On Mon, 16 May 2022 17:47:26 +0800 Wang Cheng <wanngchenng@xxxxxxxxx> wrote: > > ... > > This patch seems to fix below bug too. > KMSAN: uninit-value in mpol_rebind_mm (2) > https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b > > The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy(). > When syzkaller reproducer runs to the beginning of mpol_new(), > > mpol_new() mm/mempolicy.c > do_mbind() mm/mempolicy.c > kernel_mbind() mm/mempolicy.c > > `mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags` > is 0. Then > > mode = MPOL_LOCAL; > ... > policy->mode = mode; > policy->flags = flags; > > will be executed. So in mpol_set_nodemask(), > > mpol_set_nodemask() mm/mempolicy.c > do_mbind() > kernel_mbind() > > pol->mode is 4(MPOL_LOCAL), that `nodemask` in `pol` is not initialized, > which will be accessed in mpol_rebind_policy(). Thanks, I added the above to the changelog and I plan to import the result into mm-stable later this week. > IIUC, "#syz fix: mm/mempolicy: fix uninit-value in mpol_rebind_policy()" > could be sent to syzbot+ad1b8c404f0959c4bfcc@xxxxxxxxxxxxxxxxxxxxxxxxx > to attach the fixing commit to the bug. WDYT? Could be. The "syz fix" isn't a thing I've paid much attention to. I'll start doing so ;)
