Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp336772rbb; Sat, 24 Feb 2024 02:47:49 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVs9jHcdtggzTKP1RON9uXXBAgYBpL4jYoDRZssM0K/GMx6b8UUy4W9gDnDobDm972Ys911g+MyvqG/n5TUTpAbfPzP3mqf1CPFQNjlgw== X-Google-Smtp-Source: AGHT+IE4WPJVf2l6a/mWTH22XDkkd0zW0P/UDjXper0YzjCifN7kxcL+PL4pCfA4jjBUfa/RfJpB X-Received: by 2002:a05:622a:4cd:b0:42e:78d2:467b with SMTP id q13-20020a05622a04cd00b0042e78d2467bmr118007qtx.33.1708771669113; Sat, 24 Feb 2024 02:47:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708771669; cv=pass; d=google.com; s=arc-20160816; b=RkgcaCFbHkGEJFhZDt85WOkMBZqydUjIszBOlQIdMNQkJd31LIOUmVATflnGsZ+1QQ UZhvB5AS7GJCdk5o1iAcukQ2804VXLbuEFehzeUTaSErCmPoi7YJY+xClTAS35KZmMGe borbKDAoq50q357qhUM6vnvn23xqwcLt5l5Ujpmp/AnFywHrSe56CAr/nStkt5F1vNf6 pufUIhBohXt6N4fBsE34tOfaBJcVqkbs/xE2DS0yYGur/PIqyeoxMbHdA3JJtkIgd4tP ldQr7oqCVl7tXpndAfgb3cDLNv4rNpruxrlZuqNK2hPNyRBRzQKJhwr+i0rHPpqIgkaI CtfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:references:cc:to:from :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=xdq8JIORByXFsc8J+rfqnvIGPfGLlVkWJRiXDTYEyyw=; fh=XtnChCGTA7i8TGRIfzbKtEnVweQvxQA2iZ1Ims3W+AE=; b=ANo4AUE2J/VSfCDgzvLG9ie5AtA6WEryecx2ZGAhDypab36XNe0/s0SkqYO4XFeVKz Ps6V/6jqYoXa4n+Oka8eAuawseCw5T69nF5Id65zfLBjLokpGnnrCTqIh8vE2GyFiHjB 4skHwOSYD9qP608LeRfeIzuvpuvRa1VB4awIohJM57eDtG6IOi7ucz9Z70I9I/WIFL1P mxGsARdIDslRH15JkmFGSfxMYzijakELnmQgq+eEhqYdL/po+stLMdMvcq9eGApPSoLk fum6td+8yErE/NatxwmrlNVb9YO06GcNNBdNvO1nu6unTaoCL+92O6N2fyUJo0Lm2dVC 3Ivw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=i-love.sakura.ne.jp); spf=pass (google.com: domain of linux-kernel+bounces-79572-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79572-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id i13-20020a05620a0a0d00b007876c15b6a0si770676qka.89.2024.02.24.02.47.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 02:47:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79572-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=i-love.sakura.ne.jp); spf=pass (google.com: domain of linux-kernel+bounces-79572-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79572-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DAA981C21A32 for ; Sat, 24 Feb 2024 10:47:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D173F241E3; Sat, 24 Feb 2024 10:47:44 +0000 (UTC) Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7C7F2260B for ; Sat, 24 Feb 2024 10:47:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.181.97.72 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708771664; cv=none; b=h7j7+iTuRPPqbFlfK2mkfLXfLRJf4IJWgN01/IOyZi5tKXzDJK2MDq+IGcBftAsqmF62PDJwpAKEbr+XOS4x9GMLLVYMlLDkr7EcHp9Nkw7vwO+Efg//qEBKtuQDx78A+kJGNCwoFJRKnlRWWFywObiVfwYs77DOFSta+sg48xQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708771664; c=relaxed/simple; bh=dvEbx0Z33d2jDzKx3kAWpiJpk8zWg6aIgMEPDWz0db0=; h=Message-ID:Date:MIME-Version:Subject:From:To:Cc:References: In-Reply-To:Content-Type; b=KM7lfqJLNtLrBDoQQYpVs7AWyXSv6mSz0ReobGFc7t5YKmX/UD51ybMOQWUo9l2Y0OdlN6qWEr6zNa4UygzCKDH4pVXlYWV/pH8Rh08QaYZtt59MxSL2K6EMKgRvWjCZQ2u6dfOt3Z9o+DOmqZ3nlhyggk/CgUNRmjpwpWyZ1jY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp; spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp; arc=none smtp.client-ip=202.181.97.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp Received: from fsav117.sakura.ne.jp (fsav117.sakura.ne.jp [27.133.134.244]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 41OAlZib055623; Sat, 24 Feb 2024 19:47:35 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav117.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav117.sakura.ne.jp); Sat, 24 Feb 2024 19:47:35 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav117.sakura.ne.jp) Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 41OAlZ0D055620 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Sat, 24 Feb 2024 19:47:35 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: Date: Sat, 24 Feb 2024 19:47:33 +0900 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [syzbot] [virtualization?] KMSAN: uninit-value in virtqueue_add (4) Content-Language: en-US From: Tetsuo Handa To: syzbot , syzkaller-bugs@googlegroups.com Cc: linux-kernel@vger.kernel.org References: <000000000000fd588e060de27ef4@google.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index cc6b8e087192..f13bba3a9dab 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -58,7 +58,16 @@ static inline void clear_page(void *page) : "cc", "memory", "rax", "rcx"); } +#ifdef CONFIG_KMSAN +/* Use of non-instrumented assembly version confuses KMSAN. */ +void *memcpy(void *to, const void *from, __kernel_size_t len); +static inline void copy_page(void *to, void *from) +{ + memcpy(to, from, PAGE_SIZE); +} +#else void copy_page(void *to, void *from); +#endif #ifdef CONFIG_X86_5LEVEL /* diff --git a/lib/stackdepot.c b/lib/stackdepot.c index 5caa1f566553..48277029c282 100644 --- a/lib/stackdepot.c +++ b/lib/stackdepot.c @@ -592,22 +592,27 @@ static inline struct stack_record *find_stack(struct list_head *bucket, /* * This may race with depot_free_stack() accessing the freelist - * management state unioned with @entries. The refcount is zero - * in that case and the below refcount_inc_not_zero() will fail. + * management state unioned with @entries. */ if (data_race(stackdepot_memcmp(entries, stack->entries, size))) continue; /* - * Try to increment refcount. If this succeeds, the stack record - * is valid and has not yet been freed. + * Check if an invalid record had the same {hash, size, entries} + * by testing whether the refcount is already 0. + * Also, try to increment refcount if STACK_DEPOT_FLAG_GET is used. * * If STACK_DEPOT_FLAG_GET is not used, it is undefined behavior * to then call stack_depot_put() later, and we can assume that * a stack record is never placed back on the freelist. */ - if ((flags & STACK_DEPOT_FLAG_GET) && !refcount_inc_not_zero(&stack->count)) - continue; + if (flags & STACK_DEPOT_FLAG_GET) { + if (!refcount_inc_not_zero(&stack->count)) + continue; + } else { + if (!refcount_read(&stack->count)) + continue; + } ret = stack; break;