lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_C2882DF56C089420E9D2EC4ECD707B926F0A@qq.com>
Date: Mon, 23 Jun 2025 20:29:37 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+9b9124ae9b12d5af5d95@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (3)

#syz test

diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c
index b64944367ac5..4e500a8924c2 100644
--- a/drivers/misc/vmw_vmci/vmci_host.c
+++ b/drivers/misc/vmw_vmci/vmci_host.c
@@ -293,6 +293,8 @@ static int vmci_host_get_version(struct vmci_host_dev *vmci_host_dev,
 #define vmci_ioctl_err(fmt, ...)	\
 	pr_devel("%s: " fmt, ioctl_name, ##__VA_ARGS__)
 
+static DEFINE_MUTEX(init_rec_mutex);
+
 static int vmci_host_do_init_context(struct vmci_host_dev *vmci_host_dev,
 				     const char *ioctl_name,
 				     void __user *uptr)
@@ -922,7 +924,9 @@ static long vmci_host_unlocked_ioctl(struct file *filp,
 
 	struct vmci_host_dev *vmci_host_dev = filp->private_data;
 	void __user *uptr = (void __user *)ioarg;
+	int ret = 0;
 
+	mutex_lock(&init_rec_mutex);
 	switch (iocmd) {
 	case IOCTL_VMCI_INIT_CONTEXT:
 		VMCI_DO_IOCTL(INIT_CONTEXT, init_context);
@@ -957,13 +961,16 @@ static long vmci_host_unlocked_ioctl(struct file *filp,
 
 	case IOCTL_VMCI_VERSION:
 	case IOCTL_VMCI_VERSION2:
-		return vmci_host_get_version(vmci_host_dev, iocmd, uptr);
+		ret = vmci_host_get_version(vmci_host_dev, iocmd, uptr);
 
 	default:
 		pr_devel("%s: Unknown ioctl (iocmd=%d)\n", __func__, iocmd);
-		return -EINVAL;
+		ret -EINVAL;
 	}
 
+	mutex_unlock(&init_rec_mutex);
+	return ret;
+
 #undef VMCI_DO_IOCTL
 }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ