CVE-2025-68751

In the Linux kernel, the following vulnerability has been resolved:

s390/fpu: Fix false-positive kmsan report in fpu_vstl()

A false-positive kmsan report is detected when running ping command.

An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index' argument. If 'index' > 0, 'vstl' writes at least 2 bytes.

clang generates kmsan write helper call depending on inline assembly constraints. Constraints are evaluated compile-time, but value of 'index' argument is known only at runtime.

clang currently generates call to _msaninstrumentasmstore with 1 byte as size. Manually call kmsan function to indicate correct amount of bytes written and fix false-positive report.

This change fixes following kmsan reports:

[ 36.563119] ===================================================== [ 36.563594] BUG: KMSAN: uninit-value in virtqueueadd+0x35c6/0x7c70 [ 36.563852] virtqueueadd+0x35c6/0x7c70 [ 36.564016] virtqueueaddoutbuf+0xa0/0xb0 [ 36.564266] startxmit+0x288c/0x4a20 [ 36.564460] devhardstartxmit+0x302/0x900 [ 36.564649] schdirectxmit+0x340/0xea0 [ 36.564894] _devqueuexmit+0x2e94/0x59b0 [ 36.565058] neighresolveoutput+0x936/0xb40 [ 36.565278] _neighupdate+0x2f66/0x3a60 [ 36.565499] neighupdate+0x52/0x60 [ 36.565683] arpprocess+0x1588/0x2de0 [ 36.565916] NFHOOK+0x1da/0x240 [ 36.566087] arprcv+0x3e4/0x6e0 [ 36.566306] _netifreceiveskblistcore+0x1374/0x15a0 [ 36.566527] netifreceiveskblistinternal+0x1116/0x17d0 [ 36.566710] napicompletedone+0x376/0x740 [ 36.566918] virtnetpoll+0x1bae/0x2910 [ 36.567130] _napipoll+0xf4/0x830 [ 36.567294] netrxaction+0x97c/0x1ed0 [ 36.567556] handlesoftirqs+0x306/0xe10 [ 36.567731] irqexitrcu+0x14c/0x2e0 [ 36.567910] doioirq+0xd4/0x120 [ 36.568139] iointhandler+0xc2/0xe8 [ 36.568299] archcpuidle+0xb0/0xc0 [ 36.568540] archcpuidle+0x76/0xc0 [ 36.568726] defaultidlecall+0x40/0x70 [ 36.568953] doidle+0x1d6/0x390 [ 36.569486] cpustartupentry+0x9a/0xb0 [ 36.569745] restinit+0x1ea/0x290 [ 36.570029] startkernel+0x95e/0xb90 [ 36.570348] startupcontinue+0x2e/0x40 [ 36.570703] [ 36.570798] Uninit was created at: [ 36.571002] kmemcacheallocnodenoprof+0x9e8/0x10e0 [ 36.571261] kmallocreserve+0x12a/0x470 [ 36.571553] _allocskb+0x310/0x860 [ 36.571844] _ipappenddata+0x483e/0x6a30 [ 36.572170] ipappenddata+0x11c/0x1e0 [ 36.572477] rawsendmsg+0x1c8c/0x2180 [ 36.572818] inetsendmsg+0xe6/0x190 [ 36.573142] _syssendto+0x55e/0x8e0 [ 36.573392] _s390xsyssocketcall+0x19ae/0x2ba0 [ 36.573571] _dosyscall+0x12e/0x240 [ 36.573823] systemcall+0x6e/0x90 [ 36.573976] [ 36.574017] Byte 35 of 98 is uninitialized [ 36.574082] Memory access of size 98 starts at 0000000007aa0012 [ 36.574218] [ 36.574325] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.17.0-dirty #16 NONE [ 36.574541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.574617] Hardware name: IBM 3931 A01 703 (KVM/Linux) [ 36.574755] =====================================================

[ 63.532541] ===================================================== [ 63.533639] BUG: KMSAN: uninit-value in virtqueueadd+0x35c6/0x7c70 [ 63.533989] virtqueueadd+0x35c6/0x7c70 [ 63.534940] virtqueueaddoutbuf+0xa0/0xb0 [ 63.535861] startxmit+0x288c/0x4a20 [ 63.536708] devhardstartxmit+0x302/0x900 [ 63.537020] schdirectxmit+0x340/0xea0 [ 63.537997] _devqueuexmit+0x2e94/0x59b0 [ 63.538819] neighresolveoutput+0x936/0xb40 [ 63.539793] ipfinishoutput2+0x1ee2/0x2200 [ 63.540784] _ipfinishoutput+0x272/0x7a0 [ 63.541765] ipfinishoutput+0x4e/0x5e0 [ 63.542791] ipoutput+0x166/0x410 [ 63.543771] ippushpendingframes+0x1a2/0x470 [ 63.544753] rawsendmsg+0x1f06/0x2180 [ 63.545033] inetsendmsg+0xe6/0x190 [ 63.546006] _syssendto+0x55e/0x8e0 ---truncated---