> Index: sys/arch/amd64/amd64/vmm.c > =================================================================== > RCS file: /mount/openbsd/cvs/src/sys/arch/amd64/amd64/vmm.c,v > retrieving revision 1.266 > diff -u -p -r1.266 vmm.c > --- sys/arch/amd64/amd64/vmm.c 11 Mar 2020 16:38:42 -0000 1.266 > +++ sys/arch/amd64/amd64/vmm.c 12 Mar 2020 21:15:01 -0000 > @@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp, > memcpy(vm->vm_memranges, vcp->vcp_memranges, > vm->vm_nmemranges * sizeof(vm->vm_memranges[0])); > vm->vm_memory_size = memsize; > - strncpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); > + strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN);
Coincidentally syzkaller managed to trigger a uvm_fault in this line. https://syzkaller.appspot.com/bug?extid=48e38ebd31c030b5841c ddb> trace strlcpy(ffff80001d374448,ffff800000a2cc20,40) at strlcpy+0xcf sys/lib/libkern/strlcpy.c:44 vm_create(ffff800000a2c800,ffff80001d339758) at vm_create+0x112 sys/arch/amd64/amd64/vmm.c:1172 VOP_IOCTL(fffffd805d843820,c5005601,ffff800000a2c800,1,fffffd806c3bfc00,ffff80001d339758) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd805d877800,c5005601,ffff800000a2c800,ffff80001d339758) at vn_ioctl+0xb5 sys/kern/vfs_vnops.c:531 Unfortunately there's no reproducer Thanks Greg -- nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0 Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
