Re: [net/tls] Re: KMSAN: uninit-value in aesti_encrypt

From: Eric Biggers
Date: Wed Jul 03 2019 - 12:01:41 EST


On Thu, Jun 27, 2019 at 12:01:23PM -0700, Eric Biggers wrote:
> On Thu, Jun 27, 2019 at 11:19:51AM -0700, John Fastabend wrote:
> > Eric Biggers wrote:
> > > [+TLS maintainers]
> > >
> > > Very likely a net/tls bug, not a crypto bug.
> > >
> > > Possibly a duplicate of other reports such as "KMSAN: uninit-value in gf128mul_4k_lle (3)"
> > >
> > > See https://lore.kernel.org/netdev/20190625055019.GD17703@xxxxxxxxxxxxxxx/ for
> > > the list of 17 other open syzbot bugs I've assigned to the TLS subsystem. TLS
> > > maintainers, when are you planning to look into these?
> > >
> > > On Thu, Jun 27, 2019 at 09:37:05AM -0700, syzbot wrote:
> >
> > I'm looking at this issue now. There is a series on bpf list now to address
> > many of those 17 open issues but this is a separate issue. I can reproduce
> > it locally so should have a fix soon.
> >
>
> Okay, great! However, just to clarify, the 17 syzbot bugs I assigned to TLS are
> in addition to the 30 I assigned to BPF
> (https://lore.kernel.org/lkml/20190624050114.GA30702@xxxxxxxxxxxxxxx/).
> (Well, since I sent that it's actually up to 35 now.)
>
> I do expect most of these are duplicates, so when you are fixing the bugs, it
> would be really helpful (for everyone, including you in the future :-) ) if you
> would include the corresponding Reported-by syzbot line for *every* syzbot
> report you think is addressed, so they get closed.
>

Hi John, there's no activity on your patch thread
(https://lore.kernel.org/bpf/5d1507e7b3eb6_e392b1ee39f65b463@xxxxxxxxxxxxxxxxxxxxxxxx/T/#t)
this week yet, nor do the patches seem to be applied anywhere. What is the ETA
on actually fixing the bug(s)? There are now like 20 syzbot reports for
seemingly the same bug, since it's apparently causing massive memory corruption;
and this is wasting a lot of other kernel developers' time. This has been going
on for over a month; any reason why it's taking so long to fix?

Also, have you written a regression test for this bug so it doesn't happen
again?

- Eric