On Tue, May 28, 2024 at 12:20:15PM +0200, Alexander Potapenko wrote: > You are right with your analysis. > KMSAN stores a single origin for every aligned four-byte granule of > memory, so we lose some information when more than one uninitialized > value is combined in that granule. > When writing an uninitialized value to memory, a viable strategy is to > always update the origin. But if we partially initialize the granule > with a store, it is better to preserve that granule's origin to > prevent false negatives, so we need to check the resulting shadow slot > before updating the origin. > This is what the compiler instrumentation does, so > kmsan_internal_set_shadow_origin() should behave in the same way. > I found a similar bug in kmsan_internal_memmove_metadata() last year, > but missed this one. I appreciate the explanation. Makes sense. > I am going to send a patch fixing this along with your test (with an > updated description), if you don't object. Yes, that's fine. Thank you. -Brian
