Re: [PATCH] mm/mempolicy: fix uninit-value in mpol_rebind_policy()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 18 May 2022 at 02:08, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Mon, 16 May 2022 17:47:26 +0800 Wang Cheng <wanngchenng@xxxxxxxxx> wrote:
>
> >
> > ...
> >
> > This patch seems to fix below bug too.
> > KMSAN: uninit-value in mpol_rebind_mm (2)
> > https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b
> >
> > The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy().
> > When syzkaller reproducer runs to the beginning of mpol_new(),
> >
> >           mpol_new() mm/mempolicy.c
> >         do_mbind() mm/mempolicy.c
> >       kernel_mbind() mm/mempolicy.c
> >
> > `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags`
> > is 0. Then
> >
> >       mode = MPOL_LOCAL;
> >       ...
> >       policy->mode = mode;
> >       policy->flags = flags;
> >
> > will be executed. So in mpol_set_nodemask(),
> >
> >           mpol_set_nodemask() mm/mempolicy.c
> >         do_mbind()
> >       kernel_mbind()
> >
> > pol->mode is 4(MPOL_LOCAL), that `nodemask` in `pol` is not initialized,
> > which will be accessed in mpol_rebind_policy().
>
> Thanks, I added the above to the changelog and I plan to import the
> result into mm-stable later this week.
>
> > IIUC, "#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()"
> > could be sent to syzbot+ad1b8c404f0959c4bfcc@xxxxxxxxxxxxxxxxxxxxxxxxx
> > to attach the fixing commit to the bug. WDYT?
>
> Could be.  The "syz fix" isn't a thing I've paid much attention to.
> I'll start doing so ;)

Yes, we can send:

#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()

to syzbot+ad1b8c404f0959c4bfcc@xxxxxxxxxxxxxxxxxxxxxxxxx
and now it should be reflected at:
https://syzkaller.appspot.com/bug?extid=ad1b8c404f0959c4bfcc

and the bug will be closed when the fix is merged everywhere.



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]     [Monitors]

  Powered by Linux