[Bug 281402] zfs: kmsan reports Uninitialized UMA memory from zio_data_buf_alloc

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 281402] zfs: kmsan reports Uninitialized UMA memory from zio_data_buf_alloc"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 10 Sep 2024 14:06:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281402

Mark Johnston <markj@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open

--- Comment #2 from Mark Johnston <markj@FreeBSD.org> ---
(In reply to Alan Somers from comment #1)
So, I'm not too familiar with zio_t.  Reading vdev_file_io_strategy(), I
suspect we want a kmsan_check_abd(), akin to kmsan_check_bio() etc..  (Note
that when KMSAN is configured, we try to disable unmapped I/O everywhere,
including ZFS.  KMSAN does not shadow the direct map.  This is not ideal.)

That is, something like

void
kmsan_check_abd(abd_t abd, const char *descr)
{
    KASSERT(abd_is_linear(abd));
    kmsan_shadow_check(abd_to_buf(abd), abd->abd_size, descr);
}

Or a kmsan_check_zio(), which applies the above to zio->io_abd when the type is
ZIO_TYPE_WRITE.

Then, various stages of the ZIO pipeline should check the abd/zio when writing.
 I guess __zio_execute() should perform that check.  That said, I'm not certain
it's true that the ZIO buffer is initialized at all stages in the pipeline (I'm
just not that familiar with the I/O path), so we might get false positives.

This way, we can at least narrow it down to a particular stage, or prove that
the data was uninitialized before entering the pipeline at all.  I guess
putting a check in zio_write() would be a good idea too.

-- 
You are receiving this mail because:
You are the assignee for the bug.