On Wed, Jun 19, 2024 at 5:45 PM Ilya Leoshkevich <iii@xxxxxxxxxxxxx> wrote: > > Even though the KMSAN warnings generated by memchr_inv() are suppressed > by metadata_access_enable(), its return value may still be poisoned. > > The reason is that the last iteration of memchr_inv() returns > `*start != value ? start : NULL`, where *start is poisoned. Because of > this, somewhat counterintuitively, the shadow value computed by > visitSelectInst() is equal to `(uintptr_t)start`. > > One possibility to fix this, since the intention behind guarding > memchr_inv() behind metadata_access_enable() is to touch poisoned > metadata without triggering KMSAN, is to unpoison its return value. > However, this approach is too fragile. So simply disable the KMSAN > checks in the respective functions. > > Signed-off-by: Ilya Leoshkevich <iii@xxxxxxxxxxxxx> Reviewed-by: Alexander Potapenko <glider@xxxxxxxxxx>