There is a kernel information leak vulnerability which was produced by my improved syzkaller, The output message is as follows: Syzkaller hit 'KMSAN: kernel-infoleak in copy_page_to_iter' bug. ===================================================== BUG: KMSAN: kernel-infoleak in instrument_copy_to_user build/../include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout build/../lib/iov_iter.c:156 [inline] BUG: KMSAN: kernel-infoleak in copy_page_to_iter_iovec build/../lib/iov_iter.c:231 [inline] BUG: KMSAN: kernel-infoleak in __copy_page_to_iter build/../lib/iov_iter.c:855 [inline] BUG: KMSAN: kernel-infoleak in copy_page_to_iter+0xa65/0x2630 build/../lib/iov_iter.c:883 instrument_copy_to_user build/../include/linux/instrumented.h:121 [inline] copyout build/../lib/iov_iter.c:156 [inline] copy_page_to_iter_iovec build/../lib/iov_iter.c:231 [inline] __copy_page_to_iter build/../lib/iov_iter.c:855 [inline] copy_page_to_iter+0xa65/0x2630 build/../lib/iov_iter.c:883 filemap_read+0xf7a/0x1b10 build/../mm/filemap.c:2697 generic_file_read_iter+0x19c/0xa50 build/../mm/filemap.c:2792 ext4_file_read_iter+0xa09/0xd10 call_read_iter build/../include/linux/fs.h:2156 [inline] new_sync_read build/../fs/read_write.c:400 [inline] vfs_read+0x1631/0x1980 build/../fs/read_write.c:481 ksys_read+0x28b/0x510 build/../fs/read_write.c:619 __do_sys_read build/../fs/read_write.c:629 [inline] __se_sys_read build/../fs/read_write.c:627 [inline] __x64_sys_read+0xdb/0x120 build/../fs/read_write.c:627 do_syscall_x64 build/../arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 build/../arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0850
Should this CVE be rejected? I'm not sure as the traces do not completely correspond. There is on one hand https://syzkaller.appspot.com/bug?id=602bc454598b9bc1186ea9f927f6225ef64a397b which was auto-closed as invalid, and https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8 which though is fixed 5.14-rc1 (with ce3aba43599f0b50adbebff133df8d08a3d5fffe). Thanks for clarifying.
Hello, looking closely at both the traces we will notice they are similar occurrences and relates to a similar problem. Below is the trace in common ~~~ copy_page_to_iter_iovec lib/iov_iter.c:212 [inline] copy_page_to_iter+0x77a/0x1ac0 lib/iov_iter.c:846 generic_file_buffered_read mm/filemap.c:2185 [inline] generic_file_read_iter+0x3469/0x4430 mm/filemap.c:2362 blkdev_read_iter+0x20d/0x270 fs/block_dev.c:1936 call_read_iter include/linux/fs.h:1801 [inline] new_sync_read fs/read_write.c:406 [inline] ~~~ thank you.
(In reply to Rohit Keshri from comment #4) > Hello, looking closely at both the traces we will notice they are similar > occurrences and relates to a similar problem. > > Below is the trace in common > ~~~ > copy_page_to_iter_iovec lib/iov_iter.c:212 [inline] > copy_page_to_iter+0x77a/0x1ac0 lib/iov_iter.c:846 > generic_file_buffered_read mm/filemap.c:2185 [inline] > generic_file_read_iter+0x3469/0x4430 mm/filemap.c:2362 > blkdev_read_iter+0x20d/0x270 fs/block_dev.c:1936 > call_read_iter include/linux/fs.h:1801 [inline] > new_sync_read fs/read_write.c:406 [inline] > ~~~ > > thank you. Hello, could this be reopened and proper investigation of the code in various RHEL kernel versions done? This bugzilla is WONTFIX indicating the vulnerability is present but we decided not to fix it ... but the CVE page https://access.redhat.com/security/cve/CVE-2022-0850 says Not affected which indicates to the world that the faulty code is not in the product. We might need to figure out which one it is exactly. Thank you, Jan