linux/net/sctp
Xin Long 4a2eb0c37b sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
syzbot reported a kernel-infoleak, which is caused by an uninitialized
field(sin6_flowinfo) of addr->a.v6 in sctp_inet6addr_event().
The call trace is as below:

  BUG: KMSAN: kernel-infoleak in _copy_to_user+0x19a/0x230 lib/usercopy.c:33
  CPU: 1 PID: 8164 Comm: syz-executor2 Not tainted 4.20.0-rc3+ #95
  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
  Google 01/01/2011
  Call Trace:
    __dump_stack lib/dump_stack.c:77 [inline]
    dump_stack+0x32d/0x480 lib/dump_stack.c:113
    kmsan_report+0x12c/0x290 mm/kmsan/kmsan.c:683
    kmsan_internal_check_memory+0x32a/0xa50 mm/kmsan/kmsan.c:743
    kmsan_copy_to_user+0x78/0xd0 mm/kmsan/kmsan_hooks.c:634
    _copy_to_user+0x19a/0x230 lib/usercopy.c:33
    copy_to_user include/linux/uaccess.h:183 [inline]
    sctp_getsockopt_local_addrs net/sctp/socket.c:5998 [inline]
    sctp_getsockopt+0x15248/0x186f0 net/sctp/socket.c:7477
    sock_common_getsockopt+0x13f/0x180 net/core/sock.c:2937
    __sys_getsockopt+0x489/0x550 net/socket.c:1939
    __do_sys_getsockopt net/socket.c:1950 [inline]
    __se_sys_getsockopt+0xe1/0x100 net/socket.c:1947
    __x64_sys_getsockopt+0x62/0x80 net/socket.c:1947
    do_syscall_64+0xcf/0x110 arch/x86/entry/common.c:291
    entry_SYSCALL_64_after_hwframe+0x63/0xe7

sin6_flowinfo is not really used by SCTP, so it will be fixed by simply
setting it to 0.

The issue exists since very beginning.
Thanks Alexander for the reproducer provided.

Reported-by: syzbot+ad5d327e6936a2e284be@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-12-10 11:53:42 -08:00
..
associola.c sctp: kfree_rcu asoc 2018-12-03 15:54:41 -08:00
auth.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
bind_addr.c sctp: remove the typedef sctp_scope_t 2017-08-06 21:33:41 -07:00
chunk.c sctp: frag_point sanity check 2018-12-05 20:37:52 -08:00
debug.c sctp: add SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN conversion in sctp_cname 2018-02-12 11:40:01 -05:00
diag.c sctp: add file comments in diag.c 2018-02-13 13:56:31 -05:00
endpointola.c treewide: Use struct_size() for kmalloc()-family 2018-06-06 11:15:43 -07:00
input.c sctp: use the pmtu from the icmp packet to update transport pathmtu 2018-10-15 22:54:20 -07:00
inqueue.c sctp: fix the issue that the cookie-ack with auth can't get processed 2018-05-02 11:15:33 -04:00
ipv6.c sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event 2018-12-10 11:53:42 -08:00
Kconfig sctp: whitespace fixes 2018-07-24 14:10:42 -07:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
offload.c net: use skb_is_gso_sctp() instead of open-coding 2018-03-09 11:41:47 -05:00
output.c sctp: increase sk_wmem_alloc when head->truesize is increased 2018-11-27 15:42:31 -08:00
outqueue.c sctp: define SCTP_SS_DEFAULT for Stream schedulers 2018-11-03 19:40:29 -07:00
primitive.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
proc.c sctp: remove useless start_fail from sctp_ht_iter in proc 2018-08-27 15:13:17 -07:00
protocol.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
sm_make_chunk.c sctp: update frag_point when stream_interleave is set 2018-11-30 13:12:43 -08:00
sm_sideeffect.c sctp: whitespace fixes 2018-07-24 14:10:42 -07:00
sm_statefuns.c sctp: delay the authentication for the duplicated cookie-echo chunk 2018-05-07 23:39:10 -04:00
sm_statetable.c sctp: implement validate_ftsn for sctp_stream_interleave 2017-12-15 13:52:22 -05:00
socket.c sctp: frag_point sanity check 2018-12-05 20:37:52 -08:00
stream_interleave.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream_sched_prio.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream_sched_rr.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream_sched.c net/sctp: Make wrappers for accessing in/out streams 2018-08-11 12:25:15 -07:00
stream.c sctp: not increase stream's incnt before sending addstrm_in request 2018-11-19 14:46:32 -08:00
sysctl.c sctp: support sysctl to allow users to use stream interleave 2017-12-15 13:52:22 -05:00
transport.c sctp: update dst pmtu with the correct daddr 2018-09-20 11:29:30 -07:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg 2018-05-10 17:48:36 -04:00
ulpqueue.c sctp: Use skb_queue_is_first(). 2018-09-10 10:06:53 -07:00