lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 7 Jan 2022 13:11:34 +0100
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     syzbot <syzbot+13e44cec8bcb2396a0a3@...kaller.appspotmail.com>
Cc:     akpm@...ux-foundation.org, cxfcosmos@...il.com,
        ebiederm@...ssion.com, glider@...gle.com, legion@...nel.org,
        linux-kernel@...r.kernel.org, serge@...lyn.com,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] KMSAN: uninit-value in from_kgid

On Fri, Jan 07, 2022 at 03:42:18AM -0800, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    81c325bbf94e kmsan: hooks: do not check memory in kmsan_in..
> git tree:       https://github.com/google/kmsan.git master
> console output: https://syzkaller.appspot.com/x/log.txt?x=10071b99b00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=2d8b9a11641dc9aa
> dashboard link: https://syzkaller.appspot.com/bug?extid=13e44cec8bcb2396a0a3
> compiler:       clang version 14.0.0 (/usr/local/google/src/llvm-git-monorepo 2b554920f11c8b763cd9ed9003f4e19b919b8e1f), GNU ld (GNU Binutils for Debian) 2.35.2
> userspace arch: i386
> 
> Unfortunately, I don't have any reproducer for this issue yet.
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+13e44cec8bcb2396a0a3@...kaller.appspotmail.com

Same 9p issue as others steeming from 9p copying from struct iattr
without checking what fields are valid leading to ultimately invalid
values being sent over the wire which is why KMSAN reports it.

Fixed in 9p and sitting in -next
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a403e2bd0026a690478719e46bef478777e7dd41
should show up during merge window.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ