Forwarded: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl

From: syzbot
Date: Fri Jul 25 2025 - 06:21:46 EST

Next message: Dmitry Vyukov: "Re: [PATCH v2 06/11] kcov: x86: introduce CONFIG_KCOV_UNIQUE"
Previous message: Peter Griffin: "Re: [PATCH v2 1/2] phy: add new phy_notify_pmstate() api"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx, syzkaller-bugs@xxxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in do_insn_ioctl
Author: abbotti@xxxxxxxxx

#syz test

diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
index 23b7178522ae..360fde417016 100644
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -1587,6 +1587,10 @@ static int do_insnlist_ioctl(struct comedi_device *dev,
memset(&data[n], 0, (MIN_SAMPLES - n) *
sizeof(unsigned int));
}
+ } else {
+ unsigned int n_min = max(n, (unsigned int)MIN_SAMPLES);
+
+ memset(data, 0, n_min * sizeof(unsigned int));
}
ret = parse_insn(dev, insns + i, data, file);
if (ret < 0)
@@ -1670,6 +1674,8 @@ static int do_insn_ioctl(struct comedi_device *dev,
memset(&data[insn->n], 0,
(MIN_SAMPLES - insn->n) * sizeof(unsigned int));
}
+ } else {
+ memset(data, 0, n_data * sizeof(unsigned int));
}
ret = parse_insn(dev, insn, data, file);
if (ret < 0)

Next message: Dmitry Vyukov: "Re: [PATCH v2 06/11] kcov: x86: introduce CONFIG_KCOV_UNIQUE"
Previous message: Peter Griffin: "Re: [PATCH v2 1/2] phy: add new phy_notify_pmstate() api"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]