Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3014346pxb; Tue, 12 Jan 2021 04:21:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJy4bD8jtDjERdejbCmjqkfsFcbikJ0+hqHrUifMzfmv6yx1UdfpFAWST1pAPAB57692vH1y X-Received: by 2002:a17:906:6a45:: with SMTP id n5mr3122382ejs.514.1610454089355; Tue, 12 Jan 2021 04:21:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610454089; cv=none; d=google.com; s=arc-20160816; b=QIbgRtvsSmRM4At1TG4gl3j6LTnFCos3jALN11p9gxzfrOmbZYMEmUfXlVEtlXq1Xu N12Q/lvVr9X8lKyyg+oYbBLx69+BOgBLDmknr42GmqGqYId2tfEYHM87rjlFefD7iwwr sDEwUUwya+z7HhNg512iqVQ4IyUiU3GhIisI4e3RO92o+bgEN/e76gg0+Omi28Qm6Ggo Pd9qdhIp9re25bzK0B7b2yKX/1paJ61S8p811+wb8F8czEiFBCjfgvLobfcwj8TVj5vV MhNn4YN3CDD1gSO8Ie5atbV+YPcsMkIUJpyzPfdRiTpB5KDu/WCAmNhW+fAvTQFYR7lf x8VA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=EpANNDf4CjUjzP+5Duuu4ccpZXLfRAhsfQONK2YZNGg=; b=dMyYr2UvHD+t6zmy7DbEHH9ohN1DVgqDB6IPWjKkHtkqkqaeq4C003Awcrmd3gRtQ0 xbHZ08odqB6W0ugc53b1SZQfeg4hZoed7yaWcYy5tfskXuuHbMODx+dqZtUIma3mtzVd 4pTkGPsnqlw49owpyGqzv4S0I81yGdx3l0LjP0sBG/v0JGCAsSKsUuRc5OrZxau8fq+w yD4P+Akk+LQ9xwNfYGRGlwqwYB83vIZE1udxdPQc7+ZdFx9QTip4d62pjcJY2WLL9HW5 TCupUOKOvc1SPrCDrnHYHJ6duxyPq5+XA/c7Yxo7SdkcL9yH3OTpYUHskWtVoIE+GYfi hZUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hartkopp.net header.s=strato-dkim-0002 header.b=kFHYgoyc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jo25si1044586ejb.575.2021.01.12.04.21.04; Tue, 12 Jan 2021 04:21:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@hartkopp.net header.s=strato-dkim-0002 header.b=kFHYgoyc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392513AbhALJSP (ORCPT + 99 others); Tue, 12 Jan 2021 04:18:15 -0500 Received: from mo4-p01-ob.smtp.rzone.de ([81.169.146.167]:28370 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389435AbhALJSP (ORCPT ); Tue, 12 Jan 2021 04:18:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1610442922; s=strato-dkim-0002; d=hartkopp.net; h=In-Reply-To:Date:Message-ID:From:References:Cc:To:Subject:From: Subject:Sender; bh=EpANNDf4CjUjzP+5Duuu4ccpZXLfRAhsfQONK2YZNGg=; b=kFHYgoyc8Omf90RF4Fo9wR/A7j+TjVYsxriggvqNG11Qq4lUGxT/lvtHODcFHnw3PP 2SvTZ6fdzATs37dOXc55FZ9JdoWThEkPPU7iKm8wYq14ImI/4Q3klMf72meg/4aA+G+4 LM9i4R0LFC7NSmboYwTFNBumPHznH3TWVwo6ZxzD8CC1hn/lMeUMsLc4RIBGzi0JbfeM +PLdAv190dHsrMo8JJD0xTIoYVj3g7Px2eBFbwkg5lkTQ+CVFuYUIuznB6Ru1ciA9Kxz Zxe6f2eBcRCQJgp7xbF80n9kguze31BT22GLFFdZ5wJRJk8BIKN647UGQ/VRk8/mgVpB GVNQ== X-RZG-AUTH: ":P2MHfkW8eP4Mre39l357AZT/I7AY/7nT2yrDxb8mjG14FZxedJy6qgO1o3TMaFqTEVR9J8xty10=" X-RZG-CLASS-ID: mo00 Received: from [192.168.10.137] by smtp.strato.de (RZmta 47.12.1 SBL|AUTH) with ESMTPSA id k075acx0C9C7KTC (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 12 Jan 2021 10:12:07 +0100 (CET) Subject: Re: KMSAN: kernel-infoleak in move_addr_to_user (4) To: Cong Wang , Jakub Kicinski Cc: syzbot , Robin van der Gracht , Oleksij Rempel , Marc Kleine-Budde , linux-can@vger.kernel.org, David Miller , Alexander Potapenko , LKML , Linux Kernel Network Developers , syzkaller-bugs References: <00000000000019908405b8891f9d@google.com> <20210111113059.42de599d@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> From: Oliver Hartkopp Message-ID: Date: Tue, 12 Jan 2021 10:12:02 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12.01.21 01:17, Cong Wang wrote: > On Mon, Jan 11, 2021 at 11:33 AM Jakub Kicinski wrote: >> >> Looks like a AF_CAN socket: >> >> r0 = socket(0x1d, 0x2, 0x6) >> getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) >> > > Right, it seems we need a memset(0) in isotp_getname(). Yes m( Sent a patch to fix it: https://lore.kernel.org/linux-can/20210112090457.11262-1-socketcan@hartkopp.net/T/#u Many thanks! Oliver