leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d1b5766973
linux/drivers
History
Wang Cheng d1b5766973 staging: rtl8712: fix uninit-value in usb_read8() and friends 
When r8712_usbctrl_vendorreq() returns negative, 'data' in
usb_read{8,16,32} will not be initialized.

BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]
BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725
 string_nocheck lib/vsprintf.c:643 [inline]
 string+0x4ec/0x6f0 lib/vsprintf.c:725
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
 va_format lib/vsprintf.c:1704 [inline]
 pointer+0x18e6/0x1f70 lib/vsprintf.c:2443
 vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810
 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
 dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604
 dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615
 __dev_printk+0x3be/0x440 drivers/base/core.c:4627
 _dev_info+0x1ea/0x22f drivers/base/core.c:4673
 r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401
 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
 really_probe+0x6c7/0x1350 drivers/base/dd.c:621
 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
 driver_probe_device drivers/base/dd.c:782 [inline]
 __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
 __device_attach+0x593/0x8e0 drivers/base/dd.c:970
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
 device_add+0x1fff/0x26e0 drivers/base/core.c:3405
 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
 really_probe+0x6c7/0x1350 drivers/base/dd.c:621
 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
 driver_probe_device drivers/base/dd.c:782 [inline]
 __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
 __device_attach+0x593/0x8e0 drivers/base/dd.c:970
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
 device_add+0x1fff/0x26e0 drivers/base/core.c:3405
 usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289
 worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436
 kthread+0x3c7/0x500 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

Local variable data created at:
 usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33
 r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29

KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

Reported-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Tested-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wang Cheng <wanngchenng@gmail.com>
Link: https://lore.kernel.org/r/b9b7a6ee02c02aa28054f5cf16129977775f3cd9.1652618244.git.wanngchenng@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-19 17:44:25 +02:00
..
accessibility
acpi Merge branch 'acpi-bus' 2022-04-08 19:50:44 +02:00
amba
android
ata ata: ahci: Rename CONFIG_SATA_LPM_POLICY configuration item back 2022-04-06 11:08:04 +09:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
auxdisplay auxdisplay: lcd2s: Use array size explicitly in lcd2s_gotoxy() 2022-03-18 20:31:14 +01:00
base Device properties code update for 5.18-rc1 2022-03-29 11:30:12 -07:00
bcma Core MTD changes: 2022-03-25 13:35:34 -07:00
block drbd: set QUEUE_FLAG_STABLE_WRITES 2022-04-06 13:07:53 -06:00
bluetooth Bluetooth: ath3k: remove superfluous header files 2022-03-18 17:12:09 +01:00
bus Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cdrom cdrom: remove unused variable 2022-04-06 08:47:52 -06:00
char random: check for signals every PAGE_SIZE chunk of /dev/[u]random 2022-04-07 01:36:37 +02:00
clk A single revert to fix a boot regression seen when clk_put() started 2022-04-03 12:21:14 -07:00
clocksource asm-generic updates for 5.18 2022-03-23 18:03:08 -07:00
comedi
connector
counter Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
cpufreq Merge branch 'cpufreq/arm/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm 2022-03-22 12:15:47 +01:00
cpuidle RISC-V CPU Idle Support 2022-03-30 16:17:54 -07:00
crypto virtio: features, fixes 2022-03-31 13:57:15 -07:00
cxl cxl/pci: Drop shadowed variable 2022-04-08 12:59:43 -07:00
dax dax for 5.18 2022-03-24 18:12:09 -07:00
dca
devfreq
dio
dma dmaengine updates for v5.18-rc1 2022-03-30 10:54:49 -07:00
dma-buf dma-buf: handle empty dma_fence_arrays gracefully 2022-03-29 09:14:30 +02:00
edac Merge branch 'edac-amd64' into edac-updates-for-v5.18 2022-03-21 10:34:57 +01:00
eisa
extcon
firewire
firmware Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
fpga
fsi
gnss
gpio gpio: Restrict usage of GPIO chip irq members before initialization 2022-04-04 14:41:34 +02:00
gpu drm-misc-fixes for v5.18-rc2: 2022-04-08 09:22:16 +10:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2022-04-01 10:14:32 -07:00
hsi
hv hyperv-fixes for 5.18-rc2 2022-04-07 06:35:34 -10:00
hwmon Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
hwspinlock hwspinlock: sprd: Use struct_size() helper in devm_kzalloc() 2022-03-11 14:56:57 -06:00
hwtracing Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
i2c Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2022-03-26 12:46:08 -07:00
i3c
idle cpuidle: intel_idle: Drop redundant backslash at line end 2022-03-17 14:32:59 +01:00
iio Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
infiniband RDMA/hfi1: Fix use-after-free bug for mm struct 2022-04-08 15:40:06 -03:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2022-04-01 10:14:32 -07:00
interconnect
iommu iommu/omap: Fix regression in probe for NULL pointer dereference 2022-04-08 11:16:29 +02:00
ipack
irqchip irqchip/gic, gic-v3: Prevent GSI to SGI translations 2022-04-05 16:33:47 +01:00
isdn mISDN: fix typo "frame to short" -> "frame too short" 2022-03-21 13:26:38 +00:00
leds LED updates for 5.18-rc1. Nothing major here, there are two drivers 2022-03-27 14:09:48 -07:00
macintosh
mailbox mailbox: ti-msgmgr: Operate mailbox in polled mode during system suspend 2022-03-12 19:33:30 -06:00
mcb
md - Fix DM integrity shrink crash due to journal entry not being marked 2022-04-01 15:57:27 -07:00
media drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
memory ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
memstick
message scsi: message: fusion: Remove redundant variable dmp 2022-04-06 22:28:07 -04:00
mfd - New Drivers 2022-03-25 13:56:18 -07:00
misc habanalabs: Fix test build failures 2022-04-04 17:03:04 +02:00
mmc mmc: core: improve API to make clear mmc_hw_reset is for cards 2022-04-08 11:00:08 +02:00
most
mtd This pull request contains fixes for JFFS2, UBI and UBIFS 2022-03-31 16:09:41 -07:00
mux
net Merge 5.18-rc2 into staging-next 2022-04-11 08:43:42 +02:00
nfc spi: Updates for v5.18 2022-03-21 18:33:57 -07:00
ntb
nubus
nvdimm libnvdimm for 5.18 2022-03-30 10:04:11 -07:00
nvme for-5.18/drivers-2022-04-01 2022-04-01 16:26:57 -07:00
nvmem nvmem: brcm_nvram: parse NVRAM content into NVMEM cells 2022-03-18 14:08:36 +01:00
of Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
opp
parisc parisc: Fix CPU affinity for Lasi, WAX and Dino chips 2022-03-29 21:37:12 +02:00
parport parport_pc: Also enable driver for PCI systems 2022-03-18 14:01:41 +01:00
pci hyperv-fixes for 5.18-rc2 2022-04-07 06:35:34 -10:00
pcmcia
peci
perf perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant 2022-04-08 14:17:57 +01:00
phy phy: PHY_FSL_LYNX_28G should depend on ARCH_LAYERSCAPE 2022-03-29 08:45:16 -07:00
pinctrl Pin control bulk changes for the v5.18 kernel cycle 2022-03-28 11:52:53 -07:00
platform chrome platform changes for 5.18 2022-04-02 10:44:18 -07:00
pnp PNP update for 5.18-rc1 2022-03-21 14:46:01 -07:00
power Driver core changes for 5.18-rc1 2022-03-28 12:41:28 -07:00
powercap
pps pps: generators: pps_gen_parport: Switch to use module_parport_driver() 2022-03-18 14:01:19 +01:00
ps3
ptp ptp: ocp: handle error from nvmem_device_find 2022-03-30 12:08:11 -07:00
pwm
rapidio
ras
regulator regulator: atc260x: Fix missing active_discharge_on setting 2022-04-04 08:59:43 +01:00
remoteproc remoteproc updates for v5.18 2022-03-30 10:50:48 -07:00
reset
rpmsg rpmsg: ctrl: Introduce new RPMSG_CREATE/RELEASE_DEV_IOCTL controls 2022-03-13 11:49:53 -05:00
rtc RTC for 5.18 2022-04-01 09:37:18 -07:00
s390 s390: cleanup timer API use 2022-03-27 22:18:39 +02:00
sbus
scsi scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan 2022-04-06 22:58:17 -04:00
sh
siox
slimbus
soc Networking changes for 5.18. 2022-03-24 13:13:26 -07:00
soundwire Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
spi ACPI updates for 5.18-rc2 2022-04-08 18:23:02 -10:00
spmi
ssb
staging staging: rtl8712: fix uninit-value in usb_read8() and friends 2022-05-19 17:44:25 +02:00
target Merge branch '5.18/scsi-queue' into 5.18/scsi-fixes 2022-04-06 21:46:54 -04:00
tc
tee ARM driver updates for 5.18 2022-03-23 18:23:13 -07:00
thermal Merge branch 'thermal-hfi' 2022-03-18 19:00:26 +01:00
thunderbolt Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
tty tty: serial: mpc52xx_uart: make rx/tx hooks return unsigned, part II. 2022-04-04 10:33:02 +02:00
uio
usb xen: branch for v5.18-rc1 2022-03-28 14:32:39 -07:00
vdpa virtio: fixes, cleanups 2022-04-05 10:40:52 -07:00
vfio hisi_acc_vfio_pci: Use its own PCI reset_done error handler 2022-03-15 11:41:32 -06:00
vhost virtio: features, fixes 2022-03-31 13:57:15 -07:00
video fbdev: Fix unregistering of framebuffers without device 2022-04-06 21:12:28 +02:00
virt Random number generator fixes for Linux 5.18-rc1. 2022-03-31 14:51:34 -07:00
virtio virtio: fixes, cleanups 2022-04-05 10:40:52 -07:00
vlynq
vme staging: vme: Move vme_user to staging KConfig 2022-04-22 16:47:29 +02:00
w1 w1: w1_therm: Add support for Maxim MAX31850 thermoelement IF. 2022-03-18 14:07:09 +01:00
watchdog linux-watchdog 5.18-rc1 tag 2022-03-31 14:14:03 -07:00
xen xen: don't hang when resuming PCI device 2022-03-25 14:22:15 -05:00
zorro
Kconfig staging: Remove the drivers for the Unisys s-Par 2022-04-20 18:39:04 +02:00
Makefile staging: Remove the drivers for the Unisys s-Par 2022-04-20 18:39:04 +02:00