Re: [PATCH] tipc: fix an information leak in tipc_topsrv_kern_subscr
From: patchwork-bot+netdevbpf
Date: Fri Oct 14 2022 - 03:40:44 EST
Hello:
This patch was applied to netdev/net.git (master)
by David S. Miller <davem@xxxxxxxxxxxxx>:
On Wed, 12 Oct 2022 17:25:14 +0200 you wrote:
> Use a 8-byte write to initialize sub.usr_handle in
> tipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized
> when issuing setsockopt(..., SOL_TIPC, ...).
> This resulted in an infoleak reported by KMSAN when the packet was
> received:
>
> =====================================================
> BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169
> instrument_copy_to_user ./include/linux/instrumented.h:121
> copyout+0xbc/0x100 lib/iov_iter.c:169
> _copy_to_iter+0x5c0/0x20a0 lib/iov_iter.c:527
> copy_to_iter ./include/linux/uio.h:176
> simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513
> __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
> skb_copy_datagram_iter+0x58/0x200 net/core/datagram.c:527
> skb_copy_datagram_msg ./include/linux/skbuff.h:3903
> packet_recvmsg+0x521/0x1e70 net/packet/af_packet.c:3469
> ____sys_recvmsg+0x2c4/0x810 net/socket.c:?
> ___sys_recvmsg+0x217/0x840 net/socket.c:2743
> __sys_recvmsg net/socket.c:2773
> __do_sys_recvmsg net/socket.c:2783
> __se_sys_recvmsg net/socket.c:2780
> __x64_sys_recvmsg+0x364/0x540 net/socket.c:2780
> do_syscall_x64 arch/x86/entry/common.c:50
> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120
>
> [...]
Here is the summary with links:
- tipc: fix an information leak in tipc_topsrv_kern_subscr
https://git.kernel.org/netdev/net/c/777ecaabd614
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html