| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41d8ccc9-5488-ae23-c019-ba73662187f8@linux.dev>
Date: Tue, 27 Sep 2022 10:22:39 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Alexander Potapenko <glider@...gle.com>
Cc: Networking <netdev@...r.kernel.org>, joannelkoong@...il.com,
Jakub Kicinski <kuba@...nel.org>
Subject: Re: Use of uninit value in inet_bind2_bucket_find
On 9/27/22 9:34 AM, Alexander Potapenko wrote:
> On Tue, Sep 27, 2022 at 2:33 AM Martin KaFai Lau <martin.lau@...ux.dev> wrote:
>>
>> On 9/19/22 6:41 AM, Alexander Potapenko wrote:
>>> Hi Joanne, Jakub et al.,
>>>
>>> When building next-20220919 with KMSAN I am seeing the following error
>>> at boot time:
>>>
>>> =====================================================
>>> BUG: KMSAN: uninit-value in inet_bind2_bucket_find+0x71f/0x790
>>> net/ipv4/inet_hashtables.c:827
>>> inet_bind2_bucket_find+0x71f/0x790 net/ipv4/inet_hashtables.c:827
>>> inet_csk_get_port+0x2415/0x32e0 net/ipv4/inet_connection_sock.c:529
>>> __inet6_bind+0x1474/0x1a20 net/ipv6/af_inet6.c:406
>>> inet6_bind+0x176/0x360 net/ipv6/af_inet6.c:465
>>> __sys_bind+0x5b3/0x750 net/socket.c:1776
>>> __do_sys_bind net/socket.c:1787
>>> __se_sys_bind net/socket.c:1785
>>> __x64_sys_bind+0x8d/0xe0 net/socket.c:1785
>>> do_syscall_x64 arch/x86/entry/common.c:50
>>> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
>>> entry_SYSCALL_64_after_hwframe+0x63/0xcd ??:?
>>>
>>> Uninit was created at:
>>> slab_post_alloc_hook+0x156/0xb40 mm/slab.h:759
>>> slab_alloc_node mm/slub.c:3331
>>> slab_alloc mm/slub.c:3339
>>> __kmem_cache_alloc_lru mm/slub.c:3346
>>> kmem_cache_alloc+0x47e/0x9f0 mm/slub.c:3355
>>> inet_bind2_bucket_create+0x4b/0x3b0 net/ipv4/inet_hashtables.c:128
>>> inet_csk_get_port+0x2513/0x32e0 net/ipv4/inet_connection_sock.c:533
>>> __inet_bind+0xbd2/0x1040 net/ipv4/af_inet.c:525
>>> inet_bind+0x184/0x360 net/ipv4/af_inet.c:456
>>> __sys_bind+0x5b3/0x750 net/socket.c:1776
>>> __do_sys_bind net/socket.c:1787
>>> __se_sys_bind net/socket.c:1785
>>> __x64_sys_bind+0x8d/0xe0 net/socket.c:1785
>>> do_syscall_x64 arch/x86/entry/common.c:50
>>> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
>>> entry_SYSCALL_64_after_hwframe+0x63/0xcd ??:?
>>>
>>> CPU: 3 PID: 5983 Comm: sshd Not tainted 6.0.0-rc6-next-20220919 #211
>>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
>>> 1.16.0-debian-1.16.0-4 04/01/2014
>>> =====================================================
>>>
>>> I think this is related to "net: Add a bhash2 table hashed by port and
>>> address", could you please take a look?
>>> This error is not reported on v6.0-rc5 (note that KMSAN only exists in
>>> -next and as a v6.0-rc5 fork at https://github.com/google/kmsan).
>>
>> Hi Alex, thanks for the report.
>>
>> I have posted a fix [0]. I have problem getting kmsan kernel to boot.
>> Could you help to give the patch a try ? Thanks.
>>
>> [0]: https://lore.kernel.org/netdev/20220927002544.3381205-1-kafai@fb.com/
>
> Hi Martin,
>
> Thanks, I'll give it a shot.
>
> Could you please share the config you're using to build KMSAN? I am
> really curious about what's wrong.
The config is attached. My qemu setup has the very first WARN like
[ 1.296999] DEBUG_LOCKS_WARN_ON(lockdep_hardirqs_enabled())
[ 1.297077] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:5508
check_flags+0x63/0x180
and followed by many
[ 1.772919] BUG: KMSAN: uninit-value in __init_waitqueue_head+0x110/0x140
[ 1.773852] __init_waitqueue_head+0x110/0x140
[ 1.774853] dup_fd+0x146/0x1080
[ 1.775329] copy_files+0xcd/0x210
and then panic
Download attachment "config.xz" of type "application/x-xz" (22244 bytes)
Powered by blists - more mailing lists