From patchwork Mon Jan 23 14:06:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Potapenko X-Patchwork-Id: 9532601 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 926A26042D for ; Mon, 23 Jan 2017 14:07:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E8E6201BC for ; Mon, 23 Jan 2017 14:07:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 733BF28375; Mon, 23 Jan 2017 14:07:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1591E201BC for ; Mon, 23 Jan 2017 14:07:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751279AbdAWOHP (ORCPT ); Mon, 23 Jan 2017 09:07:15 -0500 Received: from mail-wm0-f46.google.com ([74.125.82.46]:38406 "EHLO mail-wm0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751260AbdAWOHO (ORCPT ); Mon, 23 Jan 2017 09:07:14 -0500 Received: by mail-wm0-f46.google.com with SMTP id r144so156981327wme.1 for ; Mon, 23 Jan 2017 06:07:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=IZ/SzTszCKz+H/sNvn18HNHz5p/jRboxpGhMyrbl35Q=; b=NlFdegOafn7vDaopSmE4aRW/iIEw0F2iUtsNkqBv89hC+sPMTvLWASfxkPqA+xaIrc wfSkHa1PuEX8sCRHOubWrX074P7tmJCr1ZQUqcfbZHrpGeAqnnOuHCc016xAYKOBF2EJ zwf3TXCKTzuzlsS7rLg4UigbeMV9RX0aUKCJhBMtKH63xMhVzJvZVRDH+o79KenrQ8tr 8/WJJM4Xu2wgFWD19fDoWpHIp/1EhsOJmv3bD1VjltvGooSnSMxZkE9Ty6+BE7SlLPkW /kRaylQQn+zEh9/S+vhYpQaAXxS8QXa07fVqmI2RhCWOLvB3AdezvPStw3oIaCXUUUTv Rrwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=IZ/SzTszCKz+H/sNvn18HNHz5p/jRboxpGhMyrbl35Q=; b=Ks/xanJZ3g5BqoHoYarQymFUpwijhU6/d3CSO4UmvIF8kyU0+pNFAF/qFGZgc8bpuo ptI4tJz6VzY1qSh6NBWuS7ScubbH3QHhJjuxAed794MSBJE5aLI3TOSSQvh9JvxmzjBj hJMlXx/gdpP3CxxD+Lk/nX3O6KfXlCUnTJMPVxBQs80cc92ilUgZHLUB++uaxZGkGnqo W1a3JiLc/uX/1o0Lh0aAsw7CXcS6nouvUk9U5quu8FIe2oH9poalUwANi7DzmbpZIvjm OyC2fy22u0WmGj4fUqqgz7fAgpl905N7T531A8v7e1ZiHc6fgjFIbOnP0Dbhajl8rlLZ YfNg== X-Gm-Message-State: AIkVDXK951xlAJHUK8ef9BKsDgnRtZgb5uYrURit2keU5qLGeUuw256adomL/szPl9C0dNQ9 X-Received: by 10.223.164.7 with SMTP id d7mr26997971wra.70.1485180433434; Mon, 23 Jan 2017 06:07:13 -0800 (PST) Received: from glider0.muc.corp.google.com ([100.105.28.21]) by smtp.gmail.com with ESMTPSA id x69sm7382756wma.15.2017.01.23.06.07.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 23 Jan 2017 06:07:12 -0800 (PST) From: Alexander Potapenko To: dvyukov@google.com, kcc@google.com, axboe@fb.com, tahsin@google.com Cc: linux-kernel@vger.kernel.org, linux-block@vger.kernel.org Subject: [PATCH] block: Initialize cfqq->ioprio_class in cfq_get_queue() Date: Mon, 23 Jan 2017 15:06:43 +0100 Message-Id: <20170123140643.32805-1-glider@google.com> X-Mailer: git-send-email 2.11.0.483.g087da7b7c-goog Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in cfq_init_cfqq(): ================================================================== BUG: KMSAN: use of unitialized memory ... Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x157/0x1d0 lib/dump_stack.c:51 [] kmsan_report+0x205/0x360 ??:? [] __msan_warning+0x5b/0xb0 ??:? [< inline >] cfq_init_cfqq block/cfq-iosched.c:3754 [] cfq_get_queue+0xc80/0x14d0 block/cfq-iosched.c:3857 ... origin: [] save_stack_trace+0x27/0x50 arch/x86/kernel/stacktrace.c:67 [] kmsan_internal_poison_shadow+0xab/0x150 ??:? [] kmsan_poison_slab+0xbb/0x120 ??:? [< inline >] allocate_slab mm/slub.c:1627 [] new_slab+0x3af/0x4b0 mm/slub.c:1641 [< inline >] new_slab_objects mm/slub.c:2407 [] ___slab_alloc+0x323/0x4a0 mm/slub.c:2564 [< inline >] __slab_alloc mm/slub.c:2606 [< inline >] slab_alloc_node mm/slub.c:2669 [] kmem_cache_alloc_node+0x1d2/0x1f0 mm/slub.c:2746 [] cfq_get_queue+0x47d/0x14d0 block/cfq-iosched.c:3850 ... ================================================================== (the line numbers are relative to 4.8-rc6, but the bug persists upstream) The uninitialized struct cfq_queue is created by kmem_cache_alloc_node() and then passed to cfq_init_cfqq(), which accesses cfqq->ioprio_class before it's initialized. Signed-off-by: Alexander Potapenko --- block/cfq-iosched.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c index c73a6fcaeb9d..611061ae470a 100644 --- a/block/cfq-iosched.c +++ b/block/cfq-iosched.c @@ -3864,6 +3864,8 @@ cfq_get_queue(struct cfq_data *cfqd, bool is_sync, struct cfq_io_cq *cic, goto out; } + /* cfq_init_cfqq() assumes cfqq->ioprio_class is initialized. */ + cfqq->ioprio_class = IOPRIO_CLASS_NONE; cfq_init_cfqq(cfqd, cfqq, current->pid, is_sync); cfq_init_prio_data(cfqq, cic); cfq_link_cfqq_cfqg(cfqq, cfqg);