Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp22027688rwd; Fri, 30 Jun 2023 02:58:55 -0700 (PDT) X-Google-Smtp-Source: APBJJlGRJjG2R2j+Nx2WFSUl/EaewPfROPLMWqYbkWcWO2eIn+9MQh/4rSUdAqNLwy/Jms6JNGLz X-Received: by 2002:a17:903:3051:b0:1b8:1591:9f81 with SMTP id u17-20020a170903305100b001b815919f81mr1672542pla.4.1688119135177; Fri, 30 Jun 2023 02:58:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688119135; cv=none; d=google.com; s=arc-20160816; b=vwl12lediSduJWohzxLinykvX/+XbM9R6U8VHG/T1BJjw3rDm4EBFvkWNHs6tyUsMJ GYhGm0AnRnEeyWlZl9KqvjQ5Ue2QOpVC2Yk/lj2zid3gtTGqeVFJfGlNwc3BVD6VDfDl FiX3iAeAwNr1XOgRNV8qg336dHi/+ObSdcupbVJIPT5yr5o4phVnIskfqVmbqdAmgrS+ zr/HV3UQYgRUYrufdtnzq8Bodvf5rzAxVdBpDlwLZS5xTXEwB52J6OiB1oZU1PKzyAfC ayr+k2XaCv8YI8bn2sV5Gym1h82E4Pc0e6NBf6lbfKLamCcUtZIATf1eCBwWE4UxZBcU vLFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=vTitJw/gATiNTlYiaX4GP/amvh+/3LJYf/kRWqqslD8=; fh=a8h+jWnYcB1NM0+emBorssu6fhzjBzUth616NMKnnpU=; b=tkrAURVG21X4h1tkFAGDMKL1TNUbi1nMuJVQBMVdlGiIcQSgVNGBbrOuHj6auLAi7/ nfupK9jedqNKjyp53rpdb5sCDcpKK88LfUkY0W/CLQvdAh6ZyraQUEOkoHi+X0pGbLTH Kuiy7zVNPom9XD5PaAHpKnb/Ggs9CEpnowF+0Af2PUx5F7pdbHjmk6vEVqsvUQj5Vymg JZ2OEPvZ8WssDwxWxId3j9myDl20nzo1vhIk4Ai1ScIr/h7GUMDgBoUtUTzBJj0uKzMR Onl/HKq40smi+4m0AwY8FBRteTPYQXQaauKib365G8zE/9ts6yfHeKfWMIXbALd6MdqC NAdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dQspoZx1; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s10-20020a170903200a00b001b8433a4bb1si3676946pla.421.2023.06.30.02.58.35; Fri, 30 Jun 2023 02:58:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dQspoZx1; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232658AbjF3Jhm (ORCPT + 99 others); Fri, 30 Jun 2023 05:37:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232822AbjF3Jhi (ORCPT ); Fri, 30 Jun 2023 05:37:38 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05FCB3C0C for ; Fri, 30 Jun 2023 02:37:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7C37A61711 for ; Fri, 30 Jun 2023 09:37:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1E58C433AB; Fri, 30 Jun 2023 09:37:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1688117825; bh=NvISiXV+qNhfVjOdFA0oj/36t4SVSoQAe2nCdjSVIMg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=dQspoZx13mxkWw3Lj4TBmT6UEUkj+SCv8Lmn23Y2WXcTo7qawU2gZLhMYxLeHyL/F OULv8gwNTiagnBLymK7EMKrKDZEopP41CuIpG2r68c6URM9GKbUnmfoeYf9NVlIYql gkOY6yJVKPA76AieVNAkBmz1Amfq0ge30ZdcZd2f3RnnEbwkjFI2C8jMhRObfOoZUa NFzIL96E8xyd0NjgyyCTFityDy+M41QpYRrqmGucuEMS9L2RCRspPw3aeoYSZ7AGIW 7iEGmNvLx8bYw+cDslC1evuby/g5lBAdBt+flwtgeK6/3/N5Z5n/E1E98g5HPMPF+q 9ZVrVQ0PZxTrQ== Received: by mail-lf1-f50.google.com with SMTP id 2adb3069b0e04-4fb7dc16ff0so2626843e87.2; Fri, 30 Jun 2023 02:37:05 -0700 (PDT) X-Gm-Message-State: ABy/qLaDAhv7g968syhRI69IwNTTUFmIKGKtBhcICZ4QQ4QO1Oy8lz9F TwAVHSL6S2U5PdJzwq/N8Ggv6boW/pvNtYgapZk= X-Received: by 2002:a05:6512:55c:b0:4fb:8603:f6aa with SMTP id h28-20020a056512055c00b004fb8603f6aamr1466400lfl.11.1688117823714; Fri, 30 Jun 2023 02:37:03 -0700 (PDT) MIME-Version: 1.0 References: <0000000000008a7ae505aef61db1@google.com> <20200911170150.GA889@sol.localdomain> In-Reply-To: From: Ard Biesheuvel Date: Fri, 30 Jun 2023 11:36:51 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] net: tls: enable __GFP_ZERO upon tls_init() To: Tetsuo Handa Cc: Boris Pismenny , John Fastabend , Jakub Kicinski , glider@google.com, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot , Eric Biggers , Aviad Yehezkel , Daniel Borkmann , netdev@vger.kernel.org, "David S. Miller" , Eric Dumazet , Paolo Abeni Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 28 Jun 2023 at 15:49, Tetsuo Handa wrote: > > syzbot is reporting uninit-value at aes_encrypt(), for block cipher assumes > that bytes to encrypt/decrypt is multiple of block size for that cipher but > tls_alloc_encrypted_msg() is not initializing padding bytes when > required_size is not multiple of block cipher's block size. > > In order to make sure that padding bytes are automatically initialized, > enable __GFP_ZERO flag when setsockopt(SOL_TCP, TCP_ULP, "tls") is called. > > Reported-by: syzbot > Closes: https://syzkaller.appspot.com/bug?extid=828dfc12440b4f6f305d Maybe I am missing something, but this syzkaller report appears to b a huge collection of uninit-value reports, of which only one is related to bpx_tx_verdict(), and that one has nor reproducer. So even if this would be the right fix, I don't think closing that issue makes sense, so? The issue refers to a couple of other occcurences of uninit-value in aesti_encrypt, which do seem related. > Signed-off-by: Tetsuo Handa > --- > According to C reproducer, this problem happens when bpf_exec_tx_verdict() is > called with lower 4 bits of required_size being 0001 and does not happen when > being 0100. Thus, I assumed that this problem is caused by lack of initializing > padding bytes. > But I couldn't figure out why KMSAN reports this problem when bpf_exec_tx_verdict() > is called with lower 4 bits of required_size being 0001 for the second time and > does not report this problem when bpf_exec_tx_verdict() is called with lower > 4 bits of required_size being 0001 for the first time. More deeper problem exists? > KMSAN reporting this problem when accessing u64 relevant? > As Eric pointed out as well, zeroing the allocation papers over the problem. Why are you sending this now? Do you have a reproducer for this issue? > net/tls/tls_main.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c > index f2e7302a4d96..cd5366966864 100644 > --- a/net/tls/tls_main.c > +++ b/net/tls/tls_main.c > @@ -1025,6 +1025,7 @@ static int tls_init(struct sock *sk) > struct tls_context *ctx; > int rc = 0; > > + sk->sk_allocation |= __GFP_ZERO; > tls_build_proto(sk); > > #ifdef CONFIG_TLS_TOE > -- > 2.34.1 >