| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jun 2023 13:55:00 +0200 From: Alexander Potapenko <glider@...gle.com> To: Ard Biesheuvel <ardb@...nel.org> Cc: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, Boris Pismenny <borisp@...dia.com>, John Fastabend <john.fastabend@...il.com>, Jakub Kicinski <kuba@...nel.org>, herbert@...dor.apana.org.au, linux-crypto@...r.kernel.org, syzkaller-bugs@...glegroups.com, syzbot <syzbot+828dfc12440b4f6f305d@...kaller.appspotmail.com>, Eric Biggers <ebiggers@...nel.org>, Aviad Yehezkel <aviadye@...dia.com>, Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com> Subject: Re: [PATCH] net: tls: enable __GFP_ZERO upon tls_init() On Fri, Jun 30, 2023 at 1:49 PM Ard Biesheuvel <ardb@...nel.org> wrote: > > On Fri, 30 Jun 2023 at 13:38, Alexander Potapenko <glider@...gle.com> wrote: > > > > On Fri, Jun 30, 2023 at 12:18 PM Ard Biesheuvel <ardb@...nel.org> wrote: > > > > > > On Fri, 30 Jun 2023 at 12:11, Alexander Potapenko <glider@...gle.com> wrote: > > > > > > > > On Fri, Jun 30, 2023 at 12:02 PM Ard Biesheuvel <ardb@...nel.org> wrote: > > > > > > > > > > On Fri, 30 Jun 2023 at 11:53, Tetsuo Handa > > > > > <penguin-kernel@...ove.sakura.ne.jp> wrote: > > > > > > > > > > > > On 2023/06/30 18:36, Ard Biesheuvel wrote: > > > > > > > Why are you sending this now? > > > > > > > > > > > > Just because this is currently top crasher and I can reproduce locally. > > > > > > > > > > > > > Do you have a reproducer for this issue? > > > > > > > > > > > > Yes. https://syzkaller.appspot.com/text?tag=ReproC&x=12931621900000 works. > > > > > > > > > > > > > > > > Could you please share your kernel config and the resulting kernel log > > > > > when running the reproducer? I'll try to reproduce locally as well, > > > > > and see if I can figure out what is going on in the crypto layer > > > > > > > > The config together with the repro is available at > > > > https://syzkaller.appspot.com/bug?extid=828dfc12440b4f6f305d, see the > > > > latest row of the "Crashes" table that contains a C repro. > > > > > > Could you explain why that bug contains ~50 reports that seem entirely > > > unrelated? > > > > These are some unfortunate effects of syzbot trying to deduplicate > > bugs. There's a tradeoff between reporting every single crash > > separately and grouping together those that have e.g. the same origin. > > Applying this algorithm transitively results in bigger clusters > > containing unwanted reports. > > We'll look closer. > > > > > AIUI, this actual issue has not been reproduced since > > > 2020?? > > > > Oh, sorry, I misread the table and misinformed you. The topmost row of > > the table is indeed the _oldest_ one. > > Another manifestation of the bug was on 2023/05/23 > > (https://syzkaller.appspot.com/text?tag=CrashReport&x=146f66b1280000) > > > > That one has nothing to do with networking, so I don't see how this > patch would affect it. I definitely have to be more attentive. You are right that this bug report is also unrelated. Yet it is still fine to use the build artifacts corresponding to it (which is what I did). I'll investigate why so many reports got clustered into this one. > OK, thanks for the instructions. > > Out of curiosity - does the stack trace you cut off here include the > BPF routine mentioned in the report? It does: [ 151.522472][ T5865] ===================================================== [ 151.523843][ T5865] BUG: KMSAN: uninit-value in aes_encrypt+0x15cc/0x1db0 [ 151.525120][ T5865] aes_encrypt+0x15cc/0x1db0 [ 151.526113][ T5865] aesti_encrypt+0x7d/0xf0 [ 151.527057][ T5865] crypto_cipher_encrypt_one+0x112/0x200 [ 151.528224][ T5865] crypto_cbcmac_digest_update+0x301/0x4b0 [ 151.529459][ T5865] shash_ahash_finup+0x66e/0xc00 [ 151.530541][ T5865] shash_async_finup+0x7f/0xc0 [ 151.531542][ T5865] crypto_ahash_finup+0x1b8/0x3e0 [ 151.532583][ T5865] crypto_ccm_auth+0x1269/0x1350 [ 151.533606][ T5865] crypto_ccm_encrypt+0x1c9/0x7a0 [ 151.534650][ T5865] crypto_aead_encrypt+0xe0/0x150 [ 151.535695][ T5865] tls_push_record+0x3bf3/0x4ec0 [ 151.539491][ T5865] bpf_exec_tx_verdict+0x46e/0x21d0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [ 151.540597][ T5865] tls_sw_do_sendpage+0x1150/0x1ad0 [ 151.541594][ T5865] tls_sw_sendpage+0x15b/0x1b0 [ 151.542500][ T5865] inet_sendpage+0x138/0x210 [ 151.543365][ T5865] kernel_sendpage+0x34c/0x6d0 [ 151.544269][ T5865] sock_sendpage+0xb0/0x160 [ 151.545117][ T5865] pipe_to_sendpage+0x304/0x3f0 [ 151.546051][ T5865] __splice_from_pipe+0x438/0xc20 [ 151.547013][ T5865] generic_splice_sendpage+0x100/0x160 [ 151.548068][ T5865] do_splice+0x213b/0x2d10 [ 151.548933][ T5865] __se_sys_splice+0x5ad/0x8f0 [ 151.549851][ T5865] __x64_sys_splice+0x11b/0x1a0 [ 151.550790][ T5865] do_syscall_64+0x41/0xc0 [ 151.551646][ T5865] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.552773][ T5865] [ 151.553220][ T5865] Uninit was stored to memory at: [ 151.554212][ T5865] __crypto_xor+0x171/0x1310 [ 151.555062][ T5865] crypto_cbcmac_digest_update+0x208/0x4b0 [ 151.556132][ T5865] shash_ahash_finup+0x66e/0xc00 [ 151.557084][ T5865] shash_async_finup+0x7f/0xc0 [ 151.557989][ T5865] crypto_ahash_finup+0x1b8/0x3e0 [ 151.558941][ T5865] crypto_ccm_auth+0x1269/0x1350 [ 151.559874][ T5865] crypto_ccm_encrypt+0x1c9/0x7a0 [ 151.560812][ T5865] crypto_aead_encrypt+0xe0/0x150 [ 151.561749][ T5865] tls_push_record+0x3bf3/0x4ec0 [ 151.562835][ T5865] bpf_exec_tx_verdict+0x46e/0x21d0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [ 151.563967][ T5865] tls_sw_do_sendpage+0x1150/0x1ad0 [ 151.565075][ T5865] tls_sw_sendpage+0x15b/0x1b0 [ 151.566107][ T5865] inet_sendpage+0x138/0x210 [ 151.567078][ T5865] kernel_sendpage+0x34c/0x6d0 [ 151.568087][ T5865] sock_sendpage+0xb0/0x160 [ 151.568960][ T5865] pipe_to_sendpage+0x304/0x3f0 [ 151.569909][ T5865] __splice_from_pipe+0x438/0xc20 [ 151.570886][ T5865] generic_splice_sendpage+0x100/0x160 [ 151.571946][ T5865] do_splice+0x213b/0x2d10 [ 151.572810][ T5865] __se_sys_splice+0x5ad/0x8f0 [ 151.573732][ T5865] __x64_sys_splice+0x11b/0x1a0 [ 151.574664][ T5865] do_syscall_64+0x41/0xc0 [ 151.575513][ T5865] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.576640][ T5865] [ 151.577084][ T5865] Uninit was created at: [ 151.577949][ T5865] __alloc_pages+0x9a4/0xe00 [ 151.578849][ T5865] alloc_pages+0xd01/0x1040 [ 151.579729][ T5865] skb_page_frag_refill+0x2bf/0x7c0 [ 151.580752][ T5865] sk_page_frag_refill+0x59/0x130 [ 151.581720][ T5865] sk_msg_alloc+0x198/0x10d0 [ 151.582611][ T5865] tls_sw_do_sendpage+0x98a/0x1ad0 [ 151.583599][ T5865] tls_sw_sendpage+0x15b/0x1b0 [ 151.584535][ T5865] inet_sendpage+0x138/0x210 [ 151.585404][ T5865] kernel_sendpage+0x34c/0x6d0 [ 151.586275][ T5865] sock_sendpage+0xb0/0x160 [ 151.587099][ T5865] pipe_to_sendpage+0x304/0x3f0 [ 151.588023][ T5865] __splice_from_pipe+0x438/0xc20 [ 151.588981][ T5865] generic_splice_sendpage+0x100/0x160 [ 151.590032][ T5865] do_splice+0x213b/0x2d10 [ 151.590910][ T5865] __se_sys_splice+0x5ad/0x8f0 [ 151.591840][ T5865] __x64_sys_splice+0x11b/0x1a0 [ 151.592780][ T5865] do_syscall_64+0x41/0xc0 [ 151.593748][ T5865] entry_SYSCALL_64_after_hwframe+0x63/0xcd -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
Powered by blists - more mailing lists