From: Phong Tran <tranmanphong@gmail.com>
To: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com,
linux-kernel-mentees@lists.linuxfoundation.org,
lkml <linux-kernel@vger.kernel.org>,
"open list:HID CORE LAYER" <linux-input@vger.kernel.org>
Subject: Re: [Linux-kernel-mentees] [PATCH] HID: hid-lg4ff: Fix uninit-value set_autocenter_default
Date: Tue, 19 Nov 2019 20:29:49 +0700 [thread overview]
Message-ID: <0407e8bb-bbf5-ec64-cdac-ef266f1ab391@gmail.com> (raw)
In-Reply-To: <CAO-hwJ+cydMPQE_otc8-67=SDKmjac5RXsLs-9x6dH4YqA+DVQ@mail.gmail.com>
On 11/18/19 4:43 PM, Benjamin Tissoires wrote:
> On Tue, Nov 5, 2019 at 3:18 PM Phong Tran <tranmanphong@gmail.com> wrote:
>>
>> syzbot found a problem using of uinit pointer in
>> lg4ff_set_autocenter_default().
>>
>> Reported-by: syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com
>>
>> Tested by syzbot:
>>
>> https://groups.google.com/d/msg/syzkaller-bugs/ApnMLW6sfKE/Qq0bIHGEAQAJ
>
> This seems weird to me:
>
> the syzbot link above is about `hid_get_drvdata(hid)`, and, as I read
> it, the possibility that hid might not have an initialized value.
>
In the dashboard [1] shows
BUG: KMSAN: uninit-value in dev_get_drvdata include/linux/device.h:1388
[inline]
BUG: KMSAN: uninit-value in hid_get_drvdata include/linux/hid.h:628 [inline]
BUG: KMSAN: uninit-value in lg4ff_set_autocenter_default+0x23a/0xa20
drivers/hid/hid-lg4ff.c:477
base on that I did the initialization the pointer in the patch.
> Here you are changing the initialized values of value, entry and
> drv_data, all 3 are never used before their first assignment.
>
> I have a feeling this particular syzbot check has already been fixed
> upstream by d9d4b1e46d95 "HID: Fix assumption that devices have
> inputs".
>
I think the commit d9d4b1 fixed this report [2] by syzbot.
[1] https://syzkaller.appspot.com/bug?extid=1234691fec1b8ceba8b1
[2] https://syzkaller.appspot.com/bug?extid=403741a091bf41d4ae79
regards,
Phong.
> Cheers,
> Benjamin
>
>>
>> Signed-off-by: Phong Tran <tranmanphong@gmail.com>
>> ---
>> drivers/hid/hid-lg4ff.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c
>> index 5e6a0cef2a06..44dfd08b0c32 100644
>> --- a/drivers/hid/hid-lg4ff.c
>> +++ b/drivers/hid/hid-lg4ff.c
>> @@ -468,10 +468,10 @@ static int lg4ff_play(struct input_dev *dev, void *data, struct ff_effect *effec
>> static void lg4ff_set_autocenter_default(struct input_dev *dev, u16 magnitude)
>> {
>> struct hid_device *hid = input_get_drvdata(dev);
>> - s32 *value;
>> + s32 *value = NULL;
>> u32 expand_a, expand_b;
>> - struct lg4ff_device_entry *entry;
>> - struct lg_drv_data *drv_data;
>> + struct lg4ff_device_entry *entry = NULL;
>> + struct lg_drv_data *drv_data = NULL;
>> unsigned long flags;
>>
>> drv_data = hid_get_drvdata(hid);
>> --
>> 2.20.1
>>
>
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
WARNING: multiple messages have this Message-ID (diff)
From: Phong Tran <tranmanphong@gmail.com>
To: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: tranmanphong@gmail.com,
"open list:HID CORE LAYER" <linux-input@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
linux-kernel-mentees@lists.linuxfoundation.org,
syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com
Subject: Re: [PATCH] HID: hid-lg4ff: Fix uninit-value set_autocenter_default
Date: Tue, 19 Nov 2019 20:29:49 +0700 [thread overview]
Message-ID: <0407e8bb-bbf5-ec64-cdac-ef266f1ab391@gmail.com> (raw)
In-Reply-To: <CAO-hwJ+cydMPQE_otc8-67=SDKmjac5RXsLs-9x6dH4YqA+DVQ@mail.gmail.com>
On 11/18/19 4:43 PM, Benjamin Tissoires wrote:
> On Tue, Nov 5, 2019 at 3:18 PM Phong Tran <tranmanphong@gmail.com> wrote:
>>
>> syzbot found a problem using of uinit pointer in
>> lg4ff_set_autocenter_default().
>>
>> Reported-by: syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com
>>
>> Tested by syzbot:
>>
>> https://groups.google.com/d/msg/syzkaller-bugs/ApnMLW6sfKE/Qq0bIHGEAQAJ
>
> This seems weird to me:
>
> the syzbot link above is about `hid_get_drvdata(hid)`, and, as I read
> it, the possibility that hid might not have an initialized value.
>
In the dashboard [1] shows
BUG: KMSAN: uninit-value in dev_get_drvdata include/linux/device.h:1388
[inline]
BUG: KMSAN: uninit-value in hid_get_drvdata include/linux/hid.h:628 [inline]
BUG: KMSAN: uninit-value in lg4ff_set_autocenter_default+0x23a/0xa20
drivers/hid/hid-lg4ff.c:477
base on that I did the initialization the pointer in the patch.
> Here you are changing the initialized values of value, entry and
> drv_data, all 3 are never used before their first assignment.
>
> I have a feeling this particular syzbot check has already been fixed
> upstream by d9d4b1e46d95 "HID: Fix assumption that devices have
> inputs".
>
I think the commit d9d4b1 fixed this report [2] by syzbot.
[1] https://syzkaller.appspot.com/bug?extid=1234691fec1b8ceba8b1
[2] https://syzkaller.appspot.com/bug?extid=403741a091bf41d4ae79
regards,
Phong.
> Cheers,
> Benjamin
>
>>
>> Signed-off-by: Phong Tran <tranmanphong@gmail.com>
>> ---
>> drivers/hid/hid-lg4ff.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c
>> index 5e6a0cef2a06..44dfd08b0c32 100644
>> --- a/drivers/hid/hid-lg4ff.c
>> +++ b/drivers/hid/hid-lg4ff.c
>> @@ -468,10 +468,10 @@ static int lg4ff_play(struct input_dev *dev, void *data, struct ff_effect *effec
>> static void lg4ff_set_autocenter_default(struct input_dev *dev, u16 magnitude)
>> {
>> struct hid_device *hid = input_get_drvdata(dev);
>> - s32 *value;
>> + s32 *value = NULL;
>> u32 expand_a, expand_b;
>> - struct lg4ff_device_entry *entry;
>> - struct lg_drv_data *drv_data;
>> + struct lg4ff_device_entry *entry = NULL;
>> + struct lg_drv_data *drv_data = NULL;
>> unsigned long flags;
>>
>> drv_data = hid_get_drvdata(hid);
>> --
>> 2.20.1
>>
>
next prev parent reply other threads:[~2019-11-19 13:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 14:18 [Linux-kernel-mentees] [PATCH] HID: hid-lg4ff: Fix uninit-value set_autocenter_default Phong Tran
2019-11-05 14:18 ` Phong Tran
2019-11-18 9:43 ` [Linux-kernel-mentees] " Benjamin Tissoires
2019-11-18 9:43 ` Benjamin Tissoires
2019-11-19 13:29 ` Phong Tran [this message]
2019-11-19 13:29 ` Phong Tran
2019-11-25 15:14 ` [Linux-kernel-mentees] " Benjamin Tissoires
2019-11-25 15:14 ` Benjamin Tissoires
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0407e8bb-bbf5-ec64-cdac-ef266f1ab391@gmail.com \
--to=tranmanphong@gmail.com \
--cc=benjamin.tissoires@redhat.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.