From nobody Sat Feb 7 19:41:21 2026 Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C82018A6B0 for ; Sat, 1 Nov 2025 12:35:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762000502; cv=none; b=EDWbvgbz7CG6Sb+5ZHH8Kh0gYRdaP2cXQ44Ex0NTYKt9FeWHtv+jN8/OcDTihbdDh26qwCElzO8pC9lTvXvoFa6ky17mOxh9mK0tAUxs0nwm55WUojMQyB5vSuE6aazBNfOe2D3DlU4C0x0SG8SC08aA4/uW8XFZtafUS2mO9SY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762000502; c=relaxed/simple; bh=chT7ZuJdmZz2+odZdjWBl1QPwpZX5AyyiSBmBy+TRRQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=rgXcrozz/sCU7vxOlgwQrrGAdUKxaE3rKs65EO5ruyRrKhV5SPYAyt+lGZg47Z1uTG7AZVB10shKNHTyqOfn34WrmFgS41FWTAf3LkBss24t8xtpedvH3R2N+GtBbPH74RcFcH+1Chwy5LIR/fGCPvu4wPHfIC1PDRM9uWjqs3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KI8oYo/Q; arc=none smtp.client-ip=209.85.216.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KI8oYo/Q" Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-340299fd35aso545851a91.1 for ; Sat, 01 Nov 2025 05:35:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762000500; x=1762605300; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=qDRT+NEI4paVe6C3WZWM0dixLtLFOOKY3SXggLATTdE=; b=KI8oYo/QLWsn+hDSKqleoz+sPr2vstS6qoomYQ+B1wEKKSJdPW1/wDogvSchBMoC13 r0RFnrEPBHln01PTB2S1KJasxAQgJqmpEB56be1AoQDIwGxyk7jUGA7eHd6Wn3a0N4Eq evh/k7Wz6wPyYWTZhdfFZ59PT1DtKRdcdJ+1JYuLsRZWdf2lnRXw6PxTSXqlf2Qda5EZ OC2OsLkjslWHtS0ruJOitXNNKwcGSiUK507MSomOu5ytfK43J2oh7eba+wAdVGwP8ADB LjXPzv1RmpiWuK7fvmbbt/TRXIzbSv5qZ7Jwh32+kDpOjbcNS3rV4AeUQFkfGgGsXP8+ trAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762000500; x=1762605300; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qDRT+NEI4paVe6C3WZWM0dixLtLFOOKY3SXggLATTdE=; b=DJYsttGO1QGr/ljPQFPMtvfUTdRkpskTKjjTUyXrpzBf+XHz3DEIUA9kMrbByFqkLq yuyIk+IDxnwZJzUlHpNH4ToSwLMtRyfEXJh//gAiZpx87sCYSi9P4oH7vUEn1ZfwDTqX o66RmjD7Ybkj/Ybtx1X3y7vd3VsFiiSG7E01CYYtFIfU/9Epm0r0DBFv8Mse4ASU5oWZ xnWDsn3rHlYt5Ql6sr5cVlHV8JBkxRQrB4VwBz8H2pmYrmER6f6XoQXSNHmULK4sNKd/ inj2OzHXed9eoRwjc01C8TtBzqPSXInc6WhAdrlXVnWtZqWLZr1o3Xy5+37Ave+jNSj/ LKkQ== X-Forwarded-Encrypted: i=1; AJvYcCXaGffuCloEAlZ4XIcJLVyxJdf5N/NR22AxVfmzh0TtQ5IDcR7cQE5+//OzAZb64fjJHd1ArbT+k6WmbEE=@vger.kernel.org X-Gm-Message-State: AOJu0YyQLN6fcC9KXaVpqRTlC9Fol8DgJYLL0F9ue6xHqnh34ZYEV29U ieRFEGuWjI6nnbGgpvWOziecPusV9wMDdTCtAk9oG2ySVAlwA1DH6vHV X-Gm-Gg: ASbGncsGcz6xdKFaPNzf6N2RGYXsoPjMd7LDnCGDhacLZQqNnhk4jFIKvcPqx0+IbN8 4FbxIzuRaWHuCcAucRjnQmZ+5sIMzxG3XPsLbSwhQdrRyaZlZ9zLFXDEZkhFKMIIR20EXjbQ5w0 iQsvtPfOf6lH4q5e92ph2DUfhSna/DceJTxpFPeKfy+SLwtOMVjpcI2JUYrglfdqeAl69+yalJF BZB3O26wC9OAxUYHd9Lb3zN8WHO9xrb+TCxE163T5maYXWda09gGEM5ohKwgPtPsOpqnPYRE666 /a0xEsBvwuJkuU2sCaHq7FDamPWo68urh11aBuUd9vwblBxGfLRDO0dFyDuPhn3pKSOIVVPzK4g yk4Rcim9m1FNv4Lv8TbPMjk0tPJSA3FwyCo8kSwIlAqb+WrtlHwDMhGti6dHjO19JOxYQkh0kOV WlZ6cMA1E6gecFEy3OyU6jiVyO7d6fgV6GTrq/nOLC X-Google-Smtp-Source: AGHT+IEIpXxPwq5sEDlkOcaHuDBQuKRHH2343dqIJklYh5KJcqhNIUb8e5LlvsFd0ntOyTjMFiZdcQ== X-Received: by 2002:a17:90b:180e:b0:332:3ffe:4be5 with SMTP id 98e67ed59e1d1-340830b422fmr4786530a91.7.1762000499628; Sat, 01 Nov 2025 05:34:59 -0700 (PDT) Received: from [127.0.1.1] ([2406:7400:10c:9fcf:a95f:918:2618:d2cf]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a7db86f0fesm5214017b3a.60.2025.11.01.05.34.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Nov 2025 05:34:59 -0700 (PDT) From: Ranganath V N Date: Sat, 01 Nov 2025 18:04:47 +0530 Subject: [PATCH v2 1/2] net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251101-infoleak-v2-1-01a501d41c09@gmail.com> References: <20251101-infoleak-v2-0-01a501d41c09@gmail.com> In-Reply-To: <20251101-infoleak-v2-0-01a501d41c09@gmail.com> To: Jamal Hadi Salim , Cong Wang , Jiri Pirko , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, david.hunter.linux@gmail.com, khalid@kernel.org, Ranganath V N , syzbot+0c85cae3350b7d486aee@syzkaller.appspotmail.com X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1762000490; l=2056; i=vnranganath.20@gmail.com; s=20250816; h=from:subject:message-id; bh=chT7ZuJdmZz2+odZdjWBl1QPwpZX5AyyiSBmBy+TRRQ=; b=QhYz129puv3oVszl5c9tMRyDFQV70rx+6GTRyuQ2lTGOmSohCfnYhkr7dhtyfXGznRR41o9n/ ydrxrEdNIyCBMzus9PmjGIv2Da7KLzDO3m1QO4QL6o08Ea53pyn97Pe X-Developer-Key: i=vnranganath.20@gmail.com; a=ed25519; pk=7mxHFYWOcIJ5Ls8etzgLkcB0M8/hxmOh8pH6Mce5Z1A= Fix a KMSAN kernel-infoleak detected by the syzbot . [net?] KMSAN: kernel-infoleak in __skb_datagram_iter In tcf_ife_dump(), the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nla_put() copies the entire structure into a netlink message, these uninitialized bytes leaked to userspace. Initialize the structure with memset before assigning its fields to ensure all members and padding are cleared prior to beign copied. This change silences the KMSAN report and prevents potential information leaks from the kernel memory. This fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures no infoleak. Reported-by: syzbot+0c85cae3350b7d486aee@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D0c85cae3350b7d486aee Tested-by: syzbot+0c85cae3350b7d486aee@syzkaller.appspotmail.com Fixes: ef6980b6becb ("introduce IFE action") Signed-off-by: Ranganath V N --- net/sched/act_ife.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index 107c6d83dc5c..7c6975632fc2 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -644,13 +644,15 @@ static int tcf_ife_dump(struct sk_buff *skb, struct t= c_action *a, int bind, unsigned char *b =3D skb_tail_pointer(skb); struct tcf_ife_info *ife =3D to_ife(a); struct tcf_ife_params *p; - struct tc_ife opt =3D { - .index =3D ife->tcf_index, - .refcnt =3D refcount_read(&ife->tcf_refcnt) - ref, - .bindcnt =3D atomic_read(&ife->tcf_bindcnt) - bind, - }; + struct tc_ife opt; struct tcf_t t; =20 + memset(&opt, 0, sizeof(opt)); + + opt.index =3D ife->tcf_index, + opt.refcnt =3D refcount_read(&ife->tcf_refcnt) - ref, + opt.bindcnt =3D atomic_read(&ife->tcf_bindcnt) - bind, + spin_lock_bh(&ife->tcf_lock); opt.action =3D ife->tcf_action; p =3D rcu_dereference_protected(ife->params, --=20 2.43.0 From nobody Sat Feb 7 19:41:21 2026 Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CFC0518A6B0 for ; Sat, 1 Nov 2025 12:35:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762000509; cv=none; b=YdtY092qF0NEKwXn2rFFVbxozg5r/fzz2hS6b46CySNPE0AOk+wHQSrSvHt1j3PhM4rfzE6uvHKjTiEyWUcOn5j/H4GAOyJujkArin/KF1CClC1NGTfYb8OEGF6ezHeGttrTTJVK+mR4Liq4pmXBRL/kH3uiOD/CleLVr8lUnAE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762000509; c=relaxed/simple; bh=5lljvy+eeKPbsrR97UeOzg7UMYKoHcYzDLWKuAQGdYE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XAsVa5dYmFJnSX54Xbf3AltZl46fKlrspkaaybu6jKUZdXJiNORV7eFBxpCm4a3W7pKKVQ7YI/mDcAkBoU0154KqUkOPziscpbPA6CkwElqtbSWDFHG66aja6fBx6Pv5z4G1ngIwBDgLO2MPjHRrWbTOOWAwZm1lwrq6KSzCf9w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ued7h9x5; arc=none smtp.client-ip=209.85.216.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ued7h9x5" Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-34053e17eb6so382979a91.0 for ; Sat, 01 Nov 2025 05:35:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762000504; x=1762605304; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=9iow4Uh3JbPUWEJRhV4H6RzrlPY1bk6TBjtSGGBlaN4=; b=Ued7h9x5vp0OfEsZWuXKwb9qcb5oLIHTWDDn4AxY+qZkmycD2q3m44JV4+7frRu/UA wYyq0oLtY1dNqRwF2SOVVvcruV0ARLln9kOuRJuxiMVSqViyXG5kt5DEDTWR9Psji40A g6SlYcW/pWt46sl8AHfdbG2IYlzJcuXhm/rb5mwjV/9uIajQD/xSRbanNOnQwsHc+X+q /d1FSnKge3SyE6LJnqbPdWY2o5vc1RAFvWex38Vy08ujVzdqtKrQo2HzrYvbmqClZlQ9 Z21Yf/Sn+CGkHMZ2iucHUZ2VdqGQ33dZTk0/seAtBGPYHvSPaIOKvn6iI4D1+C5BLnKz FIWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762000504; x=1762605304; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9iow4Uh3JbPUWEJRhV4H6RzrlPY1bk6TBjtSGGBlaN4=; b=QvCcwLyOXR8zIq4Y19h20xlBLiv0W/O3naNX+IGGEtg/mjtbDV8sPvsdVLvARinT5J JbAwGC50E8HzW7caHEL8p5+1aI+Hl6HisaXJBa0uq9oRT2cKvxNxyiqEeUyiG7Yt4vhT HWn1rMtNqjoXJbxFN4dXvDEHoRDJ7F2sgZeREZGucVt0cvtMhNGhaYuHNqGeLJqTb1em E9YQprBikeZEDC3iCOLvkCHA1okZooIHFz8vtEc7pUUWCnbs7UuHfmGXn7qCIwS0zsh+ nzaes8sdV5QM+F+U2nOrhM61pjLp4gquxuL5JdiVXwq5sQC3sa6vcuxepLpv5pmFQ+0j 2mJg== X-Forwarded-Encrypted: i=1; AJvYcCVDzRWH6qED8c1q85M4r0zBgLPoBHUHvsGS3PHn3kfA4ViBTx7CO0At9fozs9xpuyIUZyfdxdC09luLpDM=@vger.kernel.org X-Gm-Message-State: AOJu0YzHbLQZ84gx4g5fDQwtkpu9I1QS2lhscAPafrz37OKbBE+KTb9k MqNDPZquN8VjMV2AGhnWi2Pr+Zqdj41Owv+O8j3aq+6VkcpnK9cOI3a7 X-Gm-Gg: ASbGncvLsuA7N/NFjh9HOTkChJZDX3R7qAjxgLsKoY0tW8W/AFArHRvevGB+1lBGOTX 6dj7kY7HN8CUu0yW3lDBz0dDC6MywVNKG4jU5Ytk1s7dq6W/ONtXdgs24aANoxSjsYEuVEC1qND LQzOM5yDVyo3k38GxjuiQfOnpPUcAJBV2EfTdWb8qjnNb3OkmcOBKfCcojkeBUyPMt6rEVAiUUm 0opHgJIahbiX2TRDJVF6EPEOTpgqikEZ8dsdDN79hVNS629k/JywjzpXq0COGQBh/D+7Qw5Ia4K GSDalQFCnVRPPqNweaAQCSDsvd/HaaC3Vktw/WSQyGwCYzkAs5Rn1wX3zuczYlrgwllIiQLe+my Bfy8/OROuZkQmd5V8HtJ6QChCHeuGMy3J90tr+9sEc1YWnpLsbBYm7erlLI1pdal1/iaXXds/+p k3wLgoOpiWxres/WtvrgCs/+crMhQ85SWIsupoi4mt X-Google-Smtp-Source: AGHT+IGaymgUrpOcvB4JBLFSPVUyGWWS9X0AS3vOHetSYGMoN5nDwO4YcwN9LuZvJ9JYCEcykcWlKg== X-Received: by 2002:aa7:88cd:0:b0:7a5:396d:76d3 with SMTP id d2e1a72fcca58-7a7797c005bmr3975673b3a.4.1762000503825; Sat, 01 Nov 2025 05:35:03 -0700 (PDT) Received: from [127.0.1.1] ([2406:7400:10c:9fcf:a95f:918:2618:d2cf]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a7db86f0fesm5214017b3a.60.2025.11.01.05.34.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Nov 2025 05:35:03 -0700 (PDT) From: Ranganath V N Date: Sat, 01 Nov 2025 18:04:48 +0530 Subject: [PATCH v2 2/2] net: sched: act_connmark: zero initialize the struct to avoid KMSAN Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251101-infoleak-v2-2-01a501d41c09@gmail.com> References: <20251101-infoleak-v2-0-01a501d41c09@gmail.com> In-Reply-To: <20251101-infoleak-v2-0-01a501d41c09@gmail.com> To: Jamal Hadi Salim , Cong Wang , Jiri Pirko , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, skhan@linuxfoundation.org, david.hunter.linux@gmail.com, khalid@kernel.org, Ranganath V N X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1762000490; l=1124; i=vnranganath.20@gmail.com; s=20250816; h=from:subject:message-id; bh=5lljvy+eeKPbsrR97UeOzg7UMYKoHcYzDLWKuAQGdYE=; b=bNfAU7fFhFu8TXmm6LrwvsK/5elG10436Ao1RifFc2YEB/o84xMwIUoUqeEcARWUBz37FRUsC SgI8FmaDr2wBYAcMsXO0YTdp3BUjZOLvpN3TozwQf8vw5mi/iZdNnGH X-Developer-Key: i=vnranganath.20@gmail.com; a=ed25519; pk=7mxHFYWOcIJ5Ls8etzgLkcB0M8/hxmOh8pH6Mce5Z1A= zero initialize the struct to avoid the infoleak to the userspace. Signed-off-by: Ranganath V N --- net/sched/act_connmark.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c index 3e89927d7116..cf3cdfaaa34b 100644 --- a/net/sched/act_connmark.c +++ b/net/sched/act_connmark.c @@ -195,13 +195,15 @@ static inline int tcf_connmark_dump(struct sk_buff *s= kb, struct tc_action *a, const struct tcf_connmark_info *ci =3D to_connmark(a); unsigned char *b =3D skb_tail_pointer(skb); const struct tcf_connmark_parms *parms; - struct tc_connmark opt =3D { - .index =3D ci->tcf_index, - .refcnt =3D refcount_read(&ci->tcf_refcnt) - ref, - .bindcnt =3D atomic_read(&ci->tcf_bindcnt) - bind, - }; + struct tc_connmark opt; struct tcf_t t; =20 + memset(&opt, 0, sizeof(opt)); + + opt.index =3D ci->tcf_index, + opt.refcnt =3D refcount_read(&ci->tcf_refcnt) - ref, + opt.bindcnt =3D atomic_read(&ci->tcf_bindcnt) - bind, + rcu_read_lock(); parms =3D rcu_dereference(ci->parms); =20 --=20 2.43.0