Re: [syzbot] KMSAN: uninit-value in follow_page_pte
0 views
Skip to first unread message
syzbot
2:13 AM (13 hours ago) 2:13 AM
to ke.zhao...@gmail.com, ke.zhao...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
> #syz test
This crash does not have a reproducer. I cannot test it.
>
> This is a test patch to fix the KMSAN uninit-value in follow_page_pte.
>
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -5189,6 +5189,10 @@ unsigned long alloc_pages_bulk_noprof(gfp_t gfp,
> int preferred_nid,
>
> prep_new_page(page, 0, gfp, 0);
> set_page_refcounted(page);
> +
> + trace_mm_page_alloc(page, 0, gfp, ac.migratetype);
> + kmsan_alloc_page(page, 0, gfp);
> +
> page_array[nr_populated++] = page;
> }
>
> @@ -6911,6 +6915,12 @@ static void split_free_frozen_pages(struct
> list_head *list, gfp_t gfp_mask)
> int i;
>
> post_alloc_hook(page, order, gfp_mask);
> + /*
> + * Initialize KMSAN state right after
> post_alloc_hook().
> + * This prepares the pages for subsequent outer
> callers
> + * that might free sub-pages after the split.
> + */
> + kmsan_alloc_page(page, order, gfp_mask);
> if (!order)
> continue;
>
> @@ -7117,6 +7127,8 @@ int alloc_contig_frozen_range_noprof(unsigned long
> start, unsigned long end,
>
> check_new_pages(head, order);
> prep_new_page(head, order, gfp_mask, 0);
> +
> + kmsan_alloc_page(head, order, gfp_mask);
> } else {
> ret = -EINVAL;
> WARN(true, "PFN range: requested [%lu, %lu), allocated
> [%lu, %lu)\n",
>
This crash does not have a reproducer. I cannot test it.
>
> This is a test patch to fix the KMSAN uninit-value in follow_page_pte.
>
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -5189,6 +5189,10 @@ unsigned long alloc_pages_bulk_noprof(gfp_t gfp,
> int preferred_nid,
>
> prep_new_page(page, 0, gfp, 0);
> set_page_refcounted(page);
> +
> + trace_mm_page_alloc(page, 0, gfp, ac.migratetype);
> + kmsan_alloc_page(page, 0, gfp);
> +
> page_array[nr_populated++] = page;
> }
>
> @@ -6911,6 +6915,12 @@ static void split_free_frozen_pages(struct
> list_head *list, gfp_t gfp_mask)
> int i;
>
> post_alloc_hook(page, order, gfp_mask);
> + /*
> + * Initialize KMSAN state right after
> post_alloc_hook().
> + * This prepares the pages for subsequent outer
> callers
> + * that might free sub-pages after the split.
> + */
> + kmsan_alloc_page(page, order, gfp_mask);
> if (!order)
> continue;
>
> @@ -7117,6 +7127,8 @@ int alloc_contig_frozen_range_noprof(unsigned long
> start, unsigned long end,
>
> check_new_pages(head, order);
> prep_new_page(head, order, gfp_mask, 0);
> +
> + kmsan_alloc_page(head, order, gfp_mask);
> } else {
> ret = -EINVAL;
> WARN(true, "PFN range: requested [%lu, %lu), allocated
> [%lu, %lu)\n",
>
Reply all
Reply to author
Forward
0 new messages