lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201002140058.GA3475053@kroah.com>
Date:   Fri, 2 Oct 2020 16:00:58 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Peilin Ye <yepeilin.cs@...il.com>
Cc:     syzbot <syzbot+85433a479a646a064ab3@...kaller.appspotmail.com>,
        axboe@...nel.dk, glider@...gle.com, linux-block@...r.kernel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        Anant Thazhemadam <anant.thazhemadam@...il.com>
Subject: Re: KMSAN: kernel-infoleak in scsi_cmd_ioctl

On Fri, Oct 02, 2020 at 09:49:44AM -0400, Peilin Ye wrote:
> On Mon, Aug 31, 2020 at 03:28:22AM -0700, syzbot wrote:
> > BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
> > CPU: 1 PID: 12272 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > Call Trace:
> >  __dump_stack lib/dump_stack.c:77 [inline]
> >  dump_stack+0x21c/0x280 lib/dump_stack.c:118
> >  kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
> >  kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
> >  kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
> >  instrument_copy_to_user include/linux/instrumented.h:91 [inline]
> >  _copy_to_user+0x18e/0x260 lib/usercopy.c:33
> >  scsi_put_cdrom_generic_arg include/linux/uaccess.h:170 [inline]
> 
> + Cc: Greg Kroah-Hartman
> + Cc: Anant Thazhemadam
> 
> Hi all,
> 
> In looking at the report, I guess this patch should fix the issue, there's
> a 3-byte hole in `struct compat_cdrom_generic_command`:
> 
> [PATCH v3] block/scsi-ioctl: Prevent kernel-infoleak in scsi_put_cdrom_generic_arg()
> https://lore.kernel.org/lkml/20200909095057.1214104-1-yepeilin.cs@gmail.com/
> 
> But I cannot verify it, since syzbot doesn't have a reproducer for it.
> The patch adds a 3-byte padding field to `struct
> compat_cdrom_generic_command`. It hasn't been accepted yet.

Please resend it, it looks like it hasn't been taken yet :(

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ