From: Stephan Mueller <smueller@chronox.de>
To: Edward Adam Davis <eadavis@qq.com>
Cc: davem@davemloft.net, eadavis@qq.com, herbert@gondor.apana.org.au,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+e8bcd7ee3db6cb5cb875@syzkaller.appspotmail.com,
syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH V3] crypto: Mark intermediary memory as clean
Date: Mon, 18 Aug 2025 15:32:43 +0200 [thread overview]
Message-ID: <2401599.22IY78Rhhi@tauon> (raw)
In-Reply-To: <tencent_65C6578989EEED6EE78C8B67E586DE92EB06@qq.com>
Am Montag, 18. August 2025, 15:24:17 Mitteleuropäische Sommerzeit schrieb
Edward Adam Davis:
Hi Edward,
> This is not a leak! The stack memroy is hashed and fed into the
> entropy pool. We can't recover the original kernel memory from it.
>
> Reported-by: syzbot+e8bcd7ee3db6cb5cb875@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=e8bcd7ee3db6cb5cb875
> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Thank you for the patch. Just for the records:
- the intermediary buffer could be initialized to 0 without any effect on the
Jitter RNG, because all it wants is actually the execution of the Keccak
operation as part of crypto_shhash_finup.
- the intermediary buffer is inserted into the Jitter RNG state to ensure that
the compiler cannot optimize away the loop if the intermediary buffer would
not be used at all
- the intermediary buffer is not credited with any entropy as we only want the
Keccak operation
- by keeping the intermediary uninitialized, the Jitter RNG may get some
variations from the uninitialized buffer so that its internal state may
benefit from it
That said, I am fine with this current patch. But if there is still lingering
concern, I am equally fine to have it initialized to zero.
Thanks a lot
Stephan
> ---
> V1 -> V2: mark it as unpoison
> V2 -> V3: replace to sizeof, minimize the possibilities where
> inconsistencies can occur
>
> crypto/jitterentropy-kcapi.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
> index 1266eb790708..4020a6e41b0e 100644
> --- a/crypto/jitterentropy-kcapi.c
> +++ b/crypto/jitterentropy-kcapi.c
> @@ -117,6 +117,7 @@ int jent_hash_time(void *hash_state, __u64 time, u8
> *addtl, pr_warn_ratelimited("Unexpected digest size\n");
> return -EINVAL;
> }
> + kmsan_unpoison_memory(intermediary, sizeof(intermediary));
>
> /*
> * This loop fills a buffer which is injected into the entropy pool.
Ciao
Stephan
next prev parent reply other threads:[~2025-08-18 13:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-08 8:07 [syzbot] [crypto?] KMSAN: kernel-infoleak in rng_recvmsg syzbot
2025-08-09 9:59 ` [PATCH] crypto: Prevent " Edward Adam Davis
2025-08-16 9:17 ` Herbert Xu
2025-08-17 8:51 ` Herbert Xu
2025-08-17 10:59 ` [PATCH V2] crypto: Mark intermediary memory as clean Edward Adam Davis
2025-08-17 11:40 ` Herbert Xu
2025-08-18 12:17 ` Edward Adam Davis
2025-08-18 12:30 ` Herbert Xu
2025-08-18 12:43 ` Edward Adam Davis
2025-08-18 13:13 ` Stephan Mueller
2025-08-18 13:24 ` [PATCH V3] " Edward Adam Davis
2025-08-18 13:32 ` Stephan Mueller [this message]
2025-08-30 8:45 ` Herbert Xu
2025-08-26 13:51 ` [PATCH] crypto: Prevent kernel-infoleak in rng_recvmsg Ard Biesheuvel
2025-08-26 16:58 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2401599.22IY78Rhhi@tauon \
--to=smueller@chronox.de \
--cc=davem@davemloft.net \
--cc=eadavis@qq.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+e8bcd7ee3db6cb5cb875@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox