From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E64CC4345F for ; Mon, 15 Apr 2024 21:06:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A7D8A6B0095; Mon, 15 Apr 2024 17:06:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A2E666B0096; Mon, 15 Apr 2024 17:06:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F4D16B0098; Mon, 15 Apr 2024 17:06:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 718316B0095 for ; Mon, 15 Apr 2024 17:06:54 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 3864F1C0830 for ; Mon, 15 Apr 2024 21:06:54 +0000 (UTC) X-FDA: 82013000748.28.5837BDF Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by imf27.hostedemail.com (Postfix) with ESMTP id 6382E4000F for ; Mon, 15 Apr 2024 21:06:52 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=VZMfl0Ys; spf=pass (imf27.hostedemail.com: domain of alexei.starovoitov@gmail.com designates 209.85.221.43 as permitted sender) smtp.mailfrom=alexei.starovoitov@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1713215212; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=C9IZ4DBe3s3FrC7gIAF957ztxkp3Q6VPnQHGXouJLYE=; b=OnHeAFAYQcGbCcLQz2ONs6xRg6N5TVPE7NECSrytjke1fw8N+j7zShOCcz//1/XJFj9mc+ oKDXlFxdH9gBMOqgStLHwAxHR9O3kfthc5sYOaVjIgQPyCElLHt3QreH4XUWHqZ2cTbz2Q Vtmv3a4mZ5ItOwcocYv1myyXAYcI98A= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=VZMfl0Ys; spf=pass (imf27.hostedemail.com: domain of alexei.starovoitov@gmail.com designates 209.85.221.43 as permitted sender) smtp.mailfrom=alexei.starovoitov@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1713215212; a=rsa-sha256; cv=none; b=gQsx6xEY+uySIe5SGYxbyVvFKlK6QECGMeMM9FwJp1xPUl+OE1ZMFhzQG5hLxnYFVsZXlc HbggU8XreZd38cJeUBDvE6CMqJEb9stHupT8Mlg9RJHsanmAvhcb+YrH6dn1X7Fvmx/9vv MEec7N48VF/4pFD/5cbwNSaNd/BiFKo= Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-343f62d8124so3087063f8f.2 for ; Mon, 15 Apr 2024 14:06:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713215211; x=1713820011; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C9IZ4DBe3s3FrC7gIAF957ztxkp3Q6VPnQHGXouJLYE=; b=VZMfl0Ysws+3keP5EtK6ptMBEm0SKQ02rZLdSDnqgR57r5seVmRJW9afCtyqC2YSng a6zZ/Y0GfBMO13IxtH9y70y5KeC/EpIWXvGbraohiDv6rLpr3XiMj9Oi7wKdvX97ov+L i8Mde62nzPbVkgnxAwTToKp1H0PB79e0v3D3c6eMKuScwAfvBZcB9zF9SIIq6LLeN5ka y5qm1hBhvXvRp67oWfCK5l0JAj9gBHfS76v+L5Y0MIJPyhUM1Gc3kZfw2fhRxxGthw9j ZqfVvtIyiWy9a2x/cJyAWRIyz+Hw4yQ8JogceOkFhjKZOhsh/GxpcR+0Crw2FO3Uf+HU ETjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713215211; x=1713820011; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C9IZ4DBe3s3FrC7gIAF957ztxkp3Q6VPnQHGXouJLYE=; b=IIFEiKH4gjn1Nl+yvjc3I+RTcNWsbD6u4MPVEDK+gHU/f1JT35lrsJjEd4Dk34rkRi ar2zU3sdyEVrA/NJVG4cfSwwiWQ0hLaDxPk5KVsSMPNevAdUEOX3POGOaKfzJy3eB6oW mn/DBY6uhS69D2743aV///KItNvm6AIY/aKG1+RlgKLXppZ3923ABo53rtMRcBoFsh3L 9p/f8f4vEYAge++f1Ab2d/dUQdoAccXq+Paq2MCm1Ca+WBjJLYAyaZTfVrlhYmB6GoMc mvl8eIuiJefkPF0ECwuc3nYXET4k3dmDlRVG3+R9Neb25mxroNxHzF/5FbxjkSnvw8WB Dtag== X-Forwarded-Encrypted: i=1; AJvYcCXqIDI6RGiweY05XxsbHiVXO+HbvP1ItcJq7QHxx7jG8X+4mpchKL5Bi0C4iqT58UM9aJVSqd5cBqbIsK1hegsvvvk= X-Gm-Message-State: AOJu0YxbRzXAUpslWpIWwYjKlUMox4VlqQb4P+ptMoaUyF5bAk8APSJQ AHbqO2P8nZDR767//wBC+mklF3grfHh6nG23oo5qDBCaQIvDYvjNC40qBvRq21aJURg3DsqVff8 nGjDcvesfiyOH6tEjL28W5zF4xYw= X-Google-Smtp-Source: AGHT+IHUFlV/MuZmtkAlf5WIGJLAv2yyqjRS46ZRi2z6Zgl482QnOD4zbX0h5Xj9t0kNTCqjHgk0jiV4w4l/9whWo10= X-Received: by 2002:adf:f2c4:0:b0:347:f7fe:135d with SMTP id d4-20020adff2c4000000b00347f7fe135dmr1960783wrp.18.1713215210479; Mon, 15 Apr 2024 14:06:50 -0700 (PDT) MIME-Version: 1.0 References: <000000000000fe696d0615f120bb@google.com> <20240415131837.411c6e05eb7b0af077d6424a@linux-foundation.org> In-Reply-To: <20240415131837.411c6e05eb7b0af077d6424a@linux-foundation.org> From: Alexei Starovoitov Date: Mon, 15 Apr 2024 14:06:39 -0700 Message-ID: Subject: Re: [syzbot] [mm?] KMSAN: kernel-infoleak in bpf_probe_write_user To: Andrew Morton Cc: syzbot , LKML , linux-mm , syzkaller-bugs , bpf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 6382E4000F X-Rspam-User: X-Stat-Signature: e4qphbqhdmpyujx4zct68hgfbtrehib1 X-Rspamd-Server: rspam01 X-HE-Tag: 1713215212-162759 X-HE-Meta: U2FsdGVkX196iYk9ugL8q9CCRMcUnObldDCEBPaAtX0+Lbpo4brnjSF1CHL33K9Wnvrk9DBFItl3gzVk2AvBuHD2SP+K8JxWh/9l2e724rk5a/UacRNb9yucSJQnHy9JOywWG21hNpjYm/iBpGLr+l+cAVef3aAULD8Yym8ZcnLng3TEdSL/VBN1RRRRiNXzAE5NiQVxdBGgsJaInO8Q4r1L1jnJxwjU331CjxMj2Z5ZOGbt7fGg6NvogXyGbgldVwfjoWFe4RMRV7AVyF87JZBwk8gRNnU8qj29p6jq7/cmH1j5B2wiK+8WOW5ovxCtjybCN03pSFfaj2/NhdaRusl5F3wn02tTnesiKJMlhVGRqsPxdTuHa4gcLO8FcTvvbjvw1jCx0RWmfTUsGEZnYKvkEaKVyGJwHexSBd12vwI7KhImdSKuj/iSu3Bcrg3ADR/W6P+A4rGFXsxULQUAcojZD3ewU9fuEirg2KwTh4yaoKC1UvCC7olIZgTUpGp7YGypY/+ydQGpgCEI1l97ft/pIKWkm05mnwMca7moZ6M7/P32Zj4bRu9Kp4DPxU23WY0YSPsxcuDFTYIUseCGLikwSYgAZsSiqTgTCOOzVrml/ERjynBZ3ELogzs2i+86JtgMNo60QLuAwYyS/xWT3MDt/+xJkch76tixdAKmShgTS4zBp2+fWf+ZsHjjStHGssgiy89EPczKKjmwd2WAdcz9bmYlDOIeNQr3bhVfv2FndwIICM6Wbp0q3e3sqGyQlQuiXEVn+CXeKCd3MiG+AYSqpMfbbNi2pP4qbvsVOwVrRmW8RquTDEKEcZqwphn7x6Z9dbhhonr2QfHFx8Z0crMO+hIpW2qNT6P9UkwKoZ99HlXeokfth1SV+RshDtHrlZcpoHSXHiOdxaev42yy23SGjBaLytPuiFrc0VGecGg74GycZnef1Z9s8Cm5u4C/GWmlNYgyNq9ZjaKqALa POZLhpMC PthRM/22KFYUJzjh8H2pcefA3W3+Noul0Am7b1jkNu70AiDBneg05VuvkZsyNr88IXS5H0o1aqKJ1KFsR7PgxZDQpxKaJiXYC+f2m0q/eMTkegXEWGDlJEMPCWzvF5dQPgMhpJ55dDY4Nf8HmcxHudGN2fna7BRW5uIujWUoJLRznzj8+hOL/1gfU8+KjGiUbaUuoX3jc9ZVSfoo2RfodI/5oea3YC+pGJQqELSdQmZa0SmJu7yUdShePmB+XdsKjvAcldA12FaKTvZY+j1ywxaNnzDNlpnMsq4WX2v9R2IZzRIvTSMuMgHOSSNZRqWZw6w4LGAnaL2p/IOx6ZPi1726GuzI9FEJljtTnMic/OFOnlgBu5tEKtGAoY59hWereJYbVmM9aKC94q6b+v3zEUgaSbicFGoTsTpx8/WIhQRb4z+YGj4GqGFSXXRPSliE+LlgVDYXxUhxivEzz3sMNk0VkdPY/8m0KINW+jXpH0qL49Zefeah8FlTDYm81DcMSL5Oi/4Ja+fOkjWCaAcgxCGgRiF/aMlYkA98JPIIPtwxQrCmNgnD6jqQsEHODTEPiLpCs3+ww3pwYmbQEcQ/KdvtqsX2JZKhRF6S7Oh/f0gM6mt+iYqy7lLjz8ueYuATn3m+Hk8XakqqlwU+KfXchCzD85vDOEA2o96mKfeUBomUl7M1WFCTWfLgEgr58N6aA9w7QVlzczYnK1HdsIvOeiEjhq8Ebpo0+336yclmnxA2U1IynOwkKRBvAd+oc+ZwZFr1qUegROfjUQCZQhrXdXNqIHv6fV9GXhMuTDiSBoqOfdrjyzr9ReMHFL3uvJG3l3n2NT0kLPKqxFcvo4cS3sC69vKMaqjxr8/+fchuxP+JxCIt1rDSr+oMGC+MI0+kWWeCCWLnng7ta0w85fdFLeK9ncGdKtSiM8oLojcEBH6EVpZh69VP/dpNxBfTnNXq4pg2pfL+JLnMAwVeUlWU9XLPWmCHS fxrjrBh2 OIxXVDz0Rv9RLzx3B0IlWcsm4BGRZWY3AevCL2FVtehuTkrJINBB0VPmPOpgtFJVuyKeXltdzxoknKcD60QTsp5k5PD7gyWhWUH1uFcSHvzM9MgZ65mjeGehuKAGyh2VjAtNvt7XfLyrPnSg/z5VJduNelMurbYX0XLASobBPxf/PxEBI3JjvxuzVHqPC0uWcBjVhKbND9AbFIMiPfILf40V7FNmuu6+gPKw064C9cM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, syzbot folks, please disable such "bug" reporting. The whole point of bpf is to pass such info to userspace. probe_write_user, various ring buffers, bpf_*_printk-s, bpf maps all serve this purpose of "infoleak". On Mon, Apr 15, 2024 at 1:18=E2=80=AFPM Andrew Morton wrote: > > (cc bpf@) > > On Fri, 12 Apr 2024 19:27:25 -0700 syzbot wrote: > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: fec50db7033e Linux 6.9-rc3 > > git tree: upstream > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=3D16509ba1180= 000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D13e7da43256= 5d94c > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D79102ed905e5b= 2dc0fc3 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for D= ebian) 2.40 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D10a4af9d1= 80000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D12980f9d180= 000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/901017b36ccc/d= isk-fec50db7.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/16bfcf5618d3/vmli= nux-fec50db7.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/dc9c5a1e7d02= /bzImage-fec50db7.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the co= mmit: > > Reported-by: syzbot+79102ed905e5b2dc0fc3@syzkaller.appspotmail.com > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/in= strumented.h:114 [inline] > > BUG: KMSAN: kernel-infoleak in __copy_to_user_inatomic include/linux/ua= ccess.h:125 [inline] > > BUG: KMSAN: kernel-infoleak in copy_to_user_nofault+0x129/0x1f0 mm/macc= ess.c:149 > > instrument_copy_to_user include/linux/instrumented.h:114 [inline] > > __copy_to_user_inatomic include/linux/uaccess.h:125 [inline] > > copy_to_user_nofault+0x129/0x1f0 mm/maccess.c:149 > > ____bpf_probe_write_user kernel/trace/bpf_trace.c:349 [inline] > > bpf_probe_write_user+0x104/0x180 kernel/trace/bpf_trace.c:327 > > ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 > > __bpf_prog_run64+0xb5/0xe0 kernel/bpf/core.c:2236 > > bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] > > __bpf_prog_run include/linux/filter.h:657 [inline] > > bpf_prog_run include/linux/filter.h:664 [inline] > > __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] > > bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420 > > __bpf_trace_kfree+0x29/0x40 include/trace/events/kmem.h:94 > > trace_kfree include/trace/events/kmem.h:94 [inline] > > kfree+0x6a5/0xa30 mm/slub.c:4377 > > vfs_writev+0x12bf/0x1450 fs/read_write.c:978 > > do_writev+0x251/0x5c0 fs/read_write.c:1018 > > __do_sys_writev fs/read_write.c:1091 [inline] > > __se_sys_writev fs/read_write.c:1088 [inline] > > __x64_sys_writev+0x98/0xe0 fs/read_write.c:1088 > > do_syscall_64+0xd5/0x1f0 > > entry_SYSCALL_64_after_hwframe+0x72/0x7a > > > > Local variable stack created at: > > __bpf_prog_run64+0x45/0xe0 kernel/bpf/core.c:2236 > > bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] > > __bpf_prog_run include/linux/filter.h:657 [inline] > > bpf_prog_run include/linux/filter.h:664 [inline] > > __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] > > bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420 > > > > Bytes 0-7 of 8 are uninitialized > > Memory access of size 8 starts at ffff888121ec7ae8 > > Data copied to user address 00000000ffffffff > > > > CPU: 1 PID: 4779 Comm: dhcpcd Not tainted 6.9.0-rc3-syzkaller #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS= Google 03/27/2024 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > > > > > --- > > This report is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > syzbot will keep track of this issue. See: > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > If the report is already addressed, let syzbot know by replying with: > > #syz fix: exact-commit-title > > > > If you want syzbot to run the reproducer, reply with: > > #syz test: git://repo/address.git branch-or-commit-hash > > If you attach or paste a git patch, syzbot will apply it before testing= . > > > > If you want to overwrite report's subsystems, reply with: > > #syz set subsystems: new-subsystem > > (See the list of subsystem names on the web dashboard) > > > > If the report is a duplicate of another one, reply with: > > #syz dup: exact-subject-of-another-report > > > > If you want to undo deduplication, reply with: > > #syz undup >