false-positive bug report likely due to kmsan_percpu_ctx shared between softirq and hardirq context

[thejh]

syzkaller with KMSAN created the following bug report: https://syzkaller.appspot.com/bug?extid=cfc08744435c4cf94a40

This looks like it might be a false-positive due to KMSAN missing part of the initialization because it occurs in a kmsan_in_runtime() section. KMSAN stores the kmsan_in_runtime flag in a kmsan_ctx. There are two types of such contexts (see kmsan_get_context()):

• every task has a context in current->kmsan_ctx, used when running in task context (in_task())
• every CPU has a context in the percpu variable kmsan_percpu_ctx, used when running outside task context (softirq context or single-depth hardirq - KMSAN never runs in nested hardirq or NMI context)

Therefore, I think the following sequence of events can happen:

• [softirq context]: entry into softirq
• [softirq context]: call into some KMSAN runtime function sets kmsan_in_runtime
• [hardirq context]: entry due to timer interrupt
• [hardirq context]: allocate and initialize some memory - KMSAN will not track this because kmsan_in_runtime is set

One way to fix this might be to add another set of percpu kmsan_ctx - one set for softirq, one set for single-depth hardirq - and select from them based on whether in_hardirq() || in_nmi() is set.

(It might also be a good idea to add more contexts like this, for stuff like NMI context.)