From: Peter Foley <pefoley@google.com>
To: Patrick Venture <venture@google.com>
Cc: Richard Henderson <richard.henderson@linaro.org>,
peter.maydell@linaro.org, pbonzini@redhat.com,
qemu-devel@nongnu.org
Subject: Re: [PATCH] accel/tcg: fix msan findings in translate-all
Date: Mon, 3 Mar 2025 11:34:35 -0500 [thread overview]
Message-ID: <CAAAKUPP_mK2VApyCOf2N3twYfn_fe5P5Y_OMhmCSqP1HrhZSDQ@mail.gmail.com> (raw)
In-Reply-To: <CAO=notwzQsC7oJZxY_Jby9znX0ov62AVXsTENb7tagEBR2DcWQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3789 bytes --]
For reference, the full output from msan looks like:
==4872==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0xaaaac681ef98 in tb_gen_code
third_party/qemu/accel/tcg/translate-all.c:358:21
#1 0xaaaac67f2520 in cpu_exec_loop
third_party/qemu/accel/tcg/cpu-exec.c:993:22
#2 0xaaaac67f154c in cpu_exec_setjmp
third_party/qemu/accel/tcg/cpu-exec.c:1039:12
#3 0xaaaac67f1240 in cpu_exec third_party/qemu/accel/tcg/cpu-exec.c:1065:11
#4 0xaaaac681022c in tcg_cpu_exec
third_party/qemu/accel/tcg/tcg-accel-ops.c:79:11
#5 0xaaaac680ede4 in mttcg_cpu_thread_fn
third_party/qemu/accel/tcg/tcg-accel-ops-mttcg.c:95:17
#6 0xaaaacf096698 in qemu_thread_start
third_party/qemu/util/qemu-thread-posix.c:541:9
#7 0xffffa9242cec in start_thread
(/usr/grte/v5/lib64/libpthread.so.0+0xbcec) (BuildId:
0bdac2117d4465a78d3de57b307368b4)
#8 0xffffa912ec98 in thread_start
(/usr/grte/v5/lib64/libc.so.6+0x116c98) (BuildId:
613d20d3b812b4c87fe9ebf8c4caae83)
Uninitialized value was stored to memory at
#0 0xaaaac681ef94 in tb_gen_code
third_party/qemu/accel/tcg/translate-all.c:358:50
#1 0xaaaac67f2520 in cpu_exec_loop
third_party/qemu/accel/tcg/cpu-exec.c:993:22
#2 0xaaaac67f154c in cpu_exec_setjmp
third_party/qemu/accel/tcg/cpu-exec.c:1039:12
#3 0xaaaac67f1240 in cpu_exec third_party/qemu/accel/tcg/cpu-exec.c:1065:11
#4 0xaaaac681022c in tcg_cpu_exec
third_party/qemu/accel/tcg/tcg-accel-ops.c:79:11
#5 0xaaaac680ede4 in mttcg_cpu_thread_fn
third_party/qemu/accel/tcg/tcg-accel-ops-mttcg.c:95:17
#6 0xaaaacf096698 in qemu_thread_start
third_party/qemu/util/qemu-thread-posix.c:541:9
#7 0xffffa9242cec in start_thread
(/usr/grte/v5/lib64/libpthread.so.0+0xbcec) (BuildId:
0bdac2117d4465a78d3de57b307368b4)
#8 0xffffa912ec98 in thread_start
(/usr/grte/v5/lib64/libc.so.6+0x116c98) (BuildId:
613d20d3b812b4c87fe9ebf8c4caae83)
Uninitialized value was created by an allocation of 'host_pc' in the
stack frame
#0 0xaaaac681d8ac in tb_gen_code
third_party/qemu/accel/tcg/translate-all.c:297:5
SUMMARY: MemorySanitizer: use-of-uninitialized-value
third_party/qemu/accel/tcg/translate-all.c:358:21 in tb_gen_code
Exiting
On Fri, Feb 28, 2025 at 5:26 PM Patrick Venture <venture@google.com> wrote:
>
>
> On Fri, Feb 28, 2025 at 1:38 PM Richard Henderson <
> richard.henderson@linaro.org> wrote:
>
>> On 2/28/25 13:23, Patrick Venture wrote:
>> > From: Peter Foley <pefoley@google.com>
>> >
>> > e.g.
>> > Uninitialized value was created by an allocation of 'host_pc' in the
>> stack frame
>> > #0 0xaaaac07df87c in tb_gen_code
>> third_party/qemu/accel/tcg/translate-all.c:297:5
>> >
>> > Signed-off-by: Peter Foley <pefoley@google.com>
>> > Signed-off-by: Patrick Venture <venture@google.com>
>> > ---
>> > accel/tcg/translate-all.c | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>> >
>> > diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
>> > index d4189c7386..f584055a15 100644
>> > --- a/accel/tcg/translate-all.c
>> > +++ b/accel/tcg/translate-all.c
>> > @@ -298,7 +298,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
>> > tcg_insn_unit *gen_code_buf;
>> > int gen_code_size, search_size, max_insns;
>> > int64_t ti;
>> > - void *host_pc;
>> > + void *host_pc = NULL;
>> >
>> > assert_memory_lock();
>> > qemu_thread_jit_write();
>>
>> False positive, because the error return exits without using the
>> uninitialized value.
>> But if we do want to "fix" this, do it at the beginning of
>> get_page_addr_code_hostp.
>>
>
> Acknowledged. Gotta hate false positives, although better aggressive than
> not. Thanks!
>
>
>>
>> r~
>>
>
[-- Attachment #2: Type: text/html, Size: 4910 bytes --]
next prev parent reply other threads:[~2025-03-03 16:35 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-28 21:23 [PATCH] accel/tcg: fix msan findings in translate-all Patrick Venture
2025-02-28 21:38 ` Richard Henderson
2025-02-28 22:25 ` Patrick Venture
2025-03-03 16:34 ` Peter Foley [this message]
2025-03-03 16:40 ` Peter Foley
2025-03-03 21:14 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAAKUPP_mK2VApyCOf2N3twYfn_fe5P5Y_OMhmCSqP1HrhZSDQ@mail.gmail.com \
--to=pefoley@google.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=venture@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).