073; Tue, 17 May 2022 20:08:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 235446B0074; Tue, 17 May 2022 20:08:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1681F6B0072 for ; Tue, 17 May 2022 20:08:22 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id E547F31495 for ; Wed, 18 May 2022 00:08:21 +0000 (UTC) X-FDA: 79476926802.14.886747A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id 5BA20C00B7 for ; Wed, 18 May 2022 00:07:54 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 341C8614E8; Wed, 18 May 2022 00:08:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F1F5C385B8; Wed, 18 May 2022 00:08:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1652832498; bh=dGo2DK/jcDFeW9OzAZX7pYd8dKE594MPgxl0d5vf08o=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=PuAzQ1xUkMYyjYcicOstd9P9trgynYqqBU+B/c2c5XLaLyMpG8ZFb7oTGcEHuLm28 PoiyLQqVLCv4fnNH7dDRn/aAktE47o9fUzo2OtiJyKNlMCgfG01RkCwloZu+jdbZ8T kAcGMpVpaQVVKEem6L1nUmerTDe80ZYkF+mRm8Rw= Date: Tue, 17 May 2022 17:08:17 -0700 From: Andrew Morton To: Wang Cheng Cc: linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com Subject: Re: [PATCH] mm/mempolicy: fix uninit-value in mpol_rebind_policy() Message-Id: <20220517170817.94ca21558bbe035ae06bf6fa@linux-foundation.org> In-Reply-To: <20220516094726.b5rrsjg7rvei2od5@ppc.localdomain> References: <20220512123428.fq3wofedp6oiotd4@ppc.localdomain> <20220516094726.b5rrsjg7rvei2od5@ppc.localdomain> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Stat-Signature: kz1eqjhmki99t7ctehabuiu7qhjtxfqe X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 5BA20C00B7 Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=PuAzQ1xU; spf=pass (imf28.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-Rspam-User: X-HE-Tag: 1652832474-898606 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, 16 May 2022 17:47:26 +0800 Wang Cheng wrote: > > ... > > This patch seems to fix below bug too. > KMSAN: uninit-value in mpol_rebind_mm (2) > https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b > > The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy(). > When syzkaller reproducer runs to the beginning of mpol_new(), > > mpol_new() mm/mempolicy.c > do_mbind() mm/mempolicy.c > kernel_mbind() mm/mempolicy.c > > `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags` > is 0. Then > > mode = MPOL_LOCAL; > ... > policy->mode = mode; > policy->flags = flags; > > will be executed. So in mpol_set_nodemask(), > > mpol_set_nodemask() mm/mempolicy.c > do_mbind() > kernel_mbind() > > pol->mode is 4(MPOL_LOCAL), that `nodemask` in `pol` is not initialized, > which will be accessed in mpol_rebind_policy(). Thanks, I added the above to the changelog and I plan to import the result into mm-stable later this week. > IIUC, "#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()" > could be sent to syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com > to attach the fixing commit to the bug. WDYT? Could be. The "syz fix" isn't a thing I've paid much attention to. I'll start doing so ;)