From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5766E287510
	for <linux-kernel@vger.kernel.org>; Fri,  8 May 2026 12:43:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778244204; cv=none; b=ipzprht7oSq9xSVDMeKTvsD3IQiBi/ykP3PSGxUh/T3mgOghGFOIOsBZWbtOuP3wGWwyNPjlRjkH76giyW00ZOgraQ6kQS0NDbiCjtqyu6cSqB3UdG1DuO+Cvep15GGh/9luyLWv6OrlSOvT08U9VXjBy7XzktVacJoECtXOzmo=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778244204; c=relaxed/simple;
	bh=g/g/Ny2yG0S3X/hS7Na9OieLNdYOLA4ZKohyVJ85Fng=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=F0tej/SitNhyKeo2a69tuOK6jmf0UayQOiws3Nn1t19CVODUUDLU2WbNr8k1LGFdIu41Xgu6SU1GemeVqTxqEBezr3YRkqUxjhryET1caOe0vSg22AtSpJVuzBbz2klPxJUGIWqEuJfxTnQxtKA5FGZXJUE7DFM7VQsBnLUmuPw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--glider.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=T/Cq+AYI; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--glider.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="T/Cq+AYI"
Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-48e5df296aeso12195595e9.1
        for <linux-kernel@vger.kernel.org>; Fri, 08 May 2026 05:43:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1778244201; x=1778849001; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=yw8JlaSpIG/b7wcgyltU18thTsqMer3AjPDNtSWFlzw=;
        b=T/Cq+AYINMMvXgaNmrQtAlOpLBxGRiZF6bG6py0SoYxkCn+IGUp4kx9EFCuiBOyiOE
         J9gtsa3bgQ7JzJ1/Ao2y/6YuavTCVAl0tDiCxBPbxbKFqCJzhhZk0ftAF+F7oLtH5MQF
         EL6xL0OIBTk/CV7r9E5ZoINJWLLM+bJ0725zbuiC4PD81e66mWRPX/BDCSc5CrMjW3UO
         WOGmIUATdJ5lUNIuJDMrI6asa7ioWJvSQ5WQ+ASssVuh6jBB4wBnwjHtIFAaZGqvs5jJ
         I+B8/2zBzzUMAXUvcEt82EgRS1sCc9Sa+JQ2gvORE7y19OJ5x2xs2K8B+UsJrgPV0oSY
         VESA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778244201; x=1778849001;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=yw8JlaSpIG/b7wcgyltU18thTsqMer3AjPDNtSWFlzw=;
        b=raXvWklOO0OWHyRf/P4Nk7BZGXHihXfJSvrpNnTaiIM0o6Xkj2ZM2jgaQP3bhKo7nW
         uR2gSYR2wIB8fK17d4l7nAjtrUPvFoAprVRV6mIvmwKdMISbH03x028ElUtmLmQKK3B6
         NJ11dlTbTUGxsUCXUebSgEHOV86EhNlirGVGVF/YO2XGFaNU/GIPClsJ+Dp0pZaOOpyN
         qfQGd+a5nCtIW8UjEVKH6Az+O+xpgsWu1wpBcUwdei7iE53RXy8o789LSjtSzDnWgcsr
         RpeMC1zf+Ai+kknz6CGl4hPs61s0CB4Uz17hSwMVIHi+tr2ZKqiDszsJXfvdw3/+tkLc
         uaSQ==
X-Forwarded-Encrypted: i=1; AFNElJ94+D1UDoNSevatZBdWDM7Q9L5uXPQWhAU0sM8rq8tVrZ/ARe+eBA4LQ0rw+R45ln4iQfJYKSa68w1r2Fo=@vger.kernel.org
X-Gm-Message-State: AOJu0Yzx8lz0QIpuyYVOz2jKq79KwcTSPh8EM2OHiwSs2H1VUsCk4pSa
	YPxRmn4sdyQc7w6AIavxQHxuRfV4aXLl0RoG6XCO4zlrXVah6/A8j7kgX7TPZds+IApTluyam2B
	akIwOJw==
X-Received: from wmlf19.prod.google.com ([2002:a7b:c8d3:0:b0:489:1f67:5a81])
 (user=glider job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4749:b0:488:aa33:dc8f
 with SMTP id 5b1f17b1804b1-48e5df8d7a7mr98905585e9.0.1778244200245; Fri, 08
 May 2026 05:43:20 -0700 (PDT)
Date: Fri,  8 May 2026 14:43:15 +0200
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260508124315.2526312-1-glider@google.com>
Subject: [PATCH v1] entry: Fix KMSAN false positives in IRQ and NMI exit code
From: Alexander Potapenko <glider@google.com>
To: glider@google.com
Cc: akpm@linux-foundation.org, linux-mm@kvack.org, 
	linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, elver@google.com, 
	Dmitry Vyukov <dvyukov@google.com>, Jinjie Ruan <ruanjinjie@huawei.com>, 
	Kuniyuki Iwashima <kuniyu@google.com>, "Matthieu Baerts (NGI0)" <matttbe@kernel.org>, 
	Mark Rutland <mark.rutland@arm.com>, Paolo Abeni <pabeni@redhat.com>, 
	syzbot+cdcfd55737fe43eeb3a3@syzkaller.appspotmail.com
Content-Type: text/plain; charset="UTF-8"

syzbot reported a KMSAN uninit-value warning in
irqentry_exit_to_kernel_mode_preempt(). This is a false positive caused
by the initialization of `ret` in irqentry_enter_from_kernel_mode()
occurring in uninstrumented (noinstr) code. Because the initialization
is untracked, KMSAN considers the state variable uninitialized when it
is later passed into the instrumented code of
irqentry_exit_to_kernel_mode_preempt().

The same issue exists in irqentry_nmi_enter(), where `irq_state` is
initialized in noinstr code and later passed to the instrumented
irqentry_nmi_exit().

Fix this by explicitly calling kmsan_unpoison_memory() on the `ret`
and `irq_state` objects inside the instrumentation_begin() blocks of
irqentry_enter_from_kernel_mode() and irqentry_nmi_enter(), respectively,
immediately alongside the kmsan_unpoison_entry_regs() calls.

Fixes: c5538d0141b3 ("entry: Split kernel mode logic from irqentry_{enter,exit}()")
Fixes: 6cae637fa26d ("entry: kmsan: introduce kmsan_unpoison_entry_regs()")
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Jinjie Ruan <ruanjinjie@huawei.com>
Cc: Kuniyuki Iwashima <kuniyu@google.com>
Cc: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Reported-by: syzbot+cdcfd55737fe43eeb3a3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/69e7ee1f.a00a0220.17a17.001d.GAE@google.com/T/
Signed-off-by: Alexander Potapenko <glider@google.com>
---
 include/linux/irq-entry-common.h | 2 ++
 kernel/entry/common.c            | 1 +
 2 files changed, 3 insertions(+)

diff --git a/include/linux/irq-entry-common.h b/include/linux/irq-entry-common.h
index 167fba7dbf04..be47d430d521 100644
--- a/include/linux/irq-entry-common.h
+++ b/include/linux/irq-entry-common.h
@@ -427,6 +427,7 @@ static __always_inline irqentry_state_t irqentry_enter_from_kernel_mode(struct p
 		ct_irq_enter();
 		instrumentation_begin();
 		kmsan_unpoison_entry_regs(regs);
+		kmsan_unpoison_memory(&ret, sizeof(ret));
 		trace_hardirqs_off_finish();
 		instrumentation_end();
 
@@ -443,6 +444,7 @@ static __always_inline irqentry_state_t irqentry_enter_from_kernel_mode(struct p
 	lockdep_hardirqs_off(CALLER_ADDR0);
 	instrumentation_begin();
 	kmsan_unpoison_entry_regs(regs);
+	kmsan_unpoison_memory(&ret, sizeof(ret));
 	rcu_irq_enter_check_tick();
 	trace_hardirqs_off_finish();
 	instrumentation_end();
diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index 19d2244a9fef..390364943f92 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -177,6 +177,7 @@ irqentry_state_t noinstr irqentry_nmi_enter(struct pt_regs *regs)
 
 	instrumentation_begin();
 	kmsan_unpoison_entry_regs(regs);
+	kmsan_unpoison_memory(&irq_state, sizeof(irq_state));
 	trace_hardirqs_off_finish();
 	ftrace_nmi_enter();
 	instrumentation_end();
-- 
2.54.0.563.g4f69b47b94-goog