| Message ID | f0b62f38c042d2dcb8b8e83c827d76db2ac5d7ad.camel@gmail.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2779045wrn;
Tue, 31 Jan 2023 06:25:36 -0800 (PST)
X-Google-Smtp-Source:
AK7set8dQdemytIrKQvnfvh3UFdBLBcZS7M9GqLmwPtNVtpjq0/ZNcdfcOs3DoqYgmola0BnHgNs
X-Received: by 2002:a17:907:3f97:b0:87f:2d81:1d28 with SMTP id
hr23-20020a1709073f9700b0087f2d811d28mr19395683ejc.66.1675175136407;
Tue, 31 Jan 2023 06:25:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1675175136; cv=none;
d=google.com; s=arc-20160816;
b=gU+TvCxgIdRLhUwSAu2I70JiPajInyGk1Lg2fUDI1Zu63qLszfGIPvc5pqD6YEv1KO
iqGopm5r5UvM4oawCQy0+ejyl4vzOk5h/n8YEAen31TnM8uDBta6slPRf/fvVgDinxkj
V+p0fB75CUfxgoNuUeERps7U9yWmU+y/sv+sZS6Hotjg8b8IEpA54GTYGff/s3wOYIWB
9O3r6MvNYk5BHjCdFptzDv62Ox5MiZ4PfsaC/7bc12bPleOOpSGCq4gkMgsM6naxwkhu
Tz4kklzlvrLUzkEg/m2RAKwY7sbFNvSb7s6UrXXL+/cgkkEWCEw3z/PURTvKJB7THTYO
YquA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:user-agent
:content-transfer-encoding:references:in-reply-to:date:cc:to:from
:subject:message-id:dkim-signature;
bh=nVBmiYiYPs6Oa6XcLvsYrvHcRCbEE7kM/cPMb1XwWXI=;
b=YrjlZJ2XL1+OIjtgB+pxkUCasMmOnLxE8bnpmav1ClCHtynKrWwiJRZHAptl3KKvlO
StZltLGcdyc7L45+tjxRqaDZwp+DSFlOggur0aB6CkTbplOhRsT6Wa5vSB/E54n7YX5I
qoIkASN+zr4sS6OWdmAn1nvtdgxncEy76x+9vC9cPjY4FVf0fzkAdYmRkagfuca9tYuG
csoECfMnMTCVx2gzS/FXiwzSNfp3UdJ1t37jVIAjW+neMAM/Gds7YYPlcwsS+coC5zxi
rbDj+GWFxgJS/Ofy//+/IsV0uUwYuPmbtGxAW2SQqsc1wNjl1Tjuutls0ugLLLOqP0X7
2DBQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=h1mo+nPa;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
e6-20020a17090658c600b0088ade8cedf6si5393682ejs.218.2023.01.31.06.25.12;
Tue, 31 Jan 2023 06:25:36 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=h1mo+nPa;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231805AbjAaOUi (ORCPT <rfc822;maxin.john@gmail.com> + 99 others);
Tue, 31 Jan 2023 09:20:38 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52676 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230272AbjAaOUh (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 31 Jan 2023 09:20:37 -0500
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com
[IPv6:2a00:1450:4864:20::631])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 110331D921;
Tue, 31 Jan 2023 06:20:36 -0800 (PST)
Received: by mail-ej1-x631.google.com with SMTP id qw12so26134928ejc.2;
Tue, 31 Jan 2023 06:20:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:user-agent:content-transfer-encoding:references
:in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject
:date:message-id:reply-to;
bh=nVBmiYiYPs6Oa6XcLvsYrvHcRCbEE7kM/cPMb1XwWXI=;
b=h1mo+nPagVMmKtLS37LHPDUIkBa9zreqkK8+d8CklgBMP4XZuJkLTJglD8bKci7qsq
dWWBUbax+gFDEPIxP2x66jmEl5h4UctxogqpwblpI6aOm3gl9idHQVvJ/VqZ8xxG2eNb
VWDuuTk/i5NTBnZ8TKVQ5cjfLJp8chL3uQFx0/M3Dh7ieoZx9vg7ol4XWs4dwbdI+n+E
/+bE7MDAOvJhtThVosD2bpYxg+0J8nVp4Dq7ZJEMbqJsFQwTreY7AY/Z1Doscij64BxB
Qd40Vk9pkEYmL9mH+MdW/KsfBzab2soYM0JkqUhvG0WRtbTmzIhZGzLRt+XRruVOvV7W
bGug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=mime-version:user-agent:content-transfer-encoding:references
:in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=nVBmiYiYPs6Oa6XcLvsYrvHcRCbEE7kM/cPMb1XwWXI=;
b=j82/DO5/VB17zNiJ6pyovzanzA9nLQVblALR5T1AF49Rc9YDJYTjs60K2EPrMlqvGt
DNLyhzr2v7v+OXjS4HH/WWSDEZexGSWhfMeNi3RPz1PMCHXnort6v0Y5SWCLvTcvl1gk
ttgP+vGYgpX3WRPrl14cwDUMkG/YyuugijlacI/G6nTWD4r0flgS0EsuXFvU9pJ3SGHS
6Y5vlEW9UV+ovjLfbOhYbr54EeBYzMfMRyN3+wIm/3J1sadYo615FCmrM3B9mpmuh/V1
L0VJ5Wh2qO2zwzfktMpeST+tNl7J853whrMm6zNaa9U2MARHDsSW/gmhahRYrz7oqcIV
Nf1g==
X-Gm-Message-State: AO0yUKXUkgyoCwaYIgkk9gha1YjhxdR3oHTQSn0DyT1BlrdoakTD7Cf2
NSEduJk3a7i3QQk0adh4Hbg=
X-Received: by 2002:a17:906:f192:b0:878:7ef1:4a20 with SMTP id
gs18-20020a170906f19200b008787ef14a20mr17375244ejb.4.1675174834642;
Tue, 31 Jan 2023 06:20:34 -0800 (PST)
Received: from sakura.myxoz.lan (81-230-97-204-no2390.tbcn.telia.com.
[81.230.97.204])
by smtp.gmail.com with ESMTPSA id
fm19-20020a1709072ad300b007c10d47e748sm8368868ejc.36.2023.01.31.06.20.33
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 31 Jan 2023 06:20:34 -0800 (PST)
Message-ID: <f0b62f38c042d2dcb8b8e83c827d76db2ac5d7ad.camel@gmail.com>
Subject: [PATCH v2] net/usb: kalmia: Fix uninit-value in
kalmia_send_init_packet
From: Miko Larsson <mikoxyzzz@gmail.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>, linux-usb@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Greg KH <gregkh@linuxfoundation.org>
Date: Tue, 31 Jan 2023 15:20:33 +0100
In-Reply-To: <7266fe67c835f90e5c257129014a63e79e849ef9.camel@gmail.com>
References: <7266fe67c835f90e5c257129014a63e79e849ef9.camel@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.46.3 (3.46.3-1.module_f37+15877+cf3308f9)
MIME-Version: 1.0
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756537227966917077?=
X-GMAIL-MSGID: =?utf-8?q?1756548443911721840?=
|
| Series |
[v2] net/usb: kalmia: Fix uninit-value in kalmia_send_init_packet
|
|
Commit Message
Miko Larsson
Jan. 31, 2023, 2:20 p.m. UTC
syzbot reports that act_len in kalmia_send_init_packet() is
uninitialized. Fix this by initializing it to 0.
Fixes: d40261236e8e ("net/usb: Add Samsung Kalmia driver for Samsung GT-B3730")
Reported-and-tested-by: syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com
Signed-off-by: Miko Larsson <mikoxyzzz@gmail.com>
---
v1 -> v2
* Minor alteration of commit message.
* Added 'reported-and-tested-by' which is attributed to syzbot.
drivers/net/usb/kalmia.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Tue, Jan 31, 2023 at 03:20:33PM +0100, Miko Larsson wrote: > syzbot reports that act_len in kalmia_send_init_packet() is > uninitialized. Fix this by initializing it to 0. > > Fixes: d40261236e8e ("net/usb: Add Samsung Kalmia driver for Samsung GT-B3730") > Reported-and-tested-by: syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com > Signed-off-by: Miko Larsson <mikoxyzzz@gmail.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, Jan 31, 2023 at 03:20:33PM CET, mikoxyzzz@gmail.com wrote: >syzbot reports that act_len in kalmia_send_init_packet() is >uninitialized. Fix this by initializing it to 0. > >Fixes: d40261236e8e ("net/usb: Add Samsung Kalmia driver for Samsung GT-B3730") >Reported-and-tested-by: syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com >Signed-off-by: Miko Larsson <mikoxyzzz@gmail.com> >--- >v1 -> v2 >* Minor alteration of commit message. >* Added 'reported-and-tested-by' which is attributed to syzbot. > > drivers/net/usb/kalmia.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c >index 9f2b70ef39aa..b158fb7bf66a 100644 >--- a/drivers/net/usb/kalmia.c >+++ b/drivers/net/usb/kalmia.c >@@ -56,7 +56,7 @@ static int > kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, > u8 *buffer, u8 expected_len) > { >- int act_len; >+ int act_len = 0; > int status; > > netdev_dbg(dev->net, "Sending init packet"); Hmm, this is not the right fix. If the second call of usb_bulk_msg() in this function returns != 0, the act_len printed out contains the value from previous usb_bulk_msg() call, which does not make sense. Printing act_len on error path is pointless, so rather remove it from the error message entirely for both usb_bulk_msg() calls.
On Wed, 2023-02-01 at 13:19 +0100, Jiri Pirko wrote: > Tue, Jan 31, 2023 at 03:20:33PM CET, mikoxyzzz@gmail.com wrote: > > syzbot reports that act_len in kalmia_send_init_packet() is > > uninitialized. Fix this by initializing it to 0. > > > > Fixes: d40261236e8e ("net/usb: Add Samsung Kalmia driver for > > Samsung GT-B3730") > > Reported-and-tested-by: > > syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com > > Signed-off-by: Miko Larsson <mikoxyzzz@gmail.com> > > --- > > v1 -> v2 > > * Minor alteration of commit message. > > * Added 'reported-and-tested-by' which is attributed to syzbot. > > > > drivers/net/usb/kalmia.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c > > index 9f2b70ef39aa..b158fb7bf66a 100644 > > --- a/drivers/net/usb/kalmia.c > > +++ b/drivers/net/usb/kalmia.c > > @@ -56,7 +56,7 @@ static int > > kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 > > init_msg_len, > > u8 *buffer, u8 expected_len) > > { > > - int act_len; > > + int act_len = 0; > > int status; > > > > netdev_dbg(dev->net, "Sending init packet"); > > Hmm, this is not the right fix. > > If the second call of usb_bulk_msg() in this function returns != 0, > the > act_len printed out contains the value from previous usb_bulk_msg() > call, > which does not make sense. > > Printing act_len on error path is pointless, so rather remove it from > the error message entirely for both usb_bulk_msg() calls. Something like this, then? diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c index 9f2b70ef39aa..613fc6910f14 100644 --- a/drivers/net/usb/kalmia.c +++ b/drivers/net/usb/kalmia.c @@ -65,8 +65,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, init_msg, init_msg_len, &act_len, KALMIA_USB_TIMEOUT); if (status != 0) { netdev_err(dev->net, - "Error sending init packet. Status %i, length %i\n", - status, act_len); + "Error sending init packet. Status %i\n", + status); return status; } else if (act_len != init_msg_len) { @@ -83,8 +83,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, if (status != 0) netdev_err(dev->net, - "Error receiving init result. Status %i, length %i\n", - status, act_len); + "Error receiving init result. Status %i\n", + status); else if (act_len != expected_len) netdev_err(dev->net, "Unexpected init result length: %i\n", act_len);
Thu, Feb 09, 2023 at 03:47:12PM CET, mikoxyzzz@gmail.com wrote: >On Wed, 2023-02-01 at 13:19 +0100, Jiri Pirko wrote: >> Tue, Jan 31, 2023 at 03:20:33PM CET, mikoxyzzz@gmail.com wrote: >> > syzbot reports that act_len in kalmia_send_init_packet() is >> > uninitialized. Fix this by initializing it to 0. >> > >> > Fixes: d40261236e8e ("net/usb: Add Samsung Kalmia driver for >> > Samsung GT-B3730") >> > Reported-and-tested-by: >> > syzbot+cd80c5ef5121bfe85b55@syzkaller.appspotmail.com >> > Signed-off-by: Miko Larsson <mikoxyzzz@gmail.com> >> > --- >> > v1 -> v2 >> > * Minor alteration of commit message. >> > * Added 'reported-and-tested-by' which is attributed to syzbot. >> > >> > drivers/net/usb/kalmia.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c >> > index 9f2b70ef39aa..b158fb7bf66a 100644 >> > --- a/drivers/net/usb/kalmia.c >> > +++ b/drivers/net/usb/kalmia.c >> > @@ -56,7 +56,7 @@ static int >> > kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 >> > init_msg_len, >> > u8 *buffer, u8 expected_len) >> > { >> > - int act_len; >> > + int act_len = 0; >> > int status; >> > >> > netdev_dbg(dev->net, "Sending init packet"); >> >> Hmm, this is not the right fix. >> >> If the second call of usb_bulk_msg() in this function returns != 0, >> the >> act_len printed out contains the value from previous usb_bulk_msg() >> call, >> which does not make sense. >> >> Printing act_len on error path is pointless, so rather remove it from >> the error message entirely for both usb_bulk_msg() calls. > >Something like this, then? Yes. > >diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c >index 9f2b70ef39aa..613fc6910f14 100644 >--- a/drivers/net/usb/kalmia.c >+++ b/drivers/net/usb/kalmia.c >@@ -65,8 +65,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, > init_msg, init_msg_len, &act_len, KALMIA_USB_TIMEOUT); > if (status != 0) { > netdev_err(dev->net, >- "Error sending init packet. Status %i, length %i\n", >- status, act_len); >+ "Error sending init packet. Status %i\n", >+ status); > return status; > } > else if (act_len != init_msg_len) { >@@ -83,8 +83,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, > > if (status != 0) > netdev_err(dev->net, >- "Error receiving init result. Status %i, length %i\n", >- status, act_len); >+ "Error receiving init result. Status %i\n", >+ status); > else if (act_len != expected_len) > netdev_err(dev->net, "Unexpected init result length: %i\n", > act_len); > >-- >~miko
diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c index 9f2b70ef39aa..b158fb7bf66a 100644 --- a/drivers/net/usb/kalmia.c +++ b/drivers/net/usb/kalmia.c @@ -56,7 +56,7 @@ static int kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len, u8 *buffer, u8 expected_len) { - int act_len; + int act_len = 0; int status; netdev_dbg(dev->net, "Sending init packet");