From: Alexander Potapenko <glider@google.com>
To: Jens Axboe <axboe@kernel.dk>
Cc: linux-block@vger.kernel.org,
Willem de Bruijn <willemb@google.com>,
Dmitriy Vyukov <dvyukov@google.com>
Subject: null_handle_cmd() doesn't initialize data when reading
Date: Fri, 15 Nov 2019 11:16:23 +0100 [thread overview]
Message-ID: <CAG_fn=VBHmBgqLi35tD27NRLH2tEZLH=Y+rTfZ3rKNz9ipG+jQ@mail.gmail.com> (raw)
Hi Jens,
I'm debugging an issue in nullb driver reported by KMSAN at QEMU startup.
There are numerous reports like the one below when checking nullb for
different partition types.
Basically, read_dev_sector() allocates a cache page which is then
wrapped into a bio and passed to the device driver, but never
initialized.
I've tracked the problem down to a call to null_handle_cmd(cmd,
/*sector*/0, /*nr_sectors*/8, /*op*/0).
Turns out all the if-branches in this function are skipped, so neither
of null_handle_throttled(), null_handle_flush(),
null_handle_badblocks(), null_handle_memory_backed(),
null_handle_zoned() is executed, and we proceed directly to
nullb_complete_cmd().
As a result, the pages read from the nullb device are never
initialized, at least at boot time.
How can we fix this?
This bug may also have something to do with
https://groups.google.com/d/topic/syzkaller-bugs/d0fmiL9Vi9k/discussion.
KMSAN report follows:
=====================================================
BUG: KMSAN: uninit-value in[< none >]
adfspart_check_ICS+0xd08/0x1040 block/partitions/acorn.c:365
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:77
[< none >] dump_stack+0x196/0x1f0 lib/dump_stack.c:113
[< none >] kmsan_report+0x127/0x220 mm/kmsan/kmsan_report.c:108
[< none >] __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:245
[< none >] adfspart_check_ICS+0xd08/0x1040
block/partitions/acorn.c:365
[< none >] check_partition+0x58c/0xc20 block/partitions/check.c:167
[< none >] rescan_partitions+0x39b/0x1ff0
block/partition-generic.c:531
[< none >] __blkdev_get+0x14f1/0x2440 fs/block_dev.c:1600
[< none >] blkdev_get+0x237/0x6a0 fs/block_dev.c:1708
[< inline >] register_disk block/genhd.c:655
[< none >] __device_add_disk+0x1612/0x20f0 block/genhd.c:745
[< none >] device_add_disk+0x90/0xa0 block/genhd.c:763
[< inline >] add_disk ./include/linux/genhd.h:429
[< inline >] null_gendisk_register drivers/block/null_blk_main.c:1547
[< none >] null_add_dev+0x34c7/0x3b30
drivers/block/null_blk_main.c:1718
...
Uninit was created at:
[< none >] kmsan_save_stack_with_flags+0x3f/0x90 mm/kmsan/kmsan.c:151
[< inline >] kmsan_internal_alloc_meta_for_pages
mm/kmsan/kmsan_shadow.c:362
[< none >] kmsan_alloc_page+0x14e/0x360 mm/kmsan/kmsan_shadow.c:391
[< none >] __alloc_pages_nodemask+0x594e/0x6050 mm/page_alloc.c:4796
[< inline >] __alloc_pages ./include/linux/gfp.h:475
[< inline >] alloc_page_interleave mm/mempolicy.c:2058
[< none >] alloc_pages_current+0x2e7/0x990 mm/mempolicy.c:2186
[< inline >] alloc_pages ./include/linux/gfp.h:511
[< none >] __page_cache_alloc+0x95/0x310 mm/filemap.c:981
[< none >] do_read_cache_page+0x4d5/0x1520 mm/filemap.c:2788
[< none >] read_cache_page+0xf3/0x110 mm/filemap.c:2896
[< inline >] read_mapping_page ./include/linux/pagemap.h:396
[< none >] read_dev_sector+0xd6/0x390 block/partition-generic.c:668
[< inline >] read_part_sector block/partitions/check.h:38
[< none >] adfspart_check_ICS+0x117/0x1040
block/partitions/acorn.c:361
[< none >] check_partition+0x58c/0xc20 block/partitions/check.c:167
[< none >] rescan_partitions+0x39b/0x1ff0
block/partition-generic.c:531
[< none >] __blkdev_get+0x14f1/0x2440 fs/block_dev.c:1600
[< none >] blkdev_get+0x237/0x6a0 fs/block_dev.c:1708
[< inline >] register_disk block/genhd.c:655
==========================================
Thanks,
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
next reply other threads:[~2019-11-15 10:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-15 10:16 Alexander Potapenko [this message]
2019-11-20 23:12 ` null_handle_cmd() doesn't initialize data when reading Jens Axboe
2019-11-22 11:58 ` Alexander Potapenko
2019-11-25 4:01 ` Chaitanya Kulkarni
2020-05-10 10:03 ` Alexander Potapenko
2020-05-10 16:20 ` Bart Van Assche
2020-05-11 12:58 ` Alexander Potapenko
2020-05-11 13:01 ` Damien Le Moal
2020-05-11 13:09 ` Alexander Potapenko
2020-05-11 23:18 ` Bart Van Assche
2020-05-12 1:25 ` Bart Van Assche
2020-05-12 1:42 ` Damien Le Moal
2020-05-12 2:43 ` Bart Van Assche
2020-05-12 3:23 ` Damien Le Moal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG_fn=VBHmBgqLi35tD27NRLH2tEZLH=Y+rTfZ3rKNz9ipG+jQ@mail.gmail.com' \
--to=glider@google.com \
--cc=axboe@kernel.dk \
--cc=dvyukov@google.com \
--cc=linux-block@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.