Re: [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_extent_update_i_size_sectors
From: Alexander Potapenko
Date: Tue May 28 2024 - 04:19:57 EST
On Thu, May 23, 2024 at 10:15 AM Alexander Potapenko <glider@googlecom> wrote:
>
> On Thu, May 23, 2024 at 1:49 AM Kent Overstreet
> <kent.overstreet@xxxxxxxxx> wrote:
> >
> > This (and a few others I've looked at) look more likely to be bugs in
> > KMSAN, not bcachefs.
>
> Yeah, this is possible if we are missing some initialization.
>
> >
> > here, the supposedly uninitialized key was read in from disk, so the key
> > couldn't possibly have been legitimately marked uninitialized.
>
> Am I right that the key is supposed to be initialized before the first
> call of memcpy_u64s_small() (the _lower_ "Uninit was stored to memory
> at:" stack trace)?
> Do you have an idea what code performed the actual load of the data from disk?
> If that load was done by some assembly routine, we could've easily
> missed that - in that case we'll need to annotate it to fix the false
> positives.
I thought the initialization here was done by constructing a `struct
bio` in fs/bcachefs/btree_io.c and passing it to
submit_bio()/submit_bio_wait(), but I couldn't see return values of
btree_bounce_alloc() being used in bio_vec elements.
Are there other places that perform disk I/O?
We need something similar to kmsan_handle_dma()
(https://elixir.bootlin.com/linux/latest/source/mm/kmsan/hooks.c#L328),
but for block IO, so that data copied from the device can be marked as
initialized.