CVE-2025-68751

Description

In the Linux kernel, the following vulnerability has been resolved:s390/fpu: Fix false-positive kmsan report in fpu_vstl()A false-positive kmsan report is detected when running ping command.An inline assembly instruction vstl can write varied amount of bytesdepending on value of index argument. If index > 0, vstl writesat least 2 bytes.clang generates kmsan write helper call depending on inline assemblyconstraints. Constraints are evaluated compile-time, but value ofindex argument is known only at runtime.clang currently generates call to __msan_instrument_asm_store with 1 byteas size. Manually call kmsan function to indicate correct amount of byteswritten and fix false-positive report.This change fixes following kmsan reports:[ 36.563119] =====================================================[ 36.563594] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70[ 36.563852] virtqueue_add+0x35c6/0x7c70[ 36.564016] virtqueue_add_outbuf+0xa0/0xb0[ 36.564266] start_xmit+0x288c/0x4a20[ 36.564460] dev_hard_start_xmit+0x302/0x900[ 36.564649] sch_direct_xmit+0x340/0xea0[ 36.564894] __dev_queue_xmit+0x2e94/0x59b0[ 36.565058] neigh_resolve_output+0x936/0xb40[ 36.565278] __neigh_update+0x2f66/0x3a60[ 36.565499] neigh_update+0x52/0x60[ 36.565683] arp_process+0x1588/0x2de0[ 36.565916] NF_HOOK+0x1da/0x240[ 36.566087] arp_rcv+0x3e4/0x6e0[ 36.566306] __netif_receive_skb_list_core+0x1374/0x15a0[ 36.566527] netif_receive_skb_list_internal+0x1116/0x17d0[ 36.566710] napi_complete_done+0x376/0x740[ 36.566918] virtnet_poll+0x1bae/0x2910[ 36.567130] __napi_poll+0xf4/0x830[ 36.567294] net_rx_action+0x97c/0x1ed0[ 36.567556] handle_softirqs+0x306/0xe10[ 36.567731] irq_exit_rcu+0x14c/0x2e0[ 36.567910] do_io_irq+0xd4/0x120[ 36.568139] io_int_handler+0xc2/0xe8[ 36.568299] arch_cpu_idle+0xb0/0xc0[ 36.568540] arch_cpu_idle+0x76/0xc0[ 36.568726] default_idle_call+0x40/0x70[ 36.568953] do_idle+0x1d6/0x390[ 36.569486] cpu_startup_entry+0x9a/0xb0[ 36.569745] rest_init+0x1ea/0x290[ 36.570029] start_kernel+0x95e/0xb90[ 36.570348] startup_continue+0x2e/0x40[ 36.570703][ 36.570798] Uninit was created at:[ 36.571002] kmem_cache_alloc_node_noprof+0x9e8/0x10e0[ 36.571261] kmalloc_reserve+0x12a/0x470[ 36.571553] __alloc_skb+0x310/0x860[ 36.571844] __ip_append_data+0x483e/0x6a30[ 36.572170] ip_append_data+0x11c/0x1e0[ 36.572477] raw_sendmsg+0x1c8c/0x2180[ 36.572818] inet_sendmsg+0xe6/0x190[ 36.573142] __sys_sendto+0x55e/0x8e0[ 36.573392] __s390x_sys_socketcall+0x19ae/0x2ba0[ 36.573571] __do_syscall+0x12e/0x240[ 36.573823] system_call+0x6e/0x90[ 36.573976][ 36.574017] Byte 35 of 98 is uninitialized[ 36.574082] Memory access of size 98 starts at 0000000007aa0012[ 36.574218][ 36.574325] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.17.0-dirty #16 NONE[ 36.574541] Tainted: [B]=BAD_PAGE, [N]=TEST[ 36.574617] Hardware name: IBM 3931 A01 703 (KVM/Linux)[ 36.574755] =====================================================[ 63.532541] =====================================================[ 63.533639] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70[ 63.533989] virtqueue_add+0x35c6/0x7c70[ 63.534940] virtqueue_add_outbuf+0xa0/0xb0[ 63.535861] start_xmit+0x288c/0x4a20[ 63.536708] dev_hard_start_xmit+0x302/0x900[ 63.537020] sch_direct_xmit+0x340/0xea0[ 63.537997] __dev_queue_xmit+0x2e94/0x59b0[ 63.538819] neigh_resolve_output+0x936/0xb40[ 63.539793] ip_finish_output2+0x1ee2/0x2200[ 63.540784] __ip_finish_output+0x272/0x7a0[ 63.541765] ip_finish_output+0x4e/0x5e0[ 63.542791] ip_output+0x166/0x410[ 63.543771] ip_push_pending_frames+0x1a2/0x470[ 63.544753] raw_sendmsg+0x1f06/0x2180[ 63.545033] inet_sendmsg+0xe6/0x190[ 63.546006] __sys_sendto+0x55e/0x8e0---truncated---

Risk Information

Associated Vulnerability

Patch Details

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234