leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a83955bdad
linux/drivers/net/usb
History
Pavel Skripkin af35fc3735 net: pegasus: fix uninit-value in get_interrupt_interval 
Syzbot reported uninit value pegasus_probe(). The problem was in missing
error handling.

get_interrupt_interval() internally calls read_eprom_word() which can
fail in some cases. For example: failed to receive usb control message.
These cases should be handled to prevent uninit value bug, since
read_eprom_word() will not initialize passed stack variable in case of
internal failure.

Fail log:

BUG: KMSAN: uninit-value in get_interrupt_interval drivers/net/usb/pegasus.c:746 [inline]
BUG: KMSAN: uninit-value in pegasus_probe+0x10e7/0x4080 drivers/net/usb/pegasus.c:1152
CPU: 1 PID: 825 Comm: kworker/1:1 Not tainted 5.12.0-rc6-syzkaller 
...
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x24c/0x2e0 lib/dump_stack.c:120
 kmsan_report+0xfb/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x5c/0xa0 mm/kmsan/kmsan_instr.c:197
 get_interrupt_interval drivers/net/usb/pegasus.c:746 [inline]
 pegasus_probe+0x10e7/0x4080 drivers/net/usb/pegasus.c:1152
....

Local variable ----data.i@pegasus_probe created at:
 get_interrupt_interval drivers/net/usb/pegasus.c:1151 [inline]
 pegasus_probe+0xe57/0x4080 drivers/net/usb/pegasus.c:1152
 get_interrupt_interval drivers/net/usb/pegasus.c:1151 [inline]
 pegasus_probe+0xe57/0x4080 drivers/net/usb/pegasus.c:1152

Reported-and-tested-by: syzbot+02c9f70f3afae308464a@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/20210804143005.439-1-paskripkin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-08-05 07:29:24 -07:00
..
aqc111.c
aqc111.h
asix_common.c
asix_devices.c net: usb: asix: ax88772: suspend PHY on driver probe 2021-07-01 11:12:13 -07:00
asix.h
ax88172a.c
ax88179_178a.c
catc.c
cdc_eem.c
cdc_ether.c
cdc_mbim.c
cdc_ncm.c
cdc_subset.c
cdc-phonet.c
ch9200.c
cx82310_eth.c
dm9601.c
gl620a.c
hso.c usb: hso: fix error handling code of hso_create_net_device 2021-07-15 12:36:21 -07:00
huawei_cdc_ncm.c
int51x1.c
ipheth.c
kalmia.c
kaweth.c
Kconfig
lan78xx.c net: usb: lan78xx: don't modify phy_device state concurrently 2021-08-04 12:51:14 +01:00
lan78xx.h
lg-vl600.c
Makefile
mcs7830.c
net1080.c
pegasus.c net: pegasus: fix uninit-value in get_interrupt_interval 2021-08-05 07:29:24 -07:00
pegasus.h
plusb.c
qmi_wwan.c
r8152.c r8152: Fix a deadlock by doubly PM resume 2021-07-14 14:57:55 -07:00
r8153_ecm.c
rndis_host.c
rtl8150.c
sierra_net.c
smsc75xx.c
smsc75xx.h
smsc95xx.c
smsc95xx.h
sr9700.c
sr9700.h
sr9800.c
sr9800.h
usbnet.c usbnet: add usbnet_event_names[] for kevent 2021-06-24 12:34:45 -07:00
zaurus.c