Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp22180260rwd; Fri, 30 Jun 2023 05:06:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlEqQzPD6OsM+QwxjOFNsDpFdi4nDtayfQ2ZU1sTdpErrHa3o99DPqgdL9v1nHWneE3xs3IO X-Received: by 2002:a05:6a00:1d9b:b0:681:ed30:32e5 with SMTP id z27-20020a056a001d9b00b00681ed3032e5mr2916476pfw.0.1688126785084; Fri, 30 Jun 2023 05:06:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688126785; cv=none; d=google.com; s=arc-20160816; b=rROlGQslwSaOBS7F37e9DQt8SfikNmv72D2wrYnMHLKs40YtgXXSJDHWk5pcnONJAb /gzgOHztLXNBgpd/ISyz40mjXhm8hv9LGGbVkYau6SvwO2CLmUnC1VrWE6R3vNSZC/fH udshTrtSfwiS+1idJ3gp4U2+QkTFS240SF7q5tBK15PL9YXMO6hB7Y1hVb/a28QEIzvd uWGE5jbiZX/q69rhTE2V1kPwqRa1pwy/SGyEP+QujU/SsFwNjdJtD4Ys29tafScAv3aP J8hazu8g7AZpWdjyodOClD+DjeX9RO51+jVLesT5p7an1gYu6NafKiPLi6dzzGw+2Uzl NTXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=tgpzQ5xWMVxLbExeM6SQbFWEzkacJCn5gH2LJPXZCaU=; fh=dF3P508AnYRvF20u4q0RnGadnFdVtbP0z+yK9e1wmP0=; b=qNPQPnGQYxeebnHuyvXVWgZWQrBLiWixfQZ5pUfXLaJKZ3bRBdjNlWsQQJVDGX3Zwt XrvSf+brIrECQMHuPdt/MACP15+xT4jLjFDd+5PaLLqbMZL1+AeVnSgtCaoJSz0xV+q8 XrUuGuPl8OMrq4W8D8P9sunL8h3UweVvVsHSJ23Gy1UYFYZOODyhaGrEtvO/MFhFHjy9 6IEny/Z7czXHyPPegFjmOG1qqo+sVSvqyRwxzlUWrARlMWNhfgK66FGmNML0/NHmk45N nVK4BMwmglb62z0NtAKG110v0sdnBbBHRzeBwZwmIL05Ha8/wcWrmdPreE/BkorUw0Jl yWxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=1DL8et9f; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cn15-20020a056a00340f00b0067bc790ce11si7244971pfb.161.2023.06.30.05.06.05; Fri, 30 Jun 2023 05:06:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=1DL8et9f; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232882AbjF3Lzt (ORCPT + 99 others); Fri, 30 Jun 2023 07:55:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232885AbjF3Lzn (ORCPT ); Fri, 30 Jun 2023 07:55:43 -0400 Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC2F73C06 for ; Fri, 30 Jun 2023 04:55:37 -0700 (PDT) Received: by mail-il1-x12d.google.com with SMTP id e9e14a558f8ab-345b548a055so7544245ab.2 for ; Fri, 30 Jun 2023 04:55:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688126137; x=1690718137; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=tgpzQ5xWMVxLbExeM6SQbFWEzkacJCn5gH2LJPXZCaU=; b=1DL8et9fvGtl6tF9tF6t/kwLQf2SIgv8EcIl6hqN/zs+zp/PZSPWYv1AkSLD9T7FVF if7FXswuGrsgS/P/NqC0cpYDgBSCnLwd62UueBBGSdZ+/5BwbpxZzOwKn7NY2+wkeqKi OTqvs3zc3zbcvtDgbmzUMlYz2qaF3l1I8cTcAjHIoCn4lAH9vThd1vdKgptunKdg71A9 2W3c1afa4oI0dvkaHwdK3ZpvXJcCm7wxkkWICbOx5/40EQpVJTbgw+BR3y1J3dK1JAim j0qaXJy8v7V4v8MPVw8n2b/AjaUmsTHAzcGhaa4CTlD9GkoeHgXrFSbgb+NWCjDbFz/w jQ4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688126137; x=1690718137; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tgpzQ5xWMVxLbExeM6SQbFWEzkacJCn5gH2LJPXZCaU=; b=XnxKSYFXfOGO68ALXEm4lziDnLYwA6qIVC5L3/Ue5ApCkGe4jKzXonNy7quZArtlrd 10pImsoBI/ZepFoJWCaPs3JQyC+bBVMyIvgDnptl0WcDGxe9bm8R+d2lLOHlxPfvJkSe zHUnQkCTv7qzx0qZu5cJrkkhZELV9n/5JntB9sGUweNf/lnP9zw1zr7Bpy85wAIF0RwL 8Ue6D+ixgTFxN0YvvpzPjDNcmrc4YS+FqSpnRoN3kfvROgnVNU1qYGVy4ynL7ynN3kSA Hw9Y9CWAYMwbsG+Qb1ARed67n1DRP36d/R7TOBiVV6O/EhlX333bzRN88lkB27jAQ7RX zreg== X-Gm-Message-State: AC+VfDynG86plrClBpu7AutsdWE0UwdjhRf0jok7v4PKk3L0ufq6N5Kv CkZMEqyPT2gp74thIED/vPMOR5Zz+R25Vt0r4pRS0g== X-Received: by 2002:a6b:7e03:0:b0:786:267e:bd4 with SMTP id i3-20020a6b7e03000000b00786267e0bd4mr2613878iom.10.1688126136898; Fri, 30 Jun 2023 04:55:36 -0700 (PDT) MIME-Version: 1.0 References: <0000000000008a7ae505aef61db1@google.com> <20200911170150.GA889@sol.localdomain> <59e1d5c0-aedb-7b5b-f37f-0c20185d7e9b@I-love.SAKURA.ne.jp> In-Reply-To: From: Alexander Potapenko Date: Fri, 30 Jun 2023 13:55:00 +0200 Message-ID: Subject: Re: [PATCH] net: tls: enable __GFP_ZERO upon tls_init() To: Ard Biesheuvel Cc: Tetsuo Handa , Boris Pismenny , John Fastabend , Jakub Kicinski , herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot , Eric Biggers , Aviad Yehezkel , Daniel Borkmann , netdev@vger.kernel.org, "David S. Miller" , Eric Dumazet , Paolo Abeni Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Jun 30, 2023 at 1:49=E2=80=AFPM Ard Biesheuvel wr= ote: > > On Fri, 30 Jun 2023 at 13:38, Alexander Potapenko wro= te: > > > > On Fri, Jun 30, 2023 at 12:18=E2=80=AFPM Ard Biesheuvel wrote: > > > > > > On Fri, 30 Jun 2023 at 12:11, Alexander Potapenko = wrote: > > > > > > > > On Fri, Jun 30, 2023 at 12:02=E2=80=AFPM Ard Biesheuvel wrote: > > > > > > > > > > On Fri, 30 Jun 2023 at 11:53, Tetsuo Handa > > > > > wrote: > > > > > > > > > > > > On 2023/06/30 18:36, Ard Biesheuvel wrote: > > > > > > > Why are you sending this now? > > > > > > > > > > > > Just because this is currently top crasher and I can reproduce = locally. > > > > > > > > > > > > > Do you have a reproducer for this issue? > > > > > > > > > > > > Yes. https://syzkaller.appspot.com/text?tag=3DReproC&x=3D129316= 21900000 works. > > > > > > > > > > > > > > > > Could you please share your kernel config and the resulting kerne= l log > > > > > when running the reproducer? I'll try to reproduce locally as wel= l, > > > > > and see if I can figure out what is going on in the crypto layer > > > > > > > > The config together with the repro is available at > > > > https://syzkaller.appspot.com/bug?extid=3D828dfc12440b4f6f305d, see= the > > > > latest row of the "Crashes" table that contains a C repro. > > > > > > Could you explain why that bug contains ~50 reports that seem entirel= y > > > unrelated? > > > > These are some unfortunate effects of syzbot trying to deduplicate > > bugs. There's a tradeoff between reporting every single crash > > separately and grouping together those that have e.g. the same origin. > > Applying this algorithm transitively results in bigger clusters > > containing unwanted reports. > > We'll look closer. > > > > > AIUI, this actual issue has not been reproduced since > > > 2020?? > > > > Oh, sorry, I misread the table and misinformed you. The topmost row of > > the table is indeed the _oldest_ one. > > Another manifestation of the bug was on 2023/05/23 > > (https://syzkaller.appspot.com/text?tag=3DCrashReport&x=3D146f66b128000= 0) > > > > That one has nothing to do with networking, so I don't see how this > patch would affect it. I definitely have to be more attentive. You are right that this bug report is also unrelated. Yet it is still fine to use the build artifacts corresponding to it (which is what I did). I'll investigate why so many reports got clustered into this one. > OK, thanks for the instructions. > > Out of curiosity - does the stack trace you cut off here include the > BPF routine mentioned in the report? It does: [ 151.522472][ T5865] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 151.523843][ T5865] BUG: KMSAN: uninit-value in aes_encrypt+0x15cc/0x1db= 0 [ 151.525120][ T5865] aes_encrypt+0x15cc/0x1db0 [ 151.526113][ T5865] aesti_encrypt+0x7d/0xf0 [ 151.527057][ T5865] crypto_cipher_encrypt_one+0x112/0x200 [ 151.528224][ T5865] crypto_cbcmac_digest_update+0x301/0x4b0 [ 151.529459][ T5865] shash_ahash_finup+0x66e/0xc00 [ 151.530541][ T5865] shash_async_finup+0x7f/0xc0 [ 151.531542][ T5865] crypto_ahash_finup+0x1b8/0x3e0 [ 151.532583][ T5865] crypto_ccm_auth+0x1269/0x1350 [ 151.533606][ T5865] crypto_ccm_encrypt+0x1c9/0x7a0 [ 151.534650][ T5865] crypto_aead_encrypt+0xe0/0x150 [ 151.535695][ T5865] tls_push_record+0x3bf3/0x4ec0 [ 151.539491][ T5865] bpf_exec_tx_verdict+0x46e/0x21d0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [ 151.540597][ T5865] tls_sw_do_sendpage+0x1150/0x1ad0 [ 151.541594][ T5865] tls_sw_sendpage+0x15b/0x1b0 [ 151.542500][ T5865] inet_sendpage+0x138/0x210 [ 151.543365][ T5865] kernel_sendpage+0x34c/0x6d0 [ 151.544269][ T5865] sock_sendpage+0xb0/0x160 [ 151.545117][ T5865] pipe_to_sendpage+0x304/0x3f0 [ 151.546051][ T5865] __splice_from_pipe+0x438/0xc20 [ 151.547013][ T5865] generic_splice_sendpage+0x100/0x160 [ 151.548068][ T5865] do_splice+0x213b/0x2d10 [ 151.548933][ T5865] __se_sys_splice+0x5ad/0x8f0 [ 151.549851][ T5865] __x64_sys_splice+0x11b/0x1a0 [ 151.550790][ T5865] do_syscall_64+0x41/0xc0 [ 151.551646][ T5865] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.552773][ T5865] [ 151.553220][ T5865] Uninit was stored to memory at: [ 151.554212][ T5865] __crypto_xor+0x171/0x1310 [ 151.555062][ T5865] crypto_cbcmac_digest_update+0x208/0x4b0 [ 151.556132][ T5865] shash_ahash_finup+0x66e/0xc00 [ 151.557084][ T5865] shash_async_finup+0x7f/0xc0 [ 151.557989][ T5865] crypto_ahash_finup+0x1b8/0x3e0 [ 151.558941][ T5865] crypto_ccm_auth+0x1269/0x1350 [ 151.559874][ T5865] crypto_ccm_encrypt+0x1c9/0x7a0 [ 151.560812][ T5865] crypto_aead_encrypt+0xe0/0x150 [ 151.561749][ T5865] tls_push_record+0x3bf3/0x4ec0 [ 151.562835][ T5865] bpf_exec_tx_verdict+0x46e/0x21d0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [ 151.563967][ T5865] tls_sw_do_sendpage+0x1150/0x1ad0 [ 151.565075][ T5865] tls_sw_sendpage+0x15b/0x1b0 [ 151.566107][ T5865] inet_sendpage+0x138/0x210 [ 151.567078][ T5865] kernel_sendpage+0x34c/0x6d0 [ 151.568087][ T5865] sock_sendpage+0xb0/0x160 [ 151.568960][ T5865] pipe_to_sendpage+0x304/0x3f0 [ 151.569909][ T5865] __splice_from_pipe+0x438/0xc20 [ 151.570886][ T5865] generic_splice_sendpage+0x100/0x160 [ 151.571946][ T5865] do_splice+0x213b/0x2d10 [ 151.572810][ T5865] __se_sys_splice+0x5ad/0x8f0 [ 151.573732][ T5865] __x64_sys_splice+0x11b/0x1a0 [ 151.574664][ T5865] do_syscall_64+0x41/0xc0 [ 151.575513][ T5865] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.576640][ T5865] [ 151.577084][ T5865] Uninit was created at: [ 151.577949][ T5865] __alloc_pages+0x9a4/0xe00 [ 151.578849][ T5865] alloc_pages+0xd01/0x1040 [ 151.579729][ T5865] skb_page_frag_refill+0x2bf/0x7c0 [ 151.580752][ T5865] sk_page_frag_refill+0x59/0x130 [ 151.581720][ T5865] sk_msg_alloc+0x198/0x10d0 [ 151.582611][ T5865] tls_sw_do_sendpage+0x98a/0x1ad0 [ 151.583599][ T5865] tls_sw_sendpage+0x15b/0x1b0 [ 151.584535][ T5865] inet_sendpage+0x138/0x210 [ 151.585404][ T5865] kernel_sendpage+0x34c/0x6d0 [ 151.586275][ T5865] sock_sendpage+0xb0/0x160 [ 151.587099][ T5865] pipe_to_sendpage+0x304/0x3f0 [ 151.588023][ T5865] __splice_from_pipe+0x438/0xc20 [ 151.588981][ T5865] generic_splice_sendpage+0x100/0x160 [ 151.590032][ T5865] do_splice+0x213b/0x2d10 [ 151.590910][ T5865] __se_sys_splice+0x5ad/0x8f0 [ 151.591840][ T5865] __x64_sys_splice+0x11b/0x1a0 [ 151.592780][ T5865] do_syscall_64+0x41/0xc0 [ 151.593748][ T5865] entry_SYSCALL_64_after_hwframe+0x63/0xcd --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg