* KMSAN: uninit-value in aes_encrypt (2) @ 2019-10-24 17:02 syzbot 2019-10-24 17:23 ` [net/tls] " Eric Biggers 0 siblings, 1 reply; 6+ messages in thread From: syzbot @ 2019-10-24 17:02 UTC (permalink / raw) To: davem, glider, herbert, linux-crypto, linux-kernel, syzkaller-bugs Hello, syzbot found the following crash on: HEAD commit: 3c8ca708 test_kmsan.c: fix SPDX comment git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=14129497600000 kernel config: https://syzkaller.appspot.com/x/.config?x=c07a3d4f8a59e198 dashboard link: https://syzkaller.appspot.com/bug?extid=9e3b178624a8a2f8fa28 compiler: clang version 9.0.0 (/home/glider/llvm/clang 80fee25776c2fb61e74c1ecb1a523375c2500b69) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11331128e00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140b47ef600000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+9e3b178624a8a2f8fa28@syzkaller.appspotmail.com IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 8021q: adding VLAN 0 to HW filter on device batadv0 ===================================================== BUG: KMSAN: uninit-value in subshift lib/crypto/aes.c:149 [inline] BUG: KMSAN: uninit-value in aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282 CPU: 0 PID: 12200 Comm: syz-executor134 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x191/0x1f0 lib/dump_stack.c:113 kmsan_report+0x14a/0x2f0 mm/kmsan/kmsan_report.c:110 __msan_warning+0x73/0xf0 mm/kmsan/kmsan_instr.c:245 subshift lib/crypto/aes.c:149 [inline] aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282 aesti_encrypt+0xe8/0x130 crypto/aes_ti.c:31 crypto_cipher_encrypt_one include/linux/crypto.h:1763 [inline] crypto_cbcmac_digest_update+0x3cf/0x550 crypto/ccm.c:871 crypto_shash_update crypto/shash.c:107 [inline] shash_ahash_finup+0x659/0xb20 crypto/shash.c:276 shash_async_finup+0xbb/0x110 crypto/shash.c:291 crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368 crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393 crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230 crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309 crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99 tls_do_encryption net/tls/tls_sw.c:521 [inline] tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730 bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770 tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033 inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] __sys_sendto+0x8fc/0xc70 net/socket.c:1952 __do_sys_sendto net/socket.c:1964 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:1960 __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x441cf9 Code: 43 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00000000007eff08 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441cf9 RDX: fffffffffffffee0 RSI: 00000000200005c0 RDI: 0000000000000003 RBP: 00000000007eff30 R08: 0000000000000000 R09: 00000000000000b6 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403490 R13: 0000000000403520 R14: 0000000000000000 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline] kmsan_internal_chain_origin+0xbd/0x170 mm/kmsan/kmsan.c:319 __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:179 __crypto_xor+0x1e8/0x1470 crypto/algapi.c:992 crypto_xor include/crypto/algapi.h:213 [inline] crypto_cbcmac_digest_update+0x2ba/0x550 crypto/ccm.c:865 crypto_shash_update crypto/shash.c:107 [inline] shash_ahash_finup+0x659/0xb20 crypto/shash.c:276 shash_async_finup+0xbb/0x110 crypto/shash.c:291 crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368 crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393 crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230 crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309 crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99 tls_do_encryption net/tls/tls_sw.c:521 [inline] tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730 bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770 tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033 inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] __sys_sendto+0x8fc/0xc70 net/socket.c:1952 __do_sys_sendto net/socket.c:1964 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:1960 __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 Uninit was created at: kmsan_save_stack_with_flags+0x3f/0x90 mm/kmsan/kmsan.c:151 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:362 [inline] kmsan_alloc_page+0x153/0x370 mm/kmsan/kmsan_shadow.c:391 __alloc_pages_nodemask+0x149d/0x60c0 mm/page_alloc.c:4794 alloc_pages_current+0x68d/0x9a0 mm/mempolicy.c:2188 alloc_pages include/linux/gfp.h:511 [inline] skb_page_frag_refill+0x2b0/0x580 net/core/sock.c:2372 sk_page_frag_refill+0xa4/0x330 net/core/sock.c:2392 sk_msg_alloc+0x203/0x1050 net/core/skmsg.c:37 tls_alloc_encrypted_msg net/tls/tls_sw.c:284 [inline] tls_sw_sendmsg+0xb56/0x2710 net/tls/tls_sw.c:953 inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] __sys_sendto+0x8fc/0xc70 net/socket.c:1952 __do_sys_sendto net/socket.c:1964 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:1960 __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 ===================================================== --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 6+ messages in thread
* [net/tls] Re: KMSAN: uninit-value in aes_encrypt (2) 2019-10-24 17:02 KMSAN: uninit-value in aes_encrypt (2) syzbot @ 2019-10-24 17:23 ` Eric Biggers 2019-10-24 17:45 ` Jakub Kicinski 2019-10-30 16:08 ` Jakub Kicinski 0 siblings, 2 replies; 6+ messages in thread From: Eric Biggers @ 2019-10-24 17:23 UTC (permalink / raw) To: Boris Pismenny, Aviad Yehezkel, Dave Watson, John Fastabend, Daniel Borkmann, Jakub Kicinski Cc: davem, glider, herbert, linux-crypto, linux-kernel, syzkaller-bugs, syzbot [+TLS maintainers] This is a net/tls bug, and probably a duplicate of: KMSAN: uninit-value in gf128mul_4k_lle (3) https://lkml.kernel.org/linux-crypto/000000000000bf2457057b5ccda3@google.com/T/#u KMSAN: uninit-value in aesti_encrypt https://lkml.kernel.org/linux-crypto/000000000000a97a15058c50c52e@google.com/T/#u See analysis from Alexander Potapenko here which shows that uninitialized memory is being passed from TLS subsystem into crypto subsystem: https://lkml.kernel.org/linux-crypto/CAG_fn=UGCoDk04tL2vB981JmXgo6+-RUPmrTa3dSsK5UbZaTjA@mail.gmail.com/ That was a year ago, with C reproducer, and I've sent several reminders for this already. What's the ETA on a fix? Or is TLS subsystem de facto unmaintained? On Thu, Oct 24, 2019 at 10:02:08AM -0700, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 3c8ca708 test_kmsan.c: fix SPDX comment > git tree: https://github.com/google/kmsan.git master > console output: https://syzkaller.appspot.com/x/log.txt?x=14129497600000 > kernel config: https://syzkaller.appspot.com/x/.config?x=c07a3d4f8a59e198 > dashboard link: https://syzkaller.appspot.com/bug?extid=9e3b178624a8a2f8fa28 > compiler: clang version 9.0.0 (/home/glider/llvm/clang > 80fee25776c2fb61e74c1ecb1a523375c2500b69) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11331128e00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140b47ef600000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+9e3b178624a8a2f8fa28@syzkaller.appspotmail.com > > IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready > 8021q: adding VLAN 0 to HW filter on device batadv0 > ===================================================== > BUG: KMSAN: uninit-value in subshift lib/crypto/aes.c:149 [inline] > BUG: KMSAN: uninit-value in aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282 > CPU: 0 PID: 12200 Comm: syz-executor134 Not tainted 5.4.0-rc3+ #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x191/0x1f0 lib/dump_stack.c:113 > kmsan_report+0x14a/0x2f0 mm/kmsan/kmsan_report.c:110 > __msan_warning+0x73/0xf0 mm/kmsan/kmsan_instr.c:245 > subshift lib/crypto/aes.c:149 [inline] > aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282 > aesti_encrypt+0xe8/0x130 crypto/aes_ti.c:31 > crypto_cipher_encrypt_one include/linux/crypto.h:1763 [inline] > crypto_cbcmac_digest_update+0x3cf/0x550 crypto/ccm.c:871 > crypto_shash_update crypto/shash.c:107 [inline] > shash_ahash_finup+0x659/0xb20 crypto/shash.c:276 > shash_async_finup+0xbb/0x110 crypto/shash.c:291 > crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368 > crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393 > crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230 > crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309 > crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99 > tls_do_encryption net/tls/tls_sw.c:521 [inline] > tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730 > bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770 > tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033 > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 > sock_sendmsg_nosec net/socket.c:637 [inline] > sock_sendmsg net/socket.c:657 [inline] > __sys_sendto+0x8fc/0xc70 net/socket.c:1952 > __do_sys_sendto net/socket.c:1964 [inline] > __se_sys_sendto+0x107/0x130 net/socket.c:1960 > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 > entry_SYSCALL_64_after_hwframe+0x63/0xe7 > RIP: 0033:0x441cf9 > Code: 43 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 > 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff > 0f 83 0b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 > RSP: 002b:00000000007eff08 EFLAGS: 00000246 ORIG_RAX: 000000000000002c > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441cf9 > RDX: fffffffffffffee0 RSI: 00000000200005c0 RDI: 0000000000000003 > RBP: 00000000007eff30 R08: 0000000000000000 R09: 00000000000000b6 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403490 > R13: 0000000000403520 R14: 0000000000000000 R15: 0000000000000000 > > Uninit was stored to memory at: > kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline] > kmsan_internal_chain_origin+0xbd/0x170 mm/kmsan/kmsan.c:319 > __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:179 > __crypto_xor+0x1e8/0x1470 crypto/algapi.c:992 > crypto_xor include/crypto/algapi.h:213 [inline] > crypto_cbcmac_digest_update+0x2ba/0x550 crypto/ccm.c:865 > crypto_shash_update crypto/shash.c:107 [inline] > shash_ahash_finup+0x659/0xb20 crypto/shash.c:276 > shash_async_finup+0xbb/0x110 crypto/shash.c:291 > crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368 > crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393 > crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230 > crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309 > crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99 > tls_do_encryption net/tls/tls_sw.c:521 [inline] > tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730 > bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770 > tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033 > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 > sock_sendmsg_nosec net/socket.c:637 [inline] > sock_sendmsg net/socket.c:657 [inline] > __sys_sendto+0x8fc/0xc70 net/socket.c:1952 > __do_sys_sendto net/socket.c:1964 [inline] > __se_sys_sendto+0x107/0x130 net/socket.c:1960 > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 > entry_SYSCALL_64_after_hwframe+0x63/0xe7 > > Uninit was created at: > kmsan_save_stack_with_flags+0x3f/0x90 mm/kmsan/kmsan.c:151 > kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:362 [inline] > kmsan_alloc_page+0x153/0x370 mm/kmsan/kmsan_shadow.c:391 > __alloc_pages_nodemask+0x149d/0x60c0 mm/page_alloc.c:4794 > alloc_pages_current+0x68d/0x9a0 mm/mempolicy.c:2188 > alloc_pages include/linux/gfp.h:511 [inline] > skb_page_frag_refill+0x2b0/0x580 net/core/sock.c:2372 > sk_page_frag_refill+0xa4/0x330 net/core/sock.c:2392 > sk_msg_alloc+0x203/0x1050 net/core/skmsg.c:37 > tls_alloc_encrypted_msg net/tls/tls_sw.c:284 [inline] > tls_sw_sendmsg+0xb56/0x2710 net/tls/tls_sw.c:953 > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 > sock_sendmsg_nosec net/socket.c:637 [inline] > sock_sendmsg net/socket.c:657 [inline] > __sys_sendto+0x8fc/0xc70 net/socket.c:1952 > __do_sys_sendto net/socket.c:1964 [inline] > __se_sys_sendto+0x107/0x130 net/socket.c:1960 > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 > entry_SYSCALL_64_after_hwframe+0x63/0xe7 > ===================================================== > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000065ef5f0595aafe71%40google.com. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net/tls] Re: KMSAN: uninit-value in aes_encrypt (2) 2019-10-24 17:23 ` [net/tls] " Eric Biggers @ 2019-10-24 17:45 ` Jakub Kicinski 2019-10-25 14:29 ` Herbert Xu 2019-10-30 16:08 ` Jakub Kicinski 1 sibling, 1 reply; 6+ messages in thread From: Jakub Kicinski @ 2019-10-24 17:45 UTC (permalink / raw) To: Eric Biggers Cc: Boris Pismenny, Aviad Yehezkel, Dave Watson, John Fastabend, Daniel Borkmann, davem, glider, herbert, linux-crypto, linux-kernel, syzkaller-bugs, syzbot On Thu, 24 Oct 2019 10:23:53 -0700, Eric Biggers wrote: > [+TLS maintainers] > > This is a net/tls bug, and probably a duplicate of: > > KMSAN: uninit-value in gf128mul_4k_lle (3) > https://lkml.kernel.org/linux-crypto/000000000000bf2457057b5ccda3@google.com/T/#u > > KMSAN: uninit-value in aesti_encrypt > https://lkml.kernel.org/linux-crypto/000000000000a97a15058c50c52e@google.com/T/#u > > See analysis from Alexander Potapenko here which shows that uninitialized memory > is being passed from TLS subsystem into crypto subsystem: > > https://lkml.kernel.org/linux-crypto/CAG_fn=UGCoDk04tL2vB981JmXgo6+-RUPmrTa3dSsK5UbZaTjA@mail.gmail.com/ > > That was a year ago, with C reproducer, and I've sent several reminders for this > already. What's the ETA on a fix? Or is TLS subsystem de facto unmaintained? Oh, thanks for the CC, I don't see any of these in my inbox. We have 6 TLS maintainers, the 3 that were CCed on the thread above don't participate much :( If nobody beats me to it I'll def take a look on Monday (PTOing this week). > On Thu, Oct 24, 2019 at 10:02:08AM -0700, syzbot wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: 3c8ca708 test_kmsan.c: fix SPDX comment > > git tree: https://github.com/google/kmsan.git master > > console output: https://syzkaller.appspot.com/x/log.txt?x=14129497600000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=c07a3d4f8a59e198 > > dashboard link: https://syzkaller.appspot.com/bug?extid=9e3b178624a8a2f8fa28 > > compiler: clang version 9.0.0 (/home/glider/llvm/clang > > 80fee25776c2fb61e74c1ecb1a523375c2500b69) > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11331128e00000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140b47ef600000 > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+9e3b178624a8a2f8fa28@syzkaller.appspotmail.com > > > > IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready > > 8021q: adding VLAN 0 to HW filter on device batadv0 > > ===================================================== > > BUG: KMSAN: uninit-value in subshift lib/crypto/aes.c:149 [inline] > > BUG: KMSAN: uninit-value in aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282 > > CPU: 0 PID: 12200 Comm: syz-executor134 Not tainted 5.4.0-rc3+ #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > Call Trace: > > __dump_stack lib/dump_stack.c:77 [inline] > > dump_stack+0x191/0x1f0 lib/dump_stack.c:113 > > kmsan_report+0x14a/0x2f0 mm/kmsan/kmsan_report.c:110 > > __msan_warning+0x73/0xf0 mm/kmsan/kmsan_instr.c:245 > > subshift lib/crypto/aes.c:149 [inline] > > aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282 > > aesti_encrypt+0xe8/0x130 crypto/aes_ti.c:31 > > crypto_cipher_encrypt_one include/linux/crypto.h:1763 [inline] > > crypto_cbcmac_digest_update+0x3cf/0x550 crypto/ccm.c:871 > > crypto_shash_update crypto/shash.c:107 [inline] > > shash_ahash_finup+0x659/0xb20 crypto/shash.c:276 > > shash_async_finup+0xbb/0x110 crypto/shash.c:291 > > crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368 > > crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393 > > crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230 > > crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309 > > crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99 > > tls_do_encryption net/tls/tls_sw.c:521 [inline] > > tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730 > > bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770 > > tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033 > > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 > > sock_sendmsg_nosec net/socket.c:637 [inline] > > sock_sendmsg net/socket.c:657 [inline] > > __sys_sendto+0x8fc/0xc70 net/socket.c:1952 > > __do_sys_sendto net/socket.c:1964 [inline] > > __se_sys_sendto+0x107/0x130 net/socket.c:1960 > > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 > > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 > > entry_SYSCALL_64_after_hwframe+0x63/0xe7 > > RIP: 0033:0x441cf9 > > Code: 43 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 > > 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff > > 0f 83 0b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 > > RSP: 002b:00000000007eff08 EFLAGS: 00000246 ORIG_RAX: 000000000000002c > > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441cf9 > > RDX: fffffffffffffee0 RSI: 00000000200005c0 RDI: 0000000000000003 > > RBP: 00000000007eff30 R08: 0000000000000000 R09: 00000000000000b6 > > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403490 > > R13: 0000000000403520 R14: 0000000000000000 R15: 0000000000000000 > > > > Uninit was stored to memory at: > > kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline] > > kmsan_internal_chain_origin+0xbd/0x170 mm/kmsan/kmsan.c:319 > > __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:179 > > __crypto_xor+0x1e8/0x1470 crypto/algapi.c:992 > > crypto_xor include/crypto/algapi.h:213 [inline] > > crypto_cbcmac_digest_update+0x2ba/0x550 crypto/ccm.c:865 > > crypto_shash_update crypto/shash.c:107 [inline] > > shash_ahash_finup+0x659/0xb20 crypto/shash.c:276 > > shash_async_finup+0xbb/0x110 crypto/shash.c:291 > > crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368 > > crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393 > > crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230 > > crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309 > > crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99 > > tls_do_encryption net/tls/tls_sw.c:521 [inline] > > tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730 > > bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770 > > tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033 > > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 > > sock_sendmsg_nosec net/socket.c:637 [inline] > > sock_sendmsg net/socket.c:657 [inline] > > __sys_sendto+0x8fc/0xc70 net/socket.c:1952 > > __do_sys_sendto net/socket.c:1964 [inline] > > __se_sys_sendto+0x107/0x130 net/socket.c:1960 > > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 > > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 > > entry_SYSCALL_64_after_hwframe+0x63/0xe7 > > > > Uninit was created at: > > kmsan_save_stack_with_flags+0x3f/0x90 mm/kmsan/kmsan.c:151 > > kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:362 [inline] > > kmsan_alloc_page+0x153/0x370 mm/kmsan/kmsan_shadow.c:391 > > __alloc_pages_nodemask+0x149d/0x60c0 mm/page_alloc.c:4794 > > alloc_pages_current+0x68d/0x9a0 mm/mempolicy.c:2188 > > alloc_pages include/linux/gfp.h:511 [inline] > > skb_page_frag_refill+0x2b0/0x580 net/core/sock.c:2372 > > sk_page_frag_refill+0xa4/0x330 net/core/sock.c:2392 > > sk_msg_alloc+0x203/0x1050 net/core/skmsg.c:37 > > tls_alloc_encrypted_msg net/tls/tls_sw.c:284 [inline] > > tls_sw_sendmsg+0xb56/0x2710 net/tls/tls_sw.c:953 > > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576 > > sock_sendmsg_nosec net/socket.c:637 [inline] > > sock_sendmsg net/socket.c:657 [inline] > > __sys_sendto+0x8fc/0xc70 net/socket.c:1952 > > __do_sys_sendto net/socket.c:1964 [inline] > > __se_sys_sendto+0x107/0x130 net/socket.c:1960 > > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960 > > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 > > entry_SYSCALL_64_after_hwframe+0x63/0xe7 > > ===================================================== > > > > > > --- > > This bug is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > syzbot will keep track of this bug report. See: > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > syzbot can test patches for this bug, for details see: > > https://goo.gl/tpsmEJ#testing-patches > > > > -- > > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000065ef5f0595aafe71%40google.com. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net/tls] Re: KMSAN: uninit-value in aes_encrypt (2) 2019-10-24 17:45 ` Jakub Kicinski @ 2019-10-25 14:29 ` Herbert Xu 2019-10-25 16:37 ` Jakub Kicinski 0 siblings, 1 reply; 6+ messages in thread From: Herbert Xu @ 2019-10-25 14:29 UTC (permalink / raw) To: Jakub Kicinski Cc: Eric Biggers, Boris Pismenny, Aviad Yehezkel, Dave Watson, John Fastabend, Daniel Borkmann, davem, glider, linux-crypto, linux-kernel, syzkaller-bugs, syzbot On Thu, Oct 24, 2019 at 10:45:37AM -0700, Jakub Kicinski wrote: > > Oh, thanks for the CC, I don't see any of these in my inbox. We have > 6 TLS maintainers, the 3 that were CCed on the thread above don't > participate much :( Can you please ensure that all the maintainers are listed in the MAINTAINERS file so people can cc them when needed? Thanks, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net/tls] Re: KMSAN: uninit-value in aes_encrypt (2) 2019-10-25 14:29 ` Herbert Xu @ 2019-10-25 16:37 ` Jakub Kicinski 0 siblings, 0 replies; 6+ messages in thread From: Jakub Kicinski @ 2019-10-25 16:37 UTC (permalink / raw) To: Herbert Xu Cc: Eric Biggers, Boris Pismenny, Aviad Yehezkel, Dave Watson, John Fastabend, Daniel Borkmann, davem, glider, linux-crypto, linux-kernel, syzkaller-bugs, syzbot On Fri, 25 Oct 2019 22:29:25 +0800, Herbert Xu wrote: > On Thu, Oct 24, 2019 at 10:45:37AM -0700, Jakub Kicinski wrote: > > > > Oh, thanks for the CC, I don't see any of these in my inbox. We have > > 6 TLS maintainers, the 3 that were CCed on the thread above don't > > participate much :( > > Can you please ensure that all the maintainers are listed in the > MAINTAINERS file so people can cc them when needed? Yes, to be clear we are all listed. Coincidentally we're listed in order of addition, which turns out to be reverse to the amount of caring.. And in the threads above it seems someone decided to only CC first few (i.e. the oldest, i.e. the least caring). I'll send a patch to remove Dave Watson at least. He's FB email address is dead, I've been trying to get in touch with him for 2 months with no luck.. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [net/tls] Re: KMSAN: uninit-value in aes_encrypt (2) 2019-10-24 17:23 ` [net/tls] " Eric Biggers 2019-10-24 17:45 ` Jakub Kicinski @ 2019-10-30 16:08 ` Jakub Kicinski 1 sibling, 0 replies; 6+ messages in thread From: Jakub Kicinski @ 2019-10-30 16:08 UTC (permalink / raw) To: Eric Biggers Cc: John Fastabend, Daniel Borkmann, davem, glider, herbert, linux-crypto, linux-kernel, syzkaller-bugs, syzbot On Thu, 24 Oct 2019 10:23:53 -0700, Eric Biggers wrote: > [+TLS maintainers] > > This is a net/tls bug, and probably a duplicate of: > > KMSAN: uninit-value in gf128mul_4k_lle (3) > https://lkml.kernel.org/linux-crypto/000000000000bf2457057b5ccda3@google.com/T/#u > > KMSAN: uninit-value in aesti_encrypt > https://lkml.kernel.org/linux-crypto/000000000000a97a15058c50c52e@google.com/T/#u > > See analysis from Alexander Potapenko here which shows that uninitialized memory > is being passed from TLS subsystem into crypto subsystem: > > https://lkml.kernel.org/linux-crypto/CAG_fn=UGCoDk04tL2vB981JmXgo6+-RUPmrTa3dSsK5UbZaTjA@mail.gmail.com/ > > That was a year ago, with C reproducer, and I've sent several reminders for this > already. What's the ETA on a fix? Or is TLS subsystem de facto unmaintained? Re: maintainers it may actually be that the bug is so old the people who pay attention weren't in the MAINTAINERS yet ;) That'd explain why Alexander didn't CC us. Fix posted now: net/tls: fix sk_msg trim on fallback to copy mode 🤞 ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-10-30 16:08 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-24 17:02 KMSAN: uninit-value in aes_encrypt (2) syzbot 2019-10-24 17:23 ` [net/tls] " Eric Biggers 2019-10-24 17:45 ` Jakub Kicinski 2019-10-25 14:29 ` Herbert Xu 2019-10-25 16:37 ` Jakub Kicinski 2019-10-30 16:08 ` Jakub Kicinski
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).