Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp297557pxb;
        Sat, 10 Apr 2021 03:14:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwcCD+aB0l0LhG/INOZiXtVgIKhok3UQ78Q3ywmhRiBDLGBtaPsCy7lUY2ovYhSm9dCpwX8
X-Received: by 2002:a17:906:fca1:: with SMTP id qw1mr650406ejb.478.1618049657726;
        Sat, 10 Apr 2021 03:14:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1618049657; cv=none;
        d=google.com; s=arc-20160816;
        b=jWCfrufoSCOrzV3MFCwM0ggcdnxr8Lp4V/7P5nxZnb9F/L58OL3ioaQjyIORiAMgZG
         OxXBhhty7YvueNPSg4ikOJuritIimYgee4cE2e2ghfvUYAXw5dJ9LtXufe60IRuj8dnm
         pRjHM/ObIh63AvqHoWzC9akChTnzyIg+E/loJgtrwvNA0lkzWZdVT7Dmas6wVh7HJJC7
         3Wm1up9+gvsi9Uw9jvyLiJloXJ6q7dRqJt+XYDj6yd9MMGzJ8fZhUEQ5QGQzSWvlc6xi
         WjhEwliA0HGTvXX34sEsTwFpVxU7eVbv8dzN918ftV/RGFqrbeWinSK8zK9FcA49iG4F
         lO1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=CARFTmdzvVOf8CR8k8TSb1Bj3En1zT2VabMkTx+vpaY=;
        b=kGDNs8grVDRqJyyCG+rl3eC81swvat+xmVGDxs/oedIWUklOt8Kpj23ZTPmlvRJ3p8
         NNg3R4d6uiocYUl4SNfMh/GOJh4H/B3C/QYmWqAlA7iTp8F6ky1xJ6rKXx6wPFpPfNkZ
         RZrq1INBDqFla+CMbJfytNSZfanMi7lIluF4YZw1NPNaAwITA1toL+6xyQ192TCvjsm7
         UyUvgdaC/73KF2NCR4THwrtwtzSqIU6yJry1YAgzE9Nn/c4CRTPInGnQQY+ezlOxNCfn
         J3agHSplkGKMlIFPL8M6lleiqhDHwovHupvgkVuqH01qkPj8Lw+PuV9PlJe9EsrC+aQJ
         fC1w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=TDlQvmZU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i19si4010452edc.451.2021.04.10.03.13.52;
        Sat, 10 Apr 2021 03:14:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=TDlQvmZU;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234091AbhDJKNF (ORCPT <rfc822;linux.s.jambekar@gmail.com>
        + 99 others); Sat, 10 Apr 2021 06:13:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58118 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229943AbhDJKNE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 10 Apr 2021 06:13:04 -0400
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87548C061762
        for <linux-kernel@vger.kernel.org>; Sat, 10 Apr 2021 03:12:50 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id x8so4210945ybx.2
        for <linux-kernel@vger.kernel.org>; Sat, 10 Apr 2021 03:12:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=CARFTmdzvVOf8CR8k8TSb1Bj3En1zT2VabMkTx+vpaY=;
        b=TDlQvmZUjGwNXEEdC49UUFP0nlWgNVZoZCpX1EVJDcg5cOECaKzX9/dCC0OHkrEvx4
         woz3TqfsopHp4fGMFzPzvztvlcy2bUMpofjVo+v8y8/O4msdYmEeFD2y9FNpo5WLTGRD
         2/GFlvWEtZ7gFkD3FIWzvn+bqNgHqtFDhg3iUkJbI9VB95sHFYa/cu7vb2Ku5JjRCJzl
         He2PqTywv/q5pCsd5zdmG9OkjgLD/ZJ85ui3gqLLqJqMbFps/kiGUg4aZLRury5rZwKA
         qWKPTLwlibYDdag1jPj3B5b6dOIRzvg93vZI5D/zpWGCFdWSi2BTEaE9+AXX4gKXHADz
         bA8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=CARFTmdzvVOf8CR8k8TSb1Bj3En1zT2VabMkTx+vpaY=;
        b=JDz+Upd+gAB0eXU7oMPYV6iW8N1YE0vUtG+DCOQFXCi6FYbcq8teuhZ/k2Mn/zMqJh
         s3Q7/eFdXEXamdV7qjtusGkvNmBSFsbeeCc2Z/pgyruaQLo6vIrg2Llrxj5VvzNQZ8AK
         D/Fdk+66LaPkhSmc0VxnzpXs4NWWoM9wCULsIaHWflS9jM1LrdN2nrsTvyQn9VLm+sL8
         ImR9Zm74hP/fTqU7Y1Hw29BwPjPXA+3SCBpkC1tEVl576d05ijFz8XuJ74Oe02E8ibBP
         ijd5QjngyH2Sf4lYIoP9uReTddZW3st3RZU9fs/1Zp8eWj/3wg27/fiHlIK67G1ASq21
         YUBQ==
X-Gm-Message-State: AOAM532ETwzVUjskYcyLXwheOTerIi0LJQFYthlJjnJrerXy3VRiaOs6
        2YPHvhhtcSyn2BTSO8hmDsnatalT3RqM1bmkmFW/6w==
X-Received: by 2002:a25:7e01:: with SMTP id z1mr26393090ybc.253.1618049569299;
 Sat, 10 Apr 2021 03:12:49 -0700 (PDT)
MIME-Version: 1.0
References: <20210410095149.3708143-1-phil@philpotter.co.uk>
In-Reply-To: <20210410095149.3708143-1-phil@philpotter.co.uk>
From:   Eric Dumazet <edumazet@google.com>
Date:   Sat, 10 Apr 2021 12:12:38 +0200
Message-ID: <CANn89iJdoaC9P_Nd=BrXVRyMS43YOg-DX=VciDO89mH_JPVRTg@mail.gmail.com>
Subject: Re: [PATCH] net: core: sk_buff: zero-fill skb->data in __alloc_skb function
To:     Phillip Potter <phil@philpotter.co.uk>
Cc:     davem@davemloft.net, kuba@kernel.org, willemb@google.com,
        linmiaohe@huawei.com, linyunsheng@huawei.com, alobakin@pm.me,
        elver@google.com, gnault@redhat.com, dseok.yi@samsung.com,
        viro@zeniv.linux.org.uk, vladimir.oltean@nxp.com,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Apr 10, 2021 at 11:51 AM Phillip Potter <phil@philpotter.co.uk> wrote:
>
> Zero-fill skb->data in __alloc_skb function of net/core/skbuff.c,
> up to start of struct skb_shared_info bytes. Fixes a KMSAN-found
> uninit-value bug reported by syzbot at:
> https://syzkaller.appspot.com/bug?id=abe95dc3e3e9667fc23b8d81f29ecad95c6f106f
>
> Reported-by: syzbot+2e406a9ac75bb71d4b7a@syzkaller.appspotmail.com
> Signed-off-by: Phillip Potter <phil@philpotter.co.uk>
> ---
>  net/core/skbuff.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 785daff48030..9ac26cdb5417 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -215,6 +215,7 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
>          * to allow max possible filling before reallocation.
>          */
>         size = SKB_WITH_OVERHEAD(ksize(data));
> +       memset(data, 0, size);
>         prefetchw(data + size);


Certainly not.

There is a difference between kmalloc() and kzalloc()

Here you are basically silencing KMSAN and make it useless.

Please fix the real issue, or stop using KMSAN if it bothers you.