leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d1b5766973
linux/drivers/staging
History
Wang Cheng d1b5766973 staging: rtl8712: fix uninit-value in usb_read8() and friends 
When r8712_usbctrl_vendorreq() returns negative, 'data' in
usb_read{8,16,32} will not be initialized.

BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]
BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725
 string_nocheck lib/vsprintf.c:643 [inline]
 string+0x4ec/0x6f0 lib/vsprintf.c:725
 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
 va_format lib/vsprintf.c:1704 [inline]
 pointer+0x18e6/0x1f70 lib/vsprintf.c:2443
 vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810
 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
 dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604
 dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615
 __dev_printk+0x3be/0x440 drivers/base/core.c:4627
 _dev_info+0x1ea/0x22f drivers/base/core.c:4673
 r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401
 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
 really_probe+0x6c7/0x1350 drivers/base/dd.c:621
 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
 driver_probe_device drivers/base/dd.c:782 [inline]
 __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
 __device_attach+0x593/0x8e0 drivers/base/dd.c:970
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
 device_add+0x1fff/0x26e0 drivers/base/core.c:3405
 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
 really_probe+0x6c7/0x1350 drivers/base/dd.c:621
 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
 driver_probe_device drivers/base/dd.c:782 [inline]
 __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
 __device_attach+0x593/0x8e0 drivers/base/dd.c:970
 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
 device_add+0x1fff/0x26e0 drivers/base/core.c:3405
 usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566
 hub_port_connect drivers/usb/core/hub.c:5363 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
 port_event drivers/usb/core/hub.c:5665 [inline]
 hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747
 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289
 worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436
 kthread+0x3c7/0x500 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

Local variable data created at:
 usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33
 r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29

KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

Reported-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Tested-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wang Cheng <wanngchenng@gmail.com>
Link: https://lore.kernel.org/r/b9b7a6ee02c02aa28054f5cf16129977775f3cd9.1652618244.git.wanngchenng@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-19 17:44:25 +02:00
..
axis-fifo staging: axis-fifo: Use platform_get_irq() to get the interrupt 2021-12-30 11:54:56 +01:00
board
clocking-wizard clk: staging: correct reference to config IOMEM to config HAS_IOMEM 2021-08-17 20:03:00 +02:00
emxx_udc
fbtft Staging driver update for 5.18-rc1 2022-03-28 12:50:50 -07:00
fieldbus staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() 2022-04-22 16:48:31 +02:00
fwserial
gdm724x Staging driver update for 5.18-rc1 2022-03-28 12:50:50 -07:00
greybus staging: greybus: correct typo in comment 2022-05-05 23:19:14 +02:00
iio staging: iio: ad2s1210: remove redundant assignment to variable negative 2022-04-20 18:45:35 +02:00
ks7010 staging: ks7010: remove null check after call container_of() 2022-05-19 17:42:41 +02:00
media media: atomisp: fix bad usage at error handling logic 2022-03-18 05:58:35 +01:00
most staging/most, dim2: convert dim2_tasklet to threaded irq 2022-04-12 15:53:50 +02:00
nvec Staging: nvec: Fix ending in '(' error 2022-02-08 10:46:01 +01:00
octeon Staging driver update for 5.16-rc1 2021-11-04 07:56:22 -07:00
octeon-usb
olpc_dcon
pi433 Staging driver update for 5.18-rc1 2022-03-28 12:50:50 -07:00
qlge staging: qlge: add blank line after function declaration 2022-04-20 18:40:04 +02:00
r8188eu staging: r8188eu: remove _drv_ defines from include/rtw_debug.h 2022-05-19 17:43:04 +02:00
rtl8192e staging: rtl8192e: remove null check after call container_of() 2022-05-19 17:42:43 +02:00
rtl8192u staging: rtl8192u: remove null check after call container_of() 2022-05-19 17:42:53 +02:00
rtl8712 staging: rtl8712: fix uninit-value in usb_read8() and friends 2022-05-19 17:44:25 +02:00
rtl8723bs staging: rtl8723bs: Fix alignment to match open parenthesis 2022-05-19 17:41:18 +02:00
rts5208 staging: rts5208: Convert kmap() to kmap_local_page() 2022-04-04 07:33:47 +02:00
sm750fb staging: sm750fb: Call iounmap() to free mapped bus memory 2022-04-04 07:33:49 +02:00
vc04_services staging: vc04_services: remove unused macro 2022-05-19 17:42:56 +02:00
vme_user staging: vme: Move 'vme/devices/' to 'vme_user/' 2022-04-22 16:47:29 +02:00
vt6655 staging: vt6655: Replace VNSvOutPortB with iowrite8 2022-05-19 17:41:10 +02:00
vt6656 staging: vt6656: Fix multiple blank lines warning 2022-04-04 07:33:45 +02:00
wlan-ng staging/wlan-ng, prism2usb: replace completion_bh tasklet with work 2022-04-12 15:53:50 +02:00
Kconfig staging: vme: Move 'vme/devices/' to 'vme_user/' 2022-04-22 16:47:29 +02:00
Makefile staging: vme: Move 'vme/devices/' to 'vme_user/' 2022-04-22 16:47:29 +02:00