Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp123017iob; Tue, 17 May 2022 21:00:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyLEVEM/qXfrFqISWG14R8DRLWRMZteLHphA2wnfgaO4o9pBSSBOq+9u9qpUpRX1h68NwO5 X-Received: by 2002:a05:6a00:2310:b0:505:a8ac:40e7 with SMTP id h16-20020a056a00231000b00505a8ac40e7mr25897631pfh.11.1652846406297; Tue, 17 May 2022 21:00:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652846406; cv=none; d=google.com; s=arc-20160816; b=WqOdDRvsJf7p1HyX7e/ZDtcqUegaWuwZM9+ZbgZQ0Odqy4SKJA0xbA0b2LuMooyiCH jz7ThN8oCGwYJuVceJM5nAkl1fvUdHoSzcFksnzaaSdYODo1d3U4VYP+pdn5aE2ZrxmJ s+O5akfcXY7mWwZMR23e1wyOqSs4jVPaxqMgjQvCaOCFO7E46XBQxO+FyKjRISNFAOvv 1DUt7QGpYBQvkNWJWDiPZuXP/sObVgRaNcF/hY02dSHVJooPBwqaGI0acm7BzmS5lZKE NUX6gWnkTK3cGnSU5CjTMokEByOplcFzOFrgfs8JILk+xwRNV2L/Oy4pkgFvQBQ8U6x8 t8vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=fxx5xp2RLVByKXOpKHfkfvWaBMDRtKqJAnr+Gd5YA80=; b=Pgldrmwa/JtmbC7PFf94hQC2yd+KD3ptSFUbTS98hZj6EmPYHD6wDEaphnfXxPZf9O aTCYRrL9Xll2nIiavpbKH1mg6icRgmtKfpaWNQ8ApEqflMcS2dTHyJpY/ilSpmb8L+P9 Kf59I1CNewMtYqPo2k/BcyzzW13oH3YMKxLHQrD52h+L7a9aHnW5S1VErIj+pRvdKCL8 cvcJL33O/NYu5rIjq6K+KOlU6/wDPuxdzh++zKEEJPzQTBQbw/13fm33/y2kXxT1/fAc 8kam/sMoDM8NfB3wdrbVdOd79QE8XfeZJF5rySiAwXxHY/b2QzA3Zc2Ix6N2/F2SaMo1 K27w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=PuAzQ1xU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id n1-20020a632701000000b003f5fd40ec2csi950324pgn.852.2022.05.17.21.00.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 May 2022 21:00:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=PuAzQ1xU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id AB37D13CF4; Tue, 17 May 2022 20:35:59 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232295AbiERAIZ (ORCPT + 99 others); Tue, 17 May 2022 20:08:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231205AbiERAIW (ORCPT ); Tue, 17 May 2022 20:08:22 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20EA717E19; Tue, 17 May 2022 17:08:21 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D01E6B81D97; Wed, 18 May 2022 00:08:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F1F5C385B8; Wed, 18 May 2022 00:08:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1652832498; bh=dGo2DK/jcDFeW9OzAZX7pYd8dKE594MPgxl0d5vf08o=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=PuAzQ1xUkMYyjYcicOstd9P9trgynYqqBU+B/c2c5XLaLyMpG8ZFb7oTGcEHuLm28 PoiyLQqVLCv4fnNH7dDRn/aAktE47o9fUzo2OtiJyKNlMCgfG01RkCwloZu+jdbZ8T kAcGMpVpaQVVKEem6L1nUmerTDe80ZYkF+mRm8Rw= Date: Tue, 17 May 2022 17:08:17 -0700 From: Andrew Morton To: Wang Cheng Cc: linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com Subject: Re: [PATCH] mm/mempolicy: fix uninit-value in mpol_rebind_policy() Message-Id: <20220517170817.94ca21558bbe035ae06bf6fa@linux-foundation.org> In-Reply-To: <20220516094726.b5rrsjg7rvei2od5@ppc.localdomain> References: <20220512123428.fq3wofedp6oiotd4@ppc.localdomain> <20220516094726.b5rrsjg7rvei2od5@ppc.localdomain> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 16 May 2022 17:47:26 +0800 Wang Cheng wrote: > > ... > > This patch seems to fix below bug too. > KMSAN: uninit-value in mpol_rebind_mm (2) > https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b > > The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy(). > When syzkaller reproducer runs to the beginning of mpol_new(), > > mpol_new() mm/mempolicy.c > do_mbind() mm/mempolicy.c > kernel_mbind() mm/mempolicy.c > > `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags` > is 0. Then > > mode = MPOL_LOCAL; > ... > policy->mode = mode; > policy->flags = flags; > > will be executed. So in mpol_set_nodemask(), > > mpol_set_nodemask() mm/mempolicy.c > do_mbind() > kernel_mbind() > > pol->mode is 4(MPOL_LOCAL), that `nodemask` in `pol` is not initialized, > which will be accessed in mpol_rebind_policy(). Thanks, I added the above to the changelog and I plan to import the result into mm-stable later this week. > IIUC, "#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()" > could be sent to syzbot+ad1b8c404f0959c4bfcc@syzkaller.appspotmail.com > to attach the fixing commit to the bug. WDYT? Could be. The "syz fix" isn't a thing I've paid much attention to. I'll start doing so ;)