From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 942ADC433EF
	for <linux-mm@archiver.kernel.org>; Mon,  4 Jul 2022 16:48:23 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 026EC6B0074; Mon,  4 Jul 2022 12:48:23 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id F18936B0075; Mon,  4 Jul 2022 12:48:22 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E06D36B0078; Mon,  4 Jul 2022 12:48:22 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id CDF0F6B0074
	for <linux-mm@kvack.org>; Mon,  4 Jul 2022 12:48:22 -0400 (EDT)
Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay12.hostedemail.com (Postfix) with ESMTP id 96A22121131
	for <linux-mm@kvack.org>; Mon,  4 Jul 2022 16:48:22 +0000 (UTC)
X-FDA: 79650000444.18.4DC82C0
Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174])
	by imf27.hostedemail.com (Postfix) with ESMTP id 3857A40039
	for <linux-mm@kvack.org>; Mon,  4 Jul 2022 16:48:22 +0000 (UTC)
Received: by mail-yb1-f174.google.com with SMTP id o2so12514008yba.7
        for <linux-mm@kvack.org>; Mon, 04 Jul 2022 09:48:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=L5bopA3LB1XHVOlLQfcH6XEn+sIBVPJTuLNRtswn9CI=;
        b=c/CZzhgWMX3bbr5O6IqvVMfoZnAyutFGHBtOJxvRVUCpPzJ6Vh/OEsX9ddjDryLKuA
         JXrDh2Q0dZwecqh0Bc1ZmIHbvHv5ZYlF/3Cy4pp59N/hZZc+g6AzKwqaEjKE9n+w0L4P
         SGtbVNdzX60In90tk3zR5kKxLS65szG0+ctLVOkHwz7kJpsy0qBpVQiDktlwX2NIU037
         thbcpaGonmo+7T5qn/XqJZ7ApfK4ca3IKZojcWMlCA/qfHccaJFH1GvI7//8OsazLSHT
         DXnwVJ0N1MqLa9SonmmKK11lHhIqIejowfQl2WAJ84B2obL74Vlq/wGy/lbvhUw3aJva
         YrJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=L5bopA3LB1XHVOlLQfcH6XEn+sIBVPJTuLNRtswn9CI=;
        b=mG1Ae4kKCwFAvFNMeyR99IL55uOYMxJnfWNNQ/9O24HGujAHp549f8VyzaGEu/7goK
         BdFqn0szDReF5oz+PgVoUs9L7DByPueULk2lABiLReff3V56UlEqxgunMmTtltClQXx2
         1F+WmAEuxC7MpvSyd9mgD/Ip6N6Fk46lrrnkRH3wfoqYeiOTt+7xUg+fmzabJVQY66R8
         A+MFngYoXOkdlJmYBHK47zF24qUyeQ1fef5N4apSHXp9utLYL3edy5R2oYrACRoQeQk6
         OMYI7lzXhTc7TOyL/KqS70F/3fY+eAa60suwFsJj3p5V3mGbuEtxBkgu+sCdZjiGW5pm
         ARmQ==
X-Gm-Message-State: AJIora8N/GLkdA93Yv2xVZwg9fZe30icpkZV4imgFMzKRYpp8kbUkEf/
	hXVrL34nsXvWvCyr1xX1g69CQUtouJZnOIf4hmUpZQ==
X-Google-Smtp-Source: AGRyM1tLdo0rneMsHOCy50i0zEQc7jDRMizVYynxVyfcFXLv8SFU3m/8JPgrZi7jMpqg3yqU/ifuk0aRSs6UyJ9TJfg=
X-Received: by 2002:a25:a345:0:b0:66c:c670:6d13 with SMTP id
 d63-20020a25a345000000b0066cc6706d13mr33311155ybi.307.1656953301274; Mon, 04
 Jul 2022 09:48:21 -0700 (PDT)
MIME-Version: 1.0
References: <20220701142310.2188015-1-glider@google.com> <20220701142310.2188015-44-glider@google.com>
 <CAHk-=wgbpot7nt966qvnSR25iea3ueO90RwC2DwHH=7ZyeZzvQ@mail.gmail.com>
 <YsJWCREA5xMfmmqx@ZenIV> <CAG_fn=V_vDVFNSJTOErNhzk7n=GRjZ_6U6Z=M-Jdmi=ekbS5+g@mail.gmail.com>
 <YsLuoFtki01gbmYB@ZenIV> <YsMOkXpp2HaOnVJN@ZenIV>
In-Reply-To: <YsMOkXpp2HaOnVJN@ZenIV>
From: Alexander Potapenko <glider@google.com>
Date: Mon, 4 Jul 2022 18:47:45 +0200
Message-ID: <CAG_fn=Vbq59-zDG=JdOi3DXh29tXNRNQhPJ3PxTZBiY7Ph=Jug@mail.gmail.com>
Subject: Re: [PATCH v4 43/45] namei: initialize parameters passed to step_into()
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>, Alexei Starovoitov <ast@kernel.org>, 
	Andrew Morton <akpm@linux-foundation.org>, Andrey Konovalov <andreyknvl@google.com>, 
	Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@alien8.de>, 
	Christoph Hellwig <hch@lst.de>, Christoph Lameter <cl@linux.com>, David Rientjes <rientjes@google.com>, 
	Dmitry Vyukov <dvyukov@google.com>, Eric Dumazet <edumazet@google.com>, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Herbert Xu <herbert@gondor.apana.org.au>, 
	Ilya Leoshkevich <iii@linux.ibm.com>, Ingo Molnar <mingo@redhat.com>, Jens Axboe <axboe@kernel.dk>, 
	Joonsoo Kim <iamjoonsoo.kim@lge.com>, Kees Cook <keescook@chromium.org>, 
	Marco Elver <elver@google.com>, Mark Rutland <mark.rutland@arm.com>, 
	Matthew Wilcox <willy@infradead.org>, "Michael S. Tsirkin" <mst@redhat.com>, Pekka Enberg <penberg@kernel.org>, 
	Peter Zijlstra <peterz@infradead.org>, Petr Mladek <pmladek@suse.com>, 
	Steven Rostedt <rostedt@goodmis.org>, Thomas Gleixner <tglx@linutronix.de>, 
	Vasily Gorbik <gor@linux.ibm.com>, Vegard Nossum <vegard.nossum@oracle.com>, 
	Vlastimil Babka <vbabka@suse.cz>, kasan-dev <kasan-dev@googlegroups.com>, 
	Linux-MM <linux-mm@kvack.org>, linux-arch <linux-arch@vger.kernel.org>, 
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, Evgenii Stepanov <eugenis@google.com>, 
	Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, 
	Segher Boessenkool <segher@kernel.crashing.org>, Vitaly Buka <vitalybuka@google.com>, 
	linux-toolchains <linux-toolchains@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1656953302;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=L5bopA3LB1XHVOlLQfcH6XEn+sIBVPJTuLNRtswn9CI=;
	b=8VxcvTJVIEWqFk7gFGJgsNGds0J6OKJ06ZqLTzmOGk8ZXfa4PwGUD76Nfb5pn/f/F7Fqz7
	OQGUbrYImLMjgQjwS/F8TvNyO8B6rxnFDeQqT0hFs1bVYLYOCxVhVQ98VYPMAzg78/9Vtb
	gSvM87EnGV+iVLRyxkJDKmg+mjKlOb8=
ARC-Authentication-Results: i=1;
	imf27.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b="c/CZzhgW";
	spf=pass (imf27.hostedemail.com: domain of glider@google.com designates 209.85.219.174 as permitted sender) smtp.mailfrom=glider@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1656953302; a=rsa-sha256;
	cv=none;
	b=lzl5njQUPHd5OJ/FoTNm63NdFCaH0IxFRyCfrdbZ4KMP06UOB6js0CcIYGMTLle11EkZdN
	jsydkT73jdN3ZtQkaK84bll+pY2KqsgumSRBttyu43Lj9zAb5nRZXswB65q+LR4OnlUWcl
	27Y7tmAmtcjvjVZsR/jXtXHHl98aLUI=
X-Stat-Signature: 6xqdc3zofzgz3pzx6phwscrikaekep1q
X-Rspamd-Queue-Id: 3857A40039
Authentication-Results: imf27.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b="c/CZzhgW";
	spf=pass (imf27.hostedemail.com: domain of glider@google.com designates 209.85.219.174 as permitted sender) smtp.mailfrom=glider@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-HE-Tag: 1656953302-11699
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Jul 4, 2022 at 6:00 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Mon, Jul 04, 2022 at 02:44:00PM +0100, Al Viro wrote:
> > On Mon, Jul 04, 2022 at 10:20:53AM +0200, Alexander Potapenko wrote:
> >
> > > What makes you think they are false positives? Is the scenario I
> > > described above:
> > >
> > > """
> > > In particular, if the call to lookup_fast() in walk_component()
> > > returns NULL, and lookup_slow() returns a valid dentry, then the
> > > `seq` and `inode` will remain uninitialized until the call to
> > > step_into()
> > > """
> > >
> > > impossible?
> >
> > Suppose step_into() has been called in non-RCU mode.  The first
> > thing it does is
> >       int err =3D handle_mounts(nd, dentry, &path, &seq);
> >       if (err < 0)
> >               return ERR_PTR(err);
> >
> > And handle_mounts() in non-RCU mode is
> >       path->mnt =3D nd->path.mnt;
> >       path->dentry =3D dentry;
> >       if (nd->flags & LOOKUP_RCU) {
> >               [unreachable code]
> >       }
> >       [code not touching seqp]
> >       if (unlikely(ret)) {
> >               [code not touching seqp]
> >       } else {
> >               *seqp =3D 0; /* out of RCU mode, so the value doesn't mat=
ter */
> >       }
> >       return ret;
> >
> > In other words, the value seq argument of step_into() used to have ends=
 up
> > being never fetched and, in case step_into() gets past that if (err < 0=
)
> > that value is replaced with zero before any further accesses.
> >
> > So it's a false positive; yes, strictly speaking compiler is allowd
> > to do anything whatsoever if it manages to prove that the value is
> > uninitialized.  Realistically, though, especially since unsigned int
> > is not allowed any trapping representations...
>
> FWIW, update (and yet untested) branch is in #work.namei.  Compared to th=
e
> previous, we store sampled ->d_seq of the next dentry in nd->next_seq,
> rather than bothering with local variables.  AFAICS, it ends up with
> better code that way.  And both ->seq and ->next_seq are zeroed at the
> moments when we switch to non-RCU mode (as well as non-RCU path_init()).
>
> IMO it looks saner that way.  NOTE: it still needs to be tested and proba=
bly
> reordered and massaged; it's not for merge at the moment.  Current cumula=
tive
> diff follows:

I confirm all KMSAN reports are gone as a result of applying this patch.


--=20
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Stra=C3=9Fe, 33
80636 M=C3=BCnchen

Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg