Commit 2724138b authored Jan 24, 2026 by Deepanshu Kartikey Committed by Jason Gunthorpe Jan 28, 2026

iommufd: Initialize batch->kind in batch_clear()

KMSAN reported an uninitialized value when batch_add_pfn_num() reads
batch->kind. This occurs because batch_clear() does not initialize the
kind field.

When batch_add_pfn_num() checks "if (batch->kind != kind)", it reads this
uninitialized value, triggering KMSAN warnings. However the algorithm is
fine with any value in kind at this point as the batch is always empty and
it always corrects kind if wrong.

Initialize batch->kind to zero in batch_clear() to silence the KMSAN
warning.

Link: https://patch.msgid.link/r/20260124132214.624041-1-kartikey406@gmail.com


Reported-by:  <syzbot+df28076a30d726933015@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=df28076a30d726933015


Fixes: f394576e ("iommufd: PFN handling for iopt_pages")
Tested-by:  <syzbot+df28076a30d726933015@syzkaller.appspotmail.com>
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Tested-by:  <syzbot+a0c841e02f328005bbcc@syzkaller.appspotmail.com>
Reported-by:  <syzbot+a0c841e02f328005bbcc@syzkaller.appspotmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

parent 63804fed

drivers/iommu/iommufd/pages.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -289,6 +289,7 @@ static void batch_clear(struct pfn_batch *batch)
		batch->end = 0;
		batch->pfns[0] = 0;
		batch->npfns[0] = 0;
		batch->kind = 0;
		}

		/*