On Thu, Mar 8, 2018 at 4:45 PM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote:
>
>
> On 03/08/2018 07:20 AM, Alexander Potapenko wrote:
>>
>> On Thu, Mar 8, 2018 at 4:15 PM, Eric Dumazet <eric.dumazet@xxxxxxxxx>
>> wrote:
>>>
>>>
>>>
>>> On 03/08/2018 05:37 AM, Alexander Potapenko wrote:
>>>>
>>>>
>>>> KMSAN reported a use of uninit memory in vhost_net_buf_unproduce()
>>>> while trying to access n->vqs[VHOST_NET_VQ_TX].rx_ring:
>>>>
>>>>
>>>> ==================================================================
>>>>
>>>> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
>>>
>>>
>>>
>>> Please identify bug origin with a Fixes: tag
>>
>> Fixes: 5990a30510ed1 ("tun/tap: use ptr_ring instead of skb_array")
>
>
> Please send a V2 with this added tag. patchwork does not recognize it yet.
Ok, will do. Thanks for reminding about the tag!
> David Miller has also a lot on his plate, please everybody be gentle with
> both stable teams and maintainers.
>
> Thanks.
>
>
>
>>
>> The above patch introduced rx_ring, but the problem existed before.
>>
>>> This will tremendously help stable teams that are struggling with many
>>> backports these days.
>>>
>>> Thanks.
>>>
>>>
>>>> ---
>>>> drivers/vhost/net.c | 1 +
>>>> 1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
>>>> index 610cba276d47..60f1080bffc7 100644
>>>> --- a/drivers/vhost/net.c
>>>> +++ b/drivers/vhost/net.c
>>>> @@ -948,6 +948,7 @@ static int vhost_net_open(struct inode *inode,
>>>> struct
>>>> file *f)
>>>> n->vqs[i].done_idx = 0;
>>>> n->vqs[i].vhost_hlen = 0;
>>>> n->vqs[i].sock_hlen = 0;
>>>> + n->vqs[i].rx_ring = NULL;
>>>> vhost_net_buf_init(&n->vqs[i].rxq);
>>>> }
>>>> vhost_dev_init(dev, vqs, VHOST_NET_VQ_MAX);
>>>>
>>>
>>
>>
>>
>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
