Re: [PATCH v2 0/2] net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak

Next message: Christian K&#xF6;nig: "Re: [PATCH v1 02/20] drm/ttm: rework pipelined eviction fence handling"
Previous message: Miguel Ojeda: "Re: [PATCH RFC 1/4] rust: clist: Add abstraction for iterating over C linked lists"
In reply to: Ranganath V N: "[PATCH v2 2/2] net: sched: act_connmark: zero initialize the struct to avoid KMSAN"
Next in thread: Ranganath V N: "Re: [PATCH v2 0/2] net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Simon Horman

Date: Tue Nov 04 2025 - 09:14:50 EST

On Sat, Nov 01, 2025 at 06:04:46PM +0530, Ranganath V N wrote:
> Fix a KMSAN kernel-infoleak detected by the syzbot .
>
> [net?] KMSAN: kernel-infoleak in __skb_datagram_iter
>
> In tcf_ife_dump(), the variable 'opt' was partially initialized using a
> designatied initializer. While the padding bytes are reamined
> uninitialized. nla_put() copies the entire structure into a
> netlink message, these uninitialized bytes leaked to userspace.
>
> Initialize the structure with memset before assigning its fields
> to ensure all members and padding are cleared prior to beign copied.

Perhaps not important, but this seems to only describe patch 1/2.

>
> Signed-off-by: Ranganath V N <vnranganath.20@xxxxxxxxx>

Sorry for not looking more carefully at v1.

The presence of this padding seems pretty subtle to me.
And while I agree that your change fixes the problem described.
I wonder if it would be better to make things more obvious
by adding a 2-byte pad member to the structures involved.

...