Am Montag, 18. August 2025, 15:24:17 Mitteleuropäische Sommerzeit schrieb Edward Adam Davis: Hi Edward, > This is not a leak! The stack memroy is hashed and fed into the > entropy pool. We can't recover the original kernel memory from it. > > Reported-by: syzbot+e8bcd7ee3db6cb5cb875@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://syzkaller.appspot.com/bug?extid=e8bcd7ee3db6cb5cb875 > Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> Thank you for the patch. Just for the records: - the intermediary buffer could be initialized to 0 without any effect on the Jitter RNG, because all it wants is actually the execution of the Keccak operation as part of crypto_shhash_finup. - the intermediary buffer is inserted into the Jitter RNG state to ensure that the compiler cannot optimize away the loop if the intermediary buffer would not be used at all - the intermediary buffer is not credited with any entropy as we only want the Keccak operation - by keeping the intermediary uninitialized, the Jitter RNG may get some variations from the uninitialized buffer so that its internal state may benefit from it That said, I am fine with this current patch. But if there is still lingering concern, I am equally fine to have it initialized to zero. Thanks a lot Stephan > --- > V1 -> V2: mark it as unpoison > V2 -> V3: replace to sizeof, minimize the possibilities where > inconsistencies can occur > > crypto/jitterentropy-kcapi.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c > index 1266eb790708..4020a6e41b0e 100644 > --- a/crypto/jitterentropy-kcapi.c > +++ b/crypto/jitterentropy-kcapi.c > @@ -117,6 +117,7 @@ int jent_hash_time(void *hash_state, __u64 time, u8 > *addtl, pr_warn_ratelimited("Unexpected digest size\n"); > return -EINVAL; > } > + kmsan_unpoison_memory(intermediary, sizeof(intermediary)); > > /* > * This loop fills a buffer which is injected into the entropy pool. Ciao Stephan
