On Mon, Jul 4, 2022 at 10:07 PM Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: > > On Fri, Jul 01, 2022 at 04:23:09PM +0200, Alexander Potapenko wrote: > > Functions implementing the a_ops->write_end() interface accept the > > `void *fsdata` parameter that is supposed to be initialized by the > > corresponding a_ops->write_begin() (which accepts `void **fsdata`). > > > > However not all a_ops->write_begin() implementations initialize `fsdata` > > unconditionally, so it may get passed uninitialized to a_ops->write_end(), > > resulting in undefined behavior. > > ... wait, passing an uninitialised variable to a function *which doesn't > actually use it* is now UB? What genius came up with that rule? What > purpose does it serve? > Hi Matthew, There is a discussion at [1], with Segher pointing out a reason for this rule [2] and Linus requesting that we should be warning about the cases where uninitialized variables are passed by value. Right now there are only a handful cases in the kernel where such passing is performed (we just need one more patch in addition to this one for KMSAN to boot cleanly). So we are in a good position to start enforcing this rule, unless there's a reason not to. I am not sure standard compliance alone is a convincing argument, but from KMSAN standpoint, performing parameter check at callsites noticeably eases handling of values passed between instrumented and non-instrumented code. This lets us avoid some low-level hacks around instrumentation_begin()/instrumentation_end() (some context available at [4]). Let me know what you think, Alex [1] - https://lore.kernel.org/lkml/CAFKCwrjBjHMquj-adTf0_1QLYq3Et=gJ0rq6HS-qrAEmVA7Ujw@xxxxxxxxxxxxxx/T/ [2] - https://lore.kernel.org/lkml/20220615164655.GC25951@xxxxxxxxxxxxxxxxx/ [3] - https://lore.kernel.org/lkml/CAHk-=whjz3wO8zD+itoerphWem+JZz4uS3myf6u1Wd6epGRgmQ@xxxxxxxxxxxxxx/ [4] https://lore.kernel.org/lkml/20220426164315.625149-29-glider@xxxxxxxxxx/
