iommufd: Initialize batch->kind in batch_clear()

deepanshu406 · jgunthorpe · commit 2724138b2f7f · 2026-01-28T12:49:17.000-04:00
KMSAN reported an uninitialized value when batch_add_pfn_num() reads batch->kind. This occurs because batch_clear() does not initialize the kind field. When batch_add_pfn_num() checks "if (batch->kind != kind)", it reads this uninitialized value, triggering KMSAN warnings. However the algorithm is fine with any value in kind at this point as the batch is always empty and it always corrects kind if wrong. Initialize batch->kind to zero in batch_clear() to silence the KMSAN warning. Link: https://patch.msgid.link/r/20260124132214.624041-1-kartikey406@gmail.com Reported-by: syzbot+df28076a30d726933015@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=df28076a30d726933015 Fixes: f394576 ("iommufd: PFN handling for iopt_pages") Tested-by: syzbot+df28076a30d726933015@syzkaller.appspotmail.com Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Tested-by: syzbot+a0c841e02f328005bbcc@syzkaller.appspotmail.com Reported-by: syzbot+a0c841e02f328005bbcc@syzkaller.appspotmail.com Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
diff --git a/drivers/iommu/iommufd/pages.c b/drivers/iommu/iommufd/pages.c
@@ -289,6 +289,7 @@ static void batch_clear(struct pfn_batch *batch)
 	batch->end = 0;
 	batch->pfns[0] = 0;
 	batch->npfns[0] = 0;
+	batch->kind = 0;
 }
 
 /*

Original file line number	Diff line number	Diff line change
`@@ -289,6 +289,7 @@ static void batch_clear(struct pfn_batch *batch)`
`289`	`289`	`batch->end = 0;`
`290`	`290`	`batch->pfns[0] = 0;`
`291`	`291`	`batch->npfns[0] = 0;`
	`292`	`+ batch->kind = 0;`
`292`	`293`	`}`
`293`	`294`
`294`	`295`	`/*`