From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Peilin Ye <yepeilin.cs@gmail.com>
Cc: syzbot <syzbot+85433a479a646a064ab3@syzkaller.appspotmail.com>,
axboe@kernel.dk, glider@google.com, linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
Anant Thazhemadam <anant.thazhemadam@gmail.com>
Subject: Re: KMSAN: kernel-infoleak in scsi_cmd_ioctl
Date: Fri, 2 Oct 2020 16:00:58 +0200 [thread overview]
Message-ID: <20201002140058.GA3475053@kroah.com> (raw)
In-Reply-To: <20201002134944.GA8205@PWN>
On Fri, Oct 02, 2020 at 09:49:44AM -0400, Peilin Ye wrote:
> On Mon, Aug 31, 2020 at 03:28:22AM -0700, syzbot wrote:
> > BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
> > CPU: 1 PID: 12272 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > Call Trace:
> > __dump_stack lib/dump_stack.c:77 [inline]
> > dump_stack+0x21c/0x280 lib/dump_stack.c:118
> > kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
> > kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
> > kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
> > instrument_copy_to_user include/linux/instrumented.h:91 [inline]
> > _copy_to_user+0x18e/0x260 lib/usercopy.c:33
> > scsi_put_cdrom_generic_arg include/linux/uaccess.h:170 [inline]
>
> + Cc: Greg Kroah-Hartman
> + Cc: Anant Thazhemadam
>
> Hi all,
>
> In looking at the report, I guess this patch should fix the issue, there's
> a 3-byte hole in `struct compat_cdrom_generic_command`:
>
> [PATCH v3] block/scsi-ioctl: Prevent kernel-infoleak in scsi_put_cdrom_generic_arg()
> https://lore.kernel.org/lkml/20200909095057.1214104-1-yepeilin.cs@gmail.com/
>
> But I cannot verify it, since syzbot doesn't have a reproducer for it.
> The patch adds a 3-byte padding field to `struct
> compat_cdrom_generic_command`. It hasn't been accepted yet.
Please resend it, it looks like it hasn't been taken yet :(
thanks,
greg k-h
next prev parent reply other threads:[~2020-10-02 14:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-31 10:28 KMSAN: kernel-infoleak in scsi_cmd_ioctl syzbot
2020-10-02 13:49 ` Peilin Ye
2020-10-02 14:00 ` Greg Kroah-Hartman [this message]
2020-10-02 14:22 ` [PATCH v4] block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() Peilin Ye
2020-10-02 14:22 ` [Linux-kernel-mentees] " Peilin Ye
2020-10-02 18:02 ` Jens Axboe
2020-10-02 18:02 ` [Linux-kernel-mentees] " Jens Axboe
-- strict thread matches above, loose matches on Subject: below --
2020-09-30 15:53 KMSAN: kernel-infoleak in scsi_cmd_ioctl Anant Thazhemadam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201002140058.GA3475053@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=anant.thazhemadam@gmail.com \
--cc=axboe@kernel.dk \
--cc=glider@google.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+85433a479a646a064ab3@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yepeilin.cs@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.