false-positive bug report likely due to kmsan_percpu_ctx shared between softirq and hardirq context #92
Description
syzkaller with KMSAN created the following bug report: https://syzkaller.appspot.com/bug?extid=cfc08744435c4cf94a40
This looks like it might be a false-positive due to KMSAN missing part of the initialization because it occurs in a kmsan_in_runtime() section. KMSAN stores the kmsan_in_runtime flag in a kmsan_ctx. There are two types of such contexts (see kmsan_get_context()):
- every task has a context in
current->kmsan_ctx, used when running in task context (in_task()) - every CPU has a context in the percpu variable
kmsan_percpu_ctx, used when running outside task context (softirq context or single-depth hardirq - KMSAN never runs in nested hardirq or NMI context)
Therefore, I think the following sequence of events can happen:
- [softirq context]: entry into softirq
- [softirq context]: call into some KMSAN runtime function sets
kmsan_in_runtime - [hardirq context]: entry due to timer interrupt
- [hardirq context]: allocate and initialize some memory - KMSAN will not track this because
kmsan_in_runtimeis set
One way to fix this might be to add another set of percpu kmsan_ctx - one set for softirq, one set for single-depth hardirq - and select from them based on whether in_hardirq() || in_nmi() is set.
(It might also be a good idea to add more contexts like this, for stuff like NMI context.)