On Fri, Oct 02, 2020 at 09:49:44AM -0400, Peilin Ye wrote: > On Mon, Aug 31, 2020 at 03:28:22AM -0700, syzbot wrote: > > BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253 > > CPU: 1 PID: 12272 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > > Call Trace: > > __dump_stack lib/dump_stack.c:77 [inline] > > dump_stack+0x21c/0x280 lib/dump_stack.c:118 > > kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 > > kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423 > > kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253 > > instrument_copy_to_user include/linux/instrumented.h:91 [inline] > > _copy_to_user+0x18e/0x260 lib/usercopy.c:33 > > scsi_put_cdrom_generic_arg include/linux/uaccess.h:170 [inline] > > + Cc: Greg Kroah-Hartman > + Cc: Anant Thazhemadam > > Hi all, > > In looking at the report, I guess this patch should fix the issue, there's > a 3-byte hole in `struct compat_cdrom_generic_command`: > > [PATCH v3] block/scsi-ioctl: Prevent kernel-infoleak in scsi_put_cdrom_generic_arg() > https://lore.kernel.org/lkml/20200909095057.1214104-1-yepeilin.cs@xxxxxxxxx/ > > But I cannot verify it, since syzbot doesn't have a reproducer for it. > The patch adds a 3-byte padding field to `struct > compat_cdrom_generic_command`. It hasn't been accepted yet. Please resend it, it looks like it hasn't been taken yet :( thanks, greg k-h
