Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (3)
From: Edward Adam Davis
Date: Mon Jun 23 2025 - 08:44:48 EST
#syz test
diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c
index b64944367ac5..4e500a8924c2 100644
--- a/drivers/misc/vmw_vmci/vmci_host.c
+++ b/drivers/misc/vmw_vmci/vmci_host.c
@@ -293,6 +293,8 @@ static int vmci_host_get_version(struct vmci_host_dev *vmci_host_dev,
#define vmci_ioctl_err(fmt, ...) \
pr_devel("%s: " fmt, ioctl_name, ##__VA_ARGS__)
+static DEFINE_MUTEX(init_rec_mutex);
+
static int vmci_host_do_init_context(struct vmci_host_dev *vmci_host_dev,
const char *ioctl_name,
void __user *uptr)
@@ -922,7 +924,9 @@ static long vmci_host_unlocked_ioctl(struct file *filp,
struct vmci_host_dev *vmci_host_dev = filp->private_data;
void __user *uptr = (void __user *)ioarg;
+ int ret = 0;
+ mutex_lock(&init_rec_mutex);
switch (iocmd) {
case IOCTL_VMCI_INIT_CONTEXT:
VMCI_DO_IOCTL(INIT_CONTEXT, init_context);
@@ -957,13 +961,16 @@ static long vmci_host_unlocked_ioctl(struct file *filp,
case IOCTL_VMCI_VERSION:
case IOCTL_VMCI_VERSION2:
- return vmci_host_get_version(vmci_host_dev, iocmd, uptr);
+ ret = vmci_host_get_version(vmci_host_dev, iocmd, uptr);
default:
pr_devel("%s: Unknown ioctl (iocmd=%d)\n", __func__, iocmd);
- return -EINVAL;
+ ret -EINVAL;
}
+ mutex_unlock(&init_rec_mutex);
+ return ret;
+
#undef VMCI_DO_IOCTL
}