From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BCCE1772C
	for <linux-kernel@vger.kernel.org>; Tue,  2 Jan 2024 23:09:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="28GPKSOM"
Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5e8e0c7f9a8so120656427b3.0
        for <linux-kernel@vger.kernel.org>; Tue, 02 Jan 2024 15:09:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1704236964; x=1704841764; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=VmfarTfri1+432ZBbDvSTJInqX46gfjfsyuzVGEGM+I=;
        b=28GPKSOMOdjuD9h/tyueP0ff69ywGGnJhxZ1yQ1UQvgWYurHQsK9aegBQawrikt6xP
         sd73obUhHCEXKCfSKHG3XAat2NQj5tuOPQ3422X2G8tvHDh89r6L80x6E++gu0M+llcc
         gmVECCABa1QBbyMQ71coX9I7xrniQrJtbogVp4l8MV97qsA5qp6WEhIVi1EzmfpajSV6
         FWMg28bo+mXyZjfUQ1LAxVmVb+dmGBQCIyTt1AQbLEXTVwP4DVvsG3WfZCDC9zRRDOfo
         Iegk4u2K5evC8n7e57cR/Y6/ibbtBTqDXnhZorgmhaBYWbqN8LNS1tFHo0ywfc49K0uK
         lU4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704236964; x=1704841764;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=VmfarTfri1+432ZBbDvSTJInqX46gfjfsyuzVGEGM+I=;
        b=sfp3S4Ub0tHBO4NxGRKaxdyrciOJaKUmjcqXs1d8WfE7DzOulO1/rUMb5loCUx25sC
         EmZcDmGTN2KlTYaj1YW83MS9SH6G9X8Oybs/G+lzjyBvfC7cZ7Ga4ngRW7ZeWshkYve8
         X8FhO2noevo6qA7Lft+QrzQCeVu+4REJkiEeG6CBfYVPGLKKMtQcttJu04cvDCaf81iU
         ECKSSbjmzgzQ19UCtBArIvv1ST1GAH9cZX2BctqUqdZ15HA1nKeIkOdoVCjCqYWkCj80
         i7ZD+ICZozucxFg4FyW6CwEOr+HutMqvcXy+xfnaj0Pk25GSYHDiU+cyZcKk0U0NNduV
         Px6Q==
X-Gm-Message-State: AOJu0Yyh59ZYx4O/sUqJVXuAzxV3tMKeMKy9+rpFUDrKAOTZsOBvQmzg
	DCGVogZRe1IqQ5KyBsrSQXeSUozQfFEueuo5jQ==
X-Google-Smtp-Source: AGHT+IHGHfDd0wPfxNtcpYgXmKZ2cyY1GdW1PZSPN3Jvr3UiQugVcTtpaaSq9eNVSBtnDRNY6MvL2mAaecQ=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:690c:3a0:b0:5d6:f1d2:2e5e with SMTP id
 bh32-20020a05690c03a000b005d6f1d22e5emr117443ywb.0.1704236964270; Tue, 02 Jan
 2024 15:09:24 -0800 (PST)
Date: Tue, 2 Jan 2024 15:09:22 -0800
In-Reply-To: <CABOYnLwfWmOUfP-uW9ALCxEXbzaSGVZn6GeEyfvPr-R-XdmrSQ@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <CABOYnLwfWmOUfP-uW9ALCxEXbzaSGVZn6GeEyfvPr-R-XdmrSQ@mail.gmail.com>
Message-ID: <ZZSXotY3NRbki_hW@google.com>
Subject: Re: KMSAN: uninit-value in em_ret_far
From: Sean Christopherson <seanjc@google.com>
To: xingwei lee <xrivendell7@gmail.com>
Cc: linux-kernel@vger.kernel.org, dave.hansen@linux.intel.com, bp@alien8.de, 
	hpa@zytor.com, kvm@vger.kernel.org, mingo@redhat.com, pbonzini@redhat.com, 
	Thomas Gleixner <tglx@linutronix.de>, x86@kernel.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 25, 2023, xingwei lee wrote:
> Hello I found a bug in latest upstream 6.7-rc7 titled "KMSAN:
> uninit-value in em_ret_far=E2=80=9D and maybe is realted with kvm.
>=20
> If you fix this issue, please add the following tag to the commit:
> Reported-by: xingwei lee <xrivendell7@gmail.com>
>=20
> kernel: mainline 861deac3b092f37b2c5e6871732f3e11486f7082
> kernel config: https://syzkaller.appspot.com/text?tag=3DKernelConfig&x=3D=
4a65fa9f077ead01
> with KMSAN enabled
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2=
.40
> run the repro.c for about 3minus and it crashed!
>=20
> TITLE: KMSAN: uninit-value in em_ret_far
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> BUG: KMSAN: uninit-value in emulator_recalc_and_set_mode
> arch/x86/kvm/emulate.c:797 [inline]
> BUG: KMSAN: uninit-value in assign_eip_far arch/x86/kvm/emulate.c:833 [in=
line]
> BUG: KMSAN: uninit-value in em_ret_far+0x348/0x350 arch/x86/kvm/emulate.c=
:2258
> emulator_recalc_and_set_mode arch/x86/kvm/emulate.c:797 [inline]
> assign_eip_far arch/x86/kvm/emulate.c:833 [inline]

This is a known issue[1].  It's effectively a false positive, even though t=
here
is technically uninitialized data in scope.  The proposed fix[2] from Julia=
n
should resolve this (the patch is on my radar for 6.9).

[1] https://lore.kernel.org/all/9362077ac7f24ec684d338543e269e83aee7c897.ca=
mel@cyberus-technology.de
[2] https://lore.kernel.org/all/20231009092054.556935-1-julian.stecklina@cy=
berus-technology.de