On Fri, Jul 14, 2017 at 7:04 PM, Neal Cardwell <ncardw...@google.com> wrote: > On Fri, Jul 14, 2017 at 12:54 PM, Alexander Potapenko <gli...@google.com> > wrote: >> KMSAN reported use of uninitialized memory in skb_set_hash_from_sk(), >> which originated from the TCP request socket created in >> cookie_v6_check(): > ... >> --- a/net/ipv6/syncookies.c >> +++ b/net/ipv6/syncookies.c >> @@ -216,6 +216,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct >> sk_buff *skb) >> treq->rcv_isn = ntohl(th->seq) - 1; >> treq->snt_isn = cookie; >> treq->ts_off = 0; >> + treq->txhash = 0; >> >> /* >> * We need to lookup the dst_entry to get the correct window size. > > I would have thought that the same fix is needed in the corresponding > line in cookie_v4_check() in net/ipv4/syncookies.c? (I do not see > txhash being initialized for the IPv4 side.) If it's not needed for > some reason, then it would be worth a comment in the commit > description to explain why not. Most certainly it is needed. I haven't seen reports for that in the wild and couldn't forge a repro triggering the bug in IPv4, but I'll give it another shot. > thanks, > neal
-- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
