| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0000000000000df2c105f4929eb5@google.com>
Date: Mon, 13 Feb 2023 02:50:37 -0800
From: syzbot <syzbot+cb1e0978f6bf46b83a58@...kaller.appspotmail.com>
To: glider@...gle.com, iommu@...ts.linux.dev, jgg@...pe.ca,
joro@...tes.org, kevin.tian@...el.com,
linux-kernel@...r.kernel.org, robin.murphy@....com,
syzkaller-bugs@...glegroups.com, will@...nel.org
Subject: [syzbot] KMSAN: kernel-infoleak in iommufd_vfio_ioctl
Hello,
syzbot found the following issue on:
HEAD commit: 8c89ecf5c13b kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1592ac0b480000
kernel config: https://syzkaller.appspot.com/x/.config?x=91d3152219aa6b45
dashboard link: https://syzkaller.appspot.com/bug?extid=cb1e0978f6bf46b83a58
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c9d1327adc33/disk-8c89ecf5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8a07e8c41800/vmlinux-8c89ecf5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fe36dc6c869b/bzImage-8c89ecf5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb1e0978f6bf46b83a58@...kaller.appspotmail.com
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
instrument_copy_to_user include/linux/instrumented.h:121 [inline]
_copy_to_user+0x1c5/0x270 lib/usercopy.c:33
copy_to_user include/linux/uaccess.h:169 [inline]
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
__x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Local variable info.i created at:
iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
Bytes 20-23 of 24 are uninitialized
Memory access of size 24 starts at ffff8880ab237cb0
Data copied to user address 0000000020000000
CPU: 0 PID: 7156 Comm: syz-executor.5 Not tainted 6.2.0-rc7-syzkaller-80760-g8c89ecf5c13b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists