| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAG_fn=X8UkYx5=3ARUtW3+asc+3tEdeBg=1NKS9VzChSCp33Yg@mail.gmail.com>
Date: Mon, 9 Mar 2020 12:53:28 +0100
From: Alexander Potapenko <glider@...gle.com>
To: Eric Biggers <ebiggers@...nel.org>
Cc: syzbot <syzbot+af962bf9e7e27bccd025@...kaller.appspotmail.com>,
len.brown@...el.com, LKML <linux-kernel@...r.kernel.org>,
Linux PM <linux-pm@...r.kernel.org>,
Pavel Machek <pavel@....cz>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: KMSAN: uninit-value in snapshot_compat_ioctl
> > Looks like a KMSAN false positive? As far as I can tell, the memory is being
> > initialized by put_user() called under set_fs(KERNEL_DS).
Why? put_user() doesn't write to kernel memory, instead it copies a
value to the userspace.
That's why KMSAN performs kmsan_check_memory() on it.
It would actually be better if KMSAN printed an kernel-infoleak warning instead.
> Although, it also looks like the problematic code can just be removed, since
> always sizeof(compat_loff_t) == sizeof(loff_t). I'll send a patch to do that...
Thanks!
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Powered by blists - more mailing lists