Re: [PATCH v2] rseq: fix using an uninitialized stack variable in rseq_exit_user_update

Next message: Guanghui Feng: "[PATCH v2 16/30] iommu/omap: implement iova_to_phys_length"
Previous message: Guanghui Feng: "[PATCH v2 10/30] iommu/ipmmu-vmsa: implement iova_to_phys_length"
In reply to: tip-bot2 for Qing Wang: "[tip: sched/urgent] rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra

Date: Tue Jun 02 2026 - 06:50:30 EST

On Tue, Jun 02, 2026 at 11:08:54AM +0800, Qing Wang wrote:
> There is an bug which is an uninitialized stack variable use in
> `rseq_exit_user_update()` reported by syzbot:
>
> BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]
>
> The local variable:
> ```c
> struct rseq_ids ids = {
> .cpu_id = task_cpu(t),
> .mm_cid = task_mm_cid(t),
> .node_id = cpu_to_node(ids.cpu_id),
> };
> ```

FWIW, I've no idea what that ``` nonsense is, but it does not belong in
Changelogs. I've removed it.