| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Feb 2023 13:14:40 -0800
From: syzbot <syzbot+cb1e0978f6bf46b83a58@...kaller.appspotmail.com>
To: eric.auger@...hat.com, glider@...gle.com, iommu@...ts.linux.dev,
jgg@...dia.com, jgg@...pe.ca, joro@...tes.org,
kevin.tian@...el.com, linux-kernel@...r.kernel.org,
lixiao.yang@...el.com, mjrosato@...ux.ibm.com, nicolinc@...dia.com,
robin.murphy@....com, syzkaller-bugs@...glegroups.com,
will@...nel.org, yi.l.liu@...el.com
Subject: Re: [syzbot] KMSAN: kernel-infoleak in iommufd_vfio_ioctl
syzbot has found a reproducer for the following issue on:
HEAD commit: da13c00eebfb kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10d56c2b480000
kernel config: https://syzkaller.appspot.com/x/.config?x=41295d7e980cccef
dashboard link: https://syzkaller.appspot.com/bug?extid=cb1e0978f6bf46b83a58
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16560c43480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=109a7207480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/316f273df601/disk-da13c00e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c2802e9a4fe3/vmlinux-da13c00e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6211b8a40cab/bzImage-da13c00e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb1e0978f6bf46b83a58@...kaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0x1c5/0x270 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
__x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Local variable info.i created at:
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
Bytes 20-23 of 24 are uninitialized
Memory access of size 24 starts at ffff88810ed3bcb0
Data copied to user address 0000000020000100
CPU: 0 PID: 5039 Comm: syz-executor178 Not tainted 6.2.0-rc8-syzkaller-80994-gda13c00eebfb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
=====================================================
Powered by blists - more mailing lists