[LTP] [PATCH] cve: add test reproducer for cve-2025-21756
Cyril Hrubis
chrubis@suse.cz
Mon Sep 22 16:32:13 CEST 2025
Hi!
> +/*\
> + * Test for CVE-2025-21756 fixed in kernel v6.14:
> + * fcdd2242c023 vsock: Keep the binding until socket destruction
> + *
> + * Reproducer based on:
> + * https://lore.kernel.org/all/20250128-vsock-transport-vs-autobind-v3-5-1cf57065b770@rbox.co/
> + *
> + * Beware, this test will crash the system.
> + */
> +
> +#include "tst_test.h"
> +
> +#if HAVE_LINUX_VM_SOCKETS_H
> +
> +#include "lapi/vm_sockets.h"
Do we need the #if HAVE_LINUX_VM_SOCKETS_H if we include lapi/ fallback?
> +#define MAX_PORT_RETRIES 24
> +#define VMADDR_CID_NONEXISTING 42
> +
> +static int vsock_bind(unsigned int cid, unsigned int port, int type)
> +{
> + int sock;
> +
> + struct sockaddr_vm sa = {
> + .svm_family = AF_VSOCK,
> + .svm_cid = cid,
> + .svm_port = port,
> + };
> +
> + sock = SAFE_SOCKET(AF_VSOCK, type, 0);
> + SAFE_BIND(sock, (struct sockaddr *)&sa, sizeof(sa));
I guess that with the lapi fallback we should TCONF here on ENOSYS
instead and drop the #if at the top.
Other than that the rest looks good.
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list