Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp22180259rwd; Fri, 30 Jun 2023 05:06:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlH2N1qT2eB3PshD+pehv6JFqNUhZNCN/l6Ybct7PKpXzo5eP9UbzkjwmJk5tuUwyycO5+eL X-Received: by 2002:a05:6871:687:b0:187:afcb:87ec with SMTP id l7-20020a056871068700b00187afcb87ecmr2882816oao.4.1688126785258; Fri, 30 Jun 2023 05:06:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688126785; cv=none; d=google.com; s=arc-20160816; b=srVT0ay1ES2VjSFP8WDntBbkLgfseWEzLnWOg4u1STyeDKa8DeSEK8NgZ6PD/Ntps/ 5eKKo9UWnxF8xVNMcyeQcqe48A7T7MIgX2ecoKJVjZLBJjDmSIq6wFHwmPqRPWfQF2Ti 6Zf1Y2qK8ldD6fUbYa35LX3osjaLBNoCH6a8zxv+2N1Cw/kQqIDWNZzqCGU8u8Ir4a3x y09uRCc8qkwmTEJGI/Q04RSPm3VnblbkP2lZOqwcDiERSfUGYc2h3lMEOMH8bHHwWjRb qf8uaV8DqYCSINQRUadnDy9D5trextNEjuo+TEI+Vn2ddaKES/7VYDOPrbzx5eFZgcFI WXsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=eBgYJY6olUPPW77eVRn2ItIzbzGYRMPdsfl0IdriF3A=; fh=ixFOam3Mo/TNk8BvTQlncxuGVa82wQNH3Bd63twaP9k=; b=kR2DnR0i4s2BRKwxVw5LW7lebp4JwkBnh1lTJad2BI8DhCcpVi4wsrgOSjklCpgOVb CHVdwkRXZclDug2h2DbpMUs0z7Mndpm+E7f76o2tmJkCpH3jjnrPlijxRhvkcb3ckyF5 AzqfsXY7L3JcdM7I/BTvtFqCZS/DnR5LDjYru0gCUMHySFYJ1NVU9zs9rVOmshcIZJbR wj0y1yNGeRsdipKwQzouqjr2o3i+8TEdDR466ZZbpUh4JXKnvUgMRTrltuXNr64JfTdp 1Gs4XdeTeQJ+BsmraIQcOafjBtlCt1Dg5qxJFxDyhSxbVw9k7n0JF3p1EjD15ZXWM7TA hlbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GiCd4pLm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 11-20020a17090a004b00b0025bdfe1bc66si14409041pjb.165.2023.06.30.05.06.02; Fri, 30 Jun 2023 05:06:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GiCd4pLm; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232253AbjF3Ltv (ORCPT + 99 others); Fri, 30 Jun 2023 07:49:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232168AbjF3Ltu (ORCPT ); Fri, 30 Jun 2023 07:49:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B7503A87 for ; Fri, 30 Jun 2023 04:49:49 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 017FB61730 for ; Fri, 30 Jun 2023 11:49:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 668C3C43391; Fri, 30 Jun 2023 11:49:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1688125788; bh=VdAfzLBbSkl+/YOzY755sG4yaX5WI2D5q5ibxkkxAKk=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=GiCd4pLmfDbfJDGvKDW5FZF+CySd/jhR7uMQMdEb/ctKBJYw+FxWlDJ7mk6xqlsp2 DQhdmtL2+pDknGFDoU5dEATE1jtEJEOtHNzk2rd6EYmW5FLtivVCGYHAC8U46tgB+7 BxYKul+eBmpxDoaacU8YtakVRHrrIAXM/kw3XJ/a0F5KCRtVrbCXAbBSnbotqlw3XF 3ec8GYmtF0KzeLBz+yLrLws36FXSaDkL7cMsDRMABGdMd/lhwchLIVYrccCzIi8DyX R99ZCOUIXsnvfAYYuek/apbt6M4zpAoAi4P9SrscqKNSEgKJhkh/fQT+mJrE4mm3Rd yj+eMeh9uECqg== Received: by mail-lf1-f47.google.com with SMTP id 2adb3069b0e04-4fb77f21c63so2843826e87.2; Fri, 30 Jun 2023 04:49:48 -0700 (PDT) X-Gm-Message-State: ABy/qLbSv1KwA9LXCGYvziaupiCokS+j2kywcAXCzyODR7rAeu57a0Ri 1sJ/4uhhqEdm62Vg4P6PlXXRfuRkWF8Wx1GfBDs= X-Received: by 2002:a05:6512:3d0f:b0:4f8:5bf7:db05 with SMTP id d15-20020a0565123d0f00b004f85bf7db05mr2278533lfv.27.1688125786347; Fri, 30 Jun 2023 04:49:46 -0700 (PDT) MIME-Version: 1.0 References: <0000000000008a7ae505aef61db1@google.com> <20200911170150.GA889@sol.localdomain> <59e1d5c0-aedb-7b5b-f37f-0c20185d7e9b@I-love.SAKURA.ne.jp> In-Reply-To: From: Ard Biesheuvel Date: Fri, 30 Jun 2023 13:49:34 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] net: tls: enable __GFP_ZERO upon tls_init() To: Alexander Potapenko Cc: Tetsuo Handa , Boris Pismenny , John Fastabend , Jakub Kicinski , herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot , Eric Biggers , Aviad Yehezkel , Daniel Borkmann , netdev@vger.kernel.org, "David S. Miller" , Eric Dumazet , Paolo Abeni Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, 30 Jun 2023 at 13:38, Alexander Potapenko wrote= : > > On Fri, Jun 30, 2023 at 12:18=E2=80=AFPM Ard Biesheuvel = wrote: > > > > On Fri, 30 Jun 2023 at 12:11, Alexander Potapenko w= rote: > > > > > > On Fri, Jun 30, 2023 at 12:02=E2=80=AFPM Ard Biesheuvel wrote: > > > > > > > > On Fri, 30 Jun 2023 at 11:53, Tetsuo Handa > > > > wrote: > > > > > > > > > > On 2023/06/30 18:36, Ard Biesheuvel wrote: > > > > > > Why are you sending this now? > > > > > > > > > > Just because this is currently top crasher and I can reproduce lo= cally. > > > > > > > > > > > Do you have a reproducer for this issue? > > > > > > > > > > Yes. https://syzkaller.appspot.com/text?tag=3DReproC&x=3D12931621= 900000 works. > > > > > > > > > > > > > Could you please share your kernel config and the resulting kernel = log > > > > when running the reproducer? I'll try to reproduce locally as well, > > > > and see if I can figure out what is going on in the crypto layer > > > > > > The config together with the repro is available at > > > https://syzkaller.appspot.com/bug?extid=3D828dfc12440b4f6f305d, see t= he > > > latest row of the "Crashes" table that contains a C repro. > > > > Could you explain why that bug contains ~50 reports that seem entirely > > unrelated? > > These are some unfortunate effects of syzbot trying to deduplicate > bugs. There's a tradeoff between reporting every single crash > separately and grouping together those that have e.g. the same origin. > Applying this algorithm transitively results in bigger clusters > containing unwanted reports. > We'll look closer. > > > AIUI, this actual issue has not been reproduced since > > 2020?? > > Oh, sorry, I misread the table and misinformed you. The topmost row of > the table is indeed the _oldest_ one. > Another manifestation of the bug was on 2023/05/23 > (https://syzkaller.appspot.com/text?tag=3DCrashReport&x=3D146f66b1280000) > That one has nothing to do with networking, so I don't see how this patch would affect it. > > > > > > Config: https://syzkaller.appspot.com/text?tag=3DKernelConfig&x=3Dee5= f7a0b2e48ed66 > > > Report: https://syzkaller.appspot.com/text?tag=3DCrashReport&x=3D1325= 260d900000 > > > Syz repro: https://syzkaller.appspot.com/text?tag=3DReproSyz&x=3D11af= 973e900000 > > > C repro: https://syzkaller.appspot.com/text?tag=3DReproC&x=3D163a1e45= 900000 > > > > > > The bug is reproducible for me locally as well (and Tetsuo's patch > > > makes it disappear, although I have no opinion on its correctness). > > > > What I'd like to do is run a kernel plus initrd locally in OVMF and > > reproduce the issue - can I do that without all the syzkaller > > machinery? > > You can build the kernel from the config linked above, that's what I > did to reproduce it locally. > As for initrd, there are disk images attached to the reports, will that h= elp? > > E.g. > $ wget https://storage.googleapis.com/syzbot-assets/79bb4ff7cc58/disk-f= 93f2fed.raw.xz > $ unxz disk-f93f2fed.raw.xz > $ qemu-system-x86_64 -smp 2,sockets=3D2,cores=3D1 -m 4G -drive > file=3Ddisk-f93f2fed.raw -snapshot -nographic -enable-kvm > > lets me boot syzkaller with the disk/kernel from that report of 2023/05/2= 3. > Adding "-net user,hostfwd=3Dtcp::10022-:22 -net nic,model=3De1000" I am > also able to SSH into the machine (there's no password): > > $ ssh -o "StrictHostKeyChecking no" -p 10022 root@localhost > > Then the repro can be downloaded and executed: > > $ wget "https://syzkaller.appspot.com/text?tag=3DReproC&x=3D163a1e4590000= 0" -O t.c > $ gcc t.c -static -o t > $ scp -o "StrictHostKeyChecking no" -P 10022 t root@localhost: > $ ssh -o "StrictHostKeyChecking no" -p 10022 root@localhost ./t > > Within a couple minutes the kernel crashes with the report: > > [ 151.522472][ T5865] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > [ 151.523843][ T5865] BUG: KMSAN: uninit-value in aes_encrypt+0x15cc/0x1= db0 > [ 151.525120][ T5865] aes_encrypt+0x15cc/0x1db0 > [ 151.526113][ T5865] aesti_encrypt+0x7d/0xf0 > [ 151.527057][ T5865] crypto_cipher_encrypt_one+0x112/0x200 > [ 151.528224][ T5865] crypto_cbcmac_digest_update+0x301/0x4b0 > OK, thanks for the instructions. Out of curiosity - does the stack trace you cut off here include the BPF routine mentioned in the report?