syzbot


KMSAN: kernel-infoleak in iommufd_vfio_ioctl

Status: fixed on 2023/06/08 14:41
Subsystems: iommu
[Documentation on labels]
Reported-by: syzbot+cb1e0978f6bf46b83a58@syzkaller.appspotmail.com
Fix commit: b3551ead6163 iommufd: Make sure to zero vfio_iommu_type1_info before copying to user
First crash: 440d, last: 422d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] KMSAN: kernel-infoleak in iommufd_vfio_ioctl 0 (2) 2023/02/13 21:14

Sample crash report:
=====================================================
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
 instrument_copy_to_user include/linux/instrumented.h:121 [inline]
 _copy_to_user+0x1c5/0x270 lib/usercopy.c:33
 copy_to_user include/linux/uaccess.h:169 [inline]
 iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:437 [inline]
 iommufd_vfio_ioctl+0x1e57/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
 iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0x2dd/0x4b0 fs/ioctl.c:856
 __x64_sys_ioctl+0xdc/0x120 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Local variable info.i created at:
 iommufd_vfio_iommu_get_info drivers/iommu/iommufd/vfio_compat.c:384 [inline]
 iommufd_vfio_ioctl+0x423/0x2330 drivers/iommu/iommufd/vfio_compat.c:462
 iommufd_fops_ioctl+0x254/0xb10 drivers/iommu/iommufd/main.c:315

Bytes 20-23 of 24 are uninitialized
Memory access of size 24 starts at ffff88810ed3bcb0
Data copied to user address 0000000020000100

CPU: 0 PID: 5039 Comm: syz-executor178 Not tainted 6.2.0-rc8-syzkaller-80994-gda13c00eebfb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
=====================================================

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/02/13 21:13 https://github.com/google/kmsan.git master da13c00eebfb 4d66ad72 .config strace log report syz C ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/26 23:29 https://github.com/google/kmsan.git master 97e36f4aa06f ee50e71c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/26 23:19 https://github.com/google/kmsan.git master 97e36f4aa06f ee50e71c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/24 01:26 https://github.com/google/kmsan.git master 97e36f4aa06f 9e2ebb3c .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/22 09:49 https://github.com/google/kmsan.git master 224e1375d540 42a4d508 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/22 09:49 https://github.com/google/kmsan.git master 224e1375d540 42a4d508 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/13 17:16 https://github.com/google/kmsan.git master da13c00eebfb 4d66ad72 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/13 17:15 https://github.com/google/kmsan.git master da13c00eebfb 4d66ad72 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/13 17:01 https://github.com/google/kmsan.git master da13c00eebfb 4d66ad72 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/13 16:59 https://github.com/google/kmsan.git master da13c00eebfb 4d66ad72 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/11 18:29 https://github.com/google/kmsan.git master 8c89ecf5c13b 93e26d60 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/09 15:48 https://github.com/google/kmsan.git master 8c89ecf5c13b 14a312c8 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/08 18:52 https://github.com/google/kmsan.git master 8c89ecf5c13b fc9c934e .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/08 18:30 https://github.com/google/kmsan.git master 8c89ecf5c13b fc9c934e .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
2023/02/08 07:54 https://github.com/google/kmsan.git master 8c89ecf5c13b 15c3d445 .config console log report info ci-upstream-kmsan-gce KMSAN: kernel-infoleak in iommufd_vfio_ioctl
* Struck through repros no longer work on HEAD.