On Thu, 24 Oct 2019 10:23:53 -0700, Eric Biggers wrote:
> [+TLS maintainers]
>
> This is a net/tls bug, and probably a duplicate of:
>
> KMSAN: uninit-value in gf128mul_4k_lle (3)
> https://lkml.kernel.org/linux-crypto/[email protected]/T/#u
>
> KMSAN: uninit-value in aesti_encrypt
> https://lkml.kernel.org/linux-crypto/[email protected]/T/#u
>
> See analysis from Alexander Potapenko here which shows that uninitialized memory
> is being passed from TLS subsystem into crypto subsystem:
>
> https://lkml.kernel.org/linux-crypto/CAG_fn=UGCoDk04tL2vB981JmXgo6+-RUPmrTa3dSsK5UbZaTjA@mail.gmail.com/
>
> That was a year ago, with C reproducer, and I've sent several reminders for this
> already. What's the ETA on a fix? Or is TLS subsystem de facto unmaintained?
Oh, thanks for the CC, I don't see any of these in my inbox. We have
6 TLS maintainers, the 3 that were CCed on the thread above don't
participate much :(
If nobody beats me to it I'll def take a look on Monday (PTOing this
week).
> On Thu, Oct 24, 2019 at 10:02:08AM -0700, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit: 3c8ca708 test_kmsan.c: fix SPDX comment
> > git tree: https://github.com/google/kmsan.git master
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14129497600000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=c07a3d4f8a59e198
> > dashboard link: https://syzkaller.appspot.com/bug?extid=9e3b178624a8a2f8fa28
> > compiler: clang version 9.0.0 (/home/glider/llvm/clang
> > 80fee25776c2fb61e74c1ecb1a523375c2500b69)
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11331128e00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140b47ef600000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: [email protected]
> >
> > IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
> > 8021q: adding VLAN 0 to HW filter on device batadv0
> > =====================================================
> > BUG: KMSAN: uninit-value in subshift lib/crypto/aes.c:149 [inline]
> > BUG: KMSAN: uninit-value in aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282
> > CPU: 0 PID: 12200 Comm: syz-executor134 Not tainted 5.4.0-rc3+ #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > Call Trace:
> > __dump_stack lib/dump_stack.c:77 [inline]
> > dump_stack+0x191/0x1f0 lib/dump_stack.c:113
> > kmsan_report+0x14a/0x2f0 mm/kmsan/kmsan_report.c:110
> > __msan_warning+0x73/0xf0 mm/kmsan/kmsan_instr.c:245
> > subshift lib/crypto/aes.c:149 [inline]
> > aes_encrypt+0x12d5/0x1bd0 lib/crypto/aes.c:282
> > aesti_encrypt+0xe8/0x130 crypto/aes_ti.c:31
> > crypto_cipher_encrypt_one include/linux/crypto.h:1763 [inline]
> > crypto_cbcmac_digest_update+0x3cf/0x550 crypto/ccm.c:871
> > crypto_shash_update crypto/shash.c:107 [inline]
> > shash_ahash_finup+0x659/0xb20 crypto/shash.c:276
> > shash_async_finup+0xbb/0x110 crypto/shash.c:291
> > crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368
> > crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393
> > crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230
> > crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309
> > crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99
> > tls_do_encryption net/tls/tls_sw.c:521 [inline]
> > tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730
> > bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770
> > tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033
> > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576
> > sock_sendmsg_nosec net/socket.c:637 [inline]
> > sock_sendmsg net/socket.c:657 [inline]
> > __sys_sendto+0x8fc/0xc70 net/socket.c:1952
> > __do_sys_sendto net/socket.c:1964 [inline]
> > __se_sys_sendto+0x107/0x130 net/socket.c:1960
> > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960
> > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
> > entry_SYSCALL_64_after_hwframe+0x63/0xe7
> > RIP: 0033:0x441cf9
> > Code: 43 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7
> > 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff
> > 0f 83 0b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
> > RSP: 002b:00000000007eff08 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
> > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441cf9
> > RDX: fffffffffffffee0 RSI: 00000000200005c0 RDI: 0000000000000003
> > RBP: 00000000007eff30 R08: 0000000000000000 R09: 00000000000000b6
> > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403490
> > R13: 0000000000403520 R14: 0000000000000000 R15: 0000000000000000
> >
> > Uninit was stored to memory at:
> > kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline]
> > kmsan_internal_chain_origin+0xbd/0x170 mm/kmsan/kmsan.c:319
> > __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:179
> > __crypto_xor+0x1e8/0x1470 crypto/algapi.c:992
> > crypto_xor include/crypto/algapi.h:213 [inline]
> > crypto_cbcmac_digest_update+0x2ba/0x550 crypto/ccm.c:865
> > crypto_shash_update crypto/shash.c:107 [inline]
> > shash_ahash_finup+0x659/0xb20 crypto/shash.c:276
> > shash_async_finup+0xbb/0x110 crypto/shash.c:291
> > crypto_ahash_op+0x1cd/0x6e0 crypto/ahash.c:368
> > crypto_ahash_finup+0x8c/0xb0 crypto/ahash.c:393
> > crypto_ccm_auth+0x14b2/0x1570 crypto/ccm.c:230
> > crypto_ccm_encrypt+0x283/0x840 crypto/ccm.c:309
> > crypto_aead_encrypt+0xf2/0x180 crypto/aead.c:99
> > tls_do_encryption net/tls/tls_sw.c:521 [inline]
> > tls_push_record+0x341e/0x4e50 net/tls/tls_sw.c:730
> > bpf_exec_tx_verdict+0x1454/0x1c80 net/tls/tls_sw.c:770
> > tls_sw_sendmsg+0x158d/0x2710 net/tls/tls_sw.c:1033
> > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576
> > sock_sendmsg_nosec net/socket.c:637 [inline]
> > sock_sendmsg net/socket.c:657 [inline]
> > __sys_sendto+0x8fc/0xc70 net/socket.c:1952
> > __do_sys_sendto net/socket.c:1964 [inline]
> > __se_sys_sendto+0x107/0x130 net/socket.c:1960
> > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960
> > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
> > entry_SYSCALL_64_after_hwframe+0x63/0xe7
> >
> > Uninit was created at:
> > kmsan_save_stack_with_flags+0x3f/0x90 mm/kmsan/kmsan.c:151
> > kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:362 [inline]
> > kmsan_alloc_page+0x153/0x370 mm/kmsan/kmsan_shadow.c:391
> > __alloc_pages_nodemask+0x149d/0x60c0 mm/page_alloc.c:4794
> > alloc_pages_current+0x68d/0x9a0 mm/mempolicy.c:2188
> > alloc_pages include/linux/gfp.h:511 [inline]
> > skb_page_frag_refill+0x2b0/0x580 net/core/sock.c:2372
> > sk_page_frag_refill+0xa4/0x330 net/core/sock.c:2392
> > sk_msg_alloc+0x203/0x1050 net/core/skmsg.c:37
> > tls_alloc_encrypted_msg net/tls/tls_sw.c:284 [inline]
> > tls_sw_sendmsg+0xb56/0x2710 net/tls/tls_sw.c:953
> > inet6_sendmsg+0x2d8/0x2e0 net/ipv6/af_inet6.c:576
> > sock_sendmsg_nosec net/socket.c:637 [inline]
> > sock_sendmsg net/socket.c:657 [inline]
> > __sys_sendto+0x8fc/0xc70 net/socket.c:1952
> > __do_sys_sendto net/socket.c:1964 [inline]
> > __se_sys_sendto+0x107/0x130 net/socket.c:1960
> > __x64_sys_sendto+0x6e/0x90 net/socket.c:1960
> > do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291
> > entry_SYSCALL_64_after_hwframe+0x63/0xe7
> > =====================================================
> >
> >
> > ---
> > This bug is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at [email protected].
> >
> > syzbot will keep track of this bug report. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > syzbot can test patches for this bug, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
> >
> > --
> > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
> > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000065ef5f0595aafe71%40google.com.
On Thu, Oct 24, 2019 at 10:45:37AM -0700, Jakub Kicinski wrote:
>
> Oh, thanks for the CC, I don't see any of these in my inbox. We have
> 6 TLS maintainers, the 3 that were CCed on the thread above don't
> participate much :(
Can you please ensure that all the maintainers are listed in the
MAINTAINERS file so people can cc them when needed?
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Fri, 25 Oct 2019 22:29:25 +0800, Herbert Xu wrote:
> On Thu, Oct 24, 2019 at 10:45:37AM -0700, Jakub Kicinski wrote:
> >
> > Oh, thanks for the CC, I don't see any of these in my inbox. We have
> > 6 TLS maintainers, the 3 that were CCed on the thread above don't
> > participate much :(
>
> Can you please ensure that all the maintainers are listed in the
> MAINTAINERS file so people can cc them when needed?
Yes, to be clear we are all listed. Coincidentally we're listed in
order of addition, which turns out to be reverse to the amount of
caring.. And in the threads above it seems someone decided to only
CC first few (i.e. the oldest, i.e. the least caring).
I'll send a patch to remove Dave Watson at least. He's FB email address
is dead, I've been trying to get in touch with him for 2 months with no
luck..