1. Patchew
  2. linux
  3. View series

Forwarded: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl

syzbot posted 1 patch 2 months, 1 week ago
Forwarded: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl
Posted by syzbot 2 months, 1 week ago 
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl
Author: abbotti@mev.co.uk

#syz test

diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
index 23b7178522ae..360fde417016 100644
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -1587,6 +1587,10 @@ static int do_insnlist_ioctl(struct comedi_device *dev,
 				memset(&data[n], 0, (MIN_SAMPLES - n) *
 						    sizeof(unsigned int));
 			}
+		} else {
+			unsigned int n_min = max(n, (unsigned int)MIN_SAMPLES);
+
+			memset(data, 0, n_min * sizeof(unsigned int));
 		}
 		ret = parse_insn(dev, insns + i, data, file);
 		if (ret < 0)
@@ -1670,6 +1674,8 @@ static int do_insn_ioctl(struct comedi_device *dev,
 			memset(&data[insn->n], 0,
 			       (MIN_SAMPLES - insn->n) * sizeof(unsigned int));
 		}
+	} else {
+		memset(data, 0, n_data * sizeof(unsigned int));
 	}
 	ret = parse_insn(dev, insn, data, file);
 	if (ret < 0)

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.