Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-16 17:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
e9c6598992
linux/drivers
History
Shigeru Yoshida e9c6598992 net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg 
syzbot reported the following uninit-value access issue:

=====================================================
BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]
BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482
CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x21c/0x280 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]
 smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482
 usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737
 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374
 really_probe+0xf20/0x20b0 drivers/base/dd.c:529
 driver_probe_device+0x293/0x390 drivers/base/dd.c:701
 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807
 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431
 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920
 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491
 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680
 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032
 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241
 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272
 really_probe+0xf20/0x20b0 drivers/base/dd.c:529
 driver_probe_device+0x293/0x390 drivers/base/dd.c:701
 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807
 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431
 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920
 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491
 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680
 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554
 hub_port_connect drivers/usb/core/hub.c:5208 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]
 port_event drivers/usb/core/hub.c:5494 [inline]
 hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576
 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269
 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415
 kthread+0x551/0x590 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293

Local variable ----buf.i87@smsc75xx_bind created at:
 __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]
 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]
 smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482
 __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]
 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]
 smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482

This issue is caused because usbnet_read_cmd() reads less bytes than requested
(zero byte in the reproducer). In this case, 'buf' is not properly filled.

This patch fixes the issue by returning -ENODATA if usbnet_read_cmd() reads
less bytes than requested.

Fixes: d0cad87170 ("smsc75xx: SMSC LAN75xx USB gigabit ethernet adapter driver")
Reported-and-tested-by: syzbot+6966546b78d050bb0b5d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6966546b78d050bb0b5d
Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20230923173549.3284502-1-syoshida@redhat.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2023-10-03 10:19:29 +02:00
..
accel Short summary of fixes pull: 2023-09-08 06:36:36 +10:00
accessibility
acpi thermal: Constify the trip argument of the .get_trend() zone callback 2023-09-11 17:16:40 +02:00
amba amba: bus: fix refcount leak 2023-08-22 15:50:57 +02:00
android Char/Misc driver changes for 6.6-rc1 2023-09-01 09:53:54 -07:00
ata ata: libata-core: fetch sense data for successful commands iff CDL enabled 2023-09-16 21:12:19 +09:00
atm
auxdisplay drm for 6.6-rc1 2023-08-30 13:34:34 -07:00
base driver core: return an error when dev_set_name() hasn't happened 2023-09-12 15:54:44 +02:00
bcma
block block-6.6-2023-09-08 2023-09-08 21:39:54 -07:00
bluetooth Bluetooth: btusb: add shutdown function for QCA6174 2023-09-20 10:55:29 -07:00
bus Char/Misc driver changes for 6.6-rc1 2023-09-01 09:53:54 -07:00
cache cache: Add L2 cache management for Andes AX45MP RISC-V core 2023-09-01 09:08:59 -07:00
cdrom
cdx
char Hi, 2023-09-13 11:44:20 -07:00
clk This pull request is full of clk driver changes. In fact, there aren't any 2023-08-30 19:53:39 -07:00
clocksource Updates for clocksource/clockevent drivers: 2023-09-04 13:15:57 -07:00
comedi Revert "comedi: add HAS_IOPORT dependencies" 2023-09-12 15:49:20 +02:00
connector
counter - New Drivers 2023-09-04 13:47:59 -07:00
cpufreq cpufreq: Support per-policy performance boost 2023-08-29 20:51:40 +02:00
cpuidle powerpc updates for 6.6 2023-08-31 12:43:10 -07:00
crypto This update includes the following changes: 2023-08-29 11:23:29 -07:00
cxl
dax mm: remove enum page_entry_size 2023-08-24 16:20:30 -07:00
dca
devfreq
dio
dma dmaengine updates for v6.6 2023-09-03 10:49:42 -07:00
dma-buf drm for 6.6-rc1 2023-08-30 13:34:34 -07:00
edac Intel EDAC fixes: 2023-08-30 19:23:00 -07:00
eisa
extcon
firewire Revert "firewire: core: obsolete usage of GFP_ATOMIC at building node tree" 2023-09-15 18:37:52 +09:00
firmware sound fixes for 6.6-rc3 2023-09-21 08:13:15 -07:00
fpga
fsi fsi: i2cr: Switch to use struct i2c_driver's .probe() 2023-08-22 15:51:33 +02:00
gnss
gpio gpio: zynq: restore zynq_gpio_irq_reqres/zynq_gpio_irq_relres callbacks 2023-09-06 17:08:51 +02:00
gpu Short summary of fixes pull: 2023-09-15 12:13:01 +10:00
greybus
hid for-linus-2023083101 2023-09-01 12:31:44 -07:00
hsi
hte hte: Explicitly include correct DT includes 2023-08-28 13:31:06 -05:00
hv hyperv-next for v6.6 2023-09-04 11:26:29 -07:00
hwmon hwmon: (nct6775) Fix non-existent ALARM warning 2023-09-18 11:52:18 -07:00
hwspinlock
hwtracing
i2c i2c: cadence: Fix the kernel-doc warnings 2023-09-13 11:10:49 +02:00
i3c i3c: master: svc: fix probe failure when no i3c device exist 2023-09-06 01:21:47 +02:00
idle Perf events changes for v6.6: 2023-08-28 16:35:01 -07:00
iio Char/Misc driver changes for 6.6-rc1 2023-09-01 09:53:54 -07:00
infiniband SCSI misc on 20230902 2023-09-02 12:02:41 -07:00
input Input updates for 6.6 merge window: 2023-09-06 09:24:25 -07:00
interconnect This pull request is full of clk driver changes. In fact, there aren't any 2023-08-30 19:53:39 -07:00
iommu IOMMU Updates for Linux v6.6 2023-09-01 16:54:25 -07:00
ipack
irqchip Documentation work keeps chugging along; stuff for 6.6 includes: 2023-08-30 20:05:42 -07:00
isdn
leds - Core Frameworks 2023-09-04 13:52:58 -07:00
macintosh powerpc updates for 6.6 2023-08-31 12:43:10 -07:00
mailbox mailbox: qcom-ipcc: fix incorrect num_chans counting 2023-09-05 10:11:01 -05:00
mcb
md - Fix DM core retrieve_deps() UAF race due to missing locking of a DM 2023-09-15 14:30:54 -07:00
media media: imx-mipi-csis: Remove an incorrect fwnode_handle_put() call 2023-09-19 09:03:21 +02:00
memory
memstick
message
mfd spi: Updates for v6.6 2023-08-29 09:47:33 -07:00
misc Char/Misc driver changes for 6.6-rc1 2023-09-01 09:53:54 -07:00
mmc TTY/Serial driver changes for 6.6-rc1 2023-09-01 09:38:00 -07:00
most
mtd - New Drivers 2023-09-04 13:47:59 -07:00
mux mux: Explicitly include correct DT includes 2023-08-28 13:36:24 -05:00
net net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg 2023-10-03 10:19:29 +02:00
nfc NFC: nxp: add NXP1002 2023-08-30 18:32:24 -07:00
ntb ntb: Check tx descriptors outstanding instead of head/tail for tx queue 2023-08-22 12:38:19 -04:00
nubus
nvdimm nvdimm changes for v6.6 merge window 2023-08-30 20:52:08 -07:00
nvme nvme fixes for Linux 6.6 2023-09-14 16:20:31 -06:00
nvmem nvmem: core: Notify when a new layout is registered 2023-08-23 16:34:02 +02:00
of Devicetree updates for v6.6: 2023-08-30 16:59:03 -07:00
opp
parisc parisc: iosapic.c: Fix sparse warnings 2023-08-31 21:42:42 +02:00
parport TTY/Serial driver changes for 6.6-rc1 2023-09-01 09:38:00 -07:00
pci pci-v6.6-fixes-1 2023-09-09 11:35:28 -07:00
pcmcia
peci
perf arm64 fixes for -rc1 2023-09-08 12:48:37 -07:00
phy phy-for-6.6 2023-09-03 10:38:02 -07:00
pinctrl Pin control bulk changes for the v6.6 kernel cycle: 2023-08-30 19:36:19 -07:00
platform platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode 2023-09-11 13:26:13 +02:00
pmdomain pmdomain: Rename the genpd subsystem to pmdomain 2023-09-13 11:09:21 +02:00
pnp
power thermal: Use thermal_tripless_zone_device_register() 2023-09-05 21:42:18 +02:00
powercap powercap: intel_rapl: Fix invalid setting of Power Limit 4 2023-09-06 22:21:22 +02:00
pps
ps3
ptp ptp: ocp: Fix error handling in ptp_ocp_device_init 2023-10-02 07:19:22 +01:00
pwm pwm: Changes for v6.6-rc1 2023-09-07 18:05:58 -07:00
rapidio
ras
regulator regulator: Fix voltage range selection 2023-09-11 13:51:36 +01:00
remoteproc remoteproc updates for v6.6 2023-09-04 15:12:26 -07:00
reset This pull request is full of clk driver changes. In fact, there aren't any 2023-08-30 19:53:39 -07:00
rpmsg rpmsg updates for v6.6 2023-09-04 15:08:52 -07:00
rtc RTC for 6.6 2023-09-07 16:07:35 -07:00
s390 block-6.6-2023-09-08 2023-09-08 21:39:54 -07:00
sbus sbus: Explicitly include correct DT includes 2023-08-28 13:36:24 -05:00
scsi Networking fixes for 6.6-rc2, including fixes from netfilter and bpf 2023-09-21 11:28:16 -07:00
sh
siox
slimbus
soc soc: renesas: Kconfig: For ARCH_R9A07G043 select the required configs if dependencies are met 2023-09-08 11:25:29 -07:00
soundwire soundwire updates for 6.6 2023-09-03 10:20:57 -07:00
spi spi: Merge up old fix 2023-09-19 13:17:52 +01:00
spmi
ssb
staging media: dvb: symbol fixup for dvb_attach() 2023-09-09 08:15:11 +01:00
target scsi: target: core: Fix target_cmd_counter leak 2023-09-13 20:09:56 -04:00
tc
tee
thermal thermal: core: Fix disabled trip point check in handle_thermal_trip() 2023-09-14 21:51:49 +02:00
thunderbolt thunderbolt: Changes for v6.6 merge window 2023-08-22 14:22:35 +02:00
tty TTY/Serial driver changes for 6.6-rc1 2023-09-01 09:38:00 -07:00
ufs scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command 2023-09-05 06:10:24 -04:00
uio uio: pruss: fix missing iounmap() in pruss_probe() 2023-08-22 13:41:55 +02:00
usb usb: typec: ucsi: Fix NULL pointer dereference 2023-09-11 13:52:16 +02:00
vdpa virtio: features 2023-09-04 10:43:44 -07:00
vfio iommufd for 6.6 2023-08-30 20:41:37 -07:00
vhost vdpa: add get_backend_features vdpa operation 2023-09-03 18:10:22 -04:00
video - New Functionality 2023-09-06 09:00:37 -07:00
virt minmax: add in_range() macro 2023-08-24 16:20:18 -07:00
virtio virtio_ring: fix avail_wrap_counter in virtqueue_add_packed 2023-09-03 18:10:24 -04:00
vlynq
w1 w1: ds2482: Switch back to use struct i2c_driver's .probe() 2023-09-13 10:48:42 +02:00
watchdog linux-watchdog 6.6-rc1 tag 2023-09-06 09:19:12 -07:00
xen xen: simplify evtchn_do_upcall() call maze 2023-09-19 07:04:49 +02:00
zorro zorro: Include zorro.h in names.c 2023-08-21 13:27:44 +02:00
Kconfig Merge patch series "Add non-coherent DMA support for AX45MP" 2023-09-08 11:24:34 -07:00
Makefile pmdomain: Rename the genpd subsystem to pmdomain 2023-09-13 11:09:21 +02:00