From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AACF3C433F5 for ; Wed, 18 May 2022 08:53:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 407986B0074; Wed, 18 May 2022 04:53:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3B7F26B0075; Wed, 18 May 2022 04:53:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2A6A78D0002; Wed, 18 May 2022 04:53:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 1C1306B0074 for ; Wed, 18 May 2022 04:53:06 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id E9AEE205BA for ; Wed, 18 May 2022 08:53:05 +0000 (UTC) X-FDA: 79478249130.01.2077422 Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) by imf08.hostedemail.com (Postfix) with ESMTP id E2C0D1600BC for ; Wed, 18 May 2022 08:52:47 +0000 (UTC) Received: by mail-lj1-f178.google.com with SMTP id m6so1716702ljb.2 for ; Wed, 18 May 2022 01:53:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fBjJyFH8sXSyFWd7Z+l2eetv8x/giv4M4DnMxkIMcdI=; b=cezYN/54uwp401iZm2wviNOMyJq8YW8GnuhGTcKzr+80Ubn4/x8YgkkbPeybNJyGty Eom5EzKnHoSX8rrNyy9vABq5+8UKzIydpFBz12hOxCsUWtVcv/3nsoeXQC6oWUafmAPi 0NQTOh1yzdwZHiEqmRECvR+1WuzibquI82nOC+PglVuN6eXSyLGUVlUfQwiqeE7bwekp XCjd3Lo3K3MPS8VcDUjfSCyq5yqHhNx1LnfDaojed4nLf1EykDrmNNyqv+66NULYaSss wYDAE/PgoYcq9hRgQd7fhs4xgwCYlJAqHb0alSfNKSWuSyEWSJrgJzcf+oVs1WFDAMEU stKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fBjJyFH8sXSyFWd7Z+l2eetv8x/giv4M4DnMxkIMcdI=; b=auT/matCWRlLtoHkSRPda0VcM8aTSJiDNcZTeMDCoaXTGhb9ZhjDhncfAq1BUygiJY GCMf80sRr+h8Qz8Xu2LYIU1C993sk08/VTDEO/+T13nlHTZ8SaCRCTLSHtuUg2jJ5h1H kTfixRuBQUcrVrKXHEgPn4aEviWx1+X1tZ/yQ6/arVrhnTrsGovJvgFarah3R6zAwE/i t3wK69zrhzB+CaaV+Jsz9T2jlRqHmTeAIf2kvDafGiliqFvFPlmpf7sHgK19bKV74vWh 6EOxVWzSmgfN85ZTRWjUod/etTFHIY0yidIfWPXUl85ILoGS/8VgueKCJLlzppCMbb/S 2ZOQ== X-Gm-Message-State: AOAM530qmpWTrdHYAvqY0GznRlK7kepYFJxQcaMi2UXW1MA2X2YeIf9n xRUZ8b8x6mWbRoxk9GxvnEKp2zfO+FY9IGALOsk5Yw== X-Google-Smtp-Source: ABdhPJxbqSr9Qqsjk0zyFVPQZy3Fi77TFOlOqJFgxI5ws2ajUa+93wA9kO/j+w1syMPAbzbkUGsiZ7FWTG7ULtquuHg= X-Received: by 2002:a2e:87d0:0:b0:250:76dd:3bdf with SMTP id v16-20020a2e87d0000000b0025076dd3bdfmr16003686ljj.33.1652863983580; Wed, 18 May 2022 01:53:03 -0700 (PDT) MIME-Version: 1.0 References: <20220512123428.fq3wofedp6oiotd4@ppc.localdomain> <20220516094726.b5rrsjg7rvei2od5@ppc.localdomain> <20220517170817.94ca21558bbe035ae06bf6fa@linux-foundation.org> In-Reply-To: <20220517170817.94ca21558bbe035ae06bf6fa@linux-foundation.org> From: Dmitry Vyukov Date: Wed, 18 May 2022 10:52:51 +0200 Message-ID: Subject: Re: [PATCH] mm/mempolicy: fix uninit-value in mpol_rebind_policy() To: Andrew Morton Cc: Wang Cheng , linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: 7medkx6odo7z7cighbpdk6w5gknuqabt X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: E2C0D1600BC Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b="cezYN/54"; spf=pass (imf08.hostedemail.com: domain of dvyukov@google.com designates 209.85.208.178 as permitted sender) smtp.mailfrom=dvyukov@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspam-User: X-HE-Tag: 1652863967-921761 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 18 May 2022 at 02:08, Andrew Morton wrote: > > On Mon, 16 May 2022 17:47:26 +0800 Wang Cheng wrote: > > > > > ... > > > > This patch seems to fix below bug too. > > KMSAN: uninit-value in mpol_rebind_mm (2) > > https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b > > > > The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy(). > > When syzkaller reproducer runs to the beginning of mpol_new(), > > > > mpol_new() mm/mempolicy.c > > do_mbind() mm/mempolicy.c > > kernel_mbind() mm/mempolicy.c > > > > `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags` > > is 0. Then > > > > mode = MPOL_LOCAL; > > ... > > policy->mode = mode; > > policy->flags = flags; > > > > will be executed. So in mpol_set_nodemask(), > > > > mpol_set_nodemask() mm/mempolicy.c > > do_mbind() > > kernel_mbind() > > > > pol->mode is 4(MPOL_LOCAL), that `nodemask` in `pol` is not initialized, > > which will be accessed in mpol_rebind_policy(). > > Thanks, I added the above to the changelog and I plan to import the > result into mm-stable later this week. > > > IIUC, "#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()" > > could be sent to syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com > > to attach the fixing commit to the bug. WDYT? > > Could be. The "syz fix" isn't a thing I've paid much attention to. > I'll start doing so ;) Yes, we can send: #syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy() to syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com and now it should be reflected at: https://syzkaller.appspot.com/bug?extid=ad1b8c404f0959c4bfcc and the bug will be closed when the fix is merged everywhere.