From: Greg KH <gregkh@linuxfoundation.org>
To: Takashi Iwai <tiwai@suse.de>
Cc: alsa-devel@alsa-project.org, wang6495@umn.edu,
yuehaibing@huawei.com, tiwai@suse.com,
syzkaller-bugs@googlegroups.com, linux-kernel@vger.kernel.org,
glider@google.com, allison@lohutok.net,
syzbot <syzbot+8f2612936028bfd28f28@syzkaller.appspotmail.com>,
tglx@linutronix.de, benquike@gmail.com, dan.carpenter@oracle.com
Subject: Re: [alsa-devel] KMSAN: uninit-value in get_term_name
Date: Mon, 11 Nov 2019 09:57:46 +0100 [thread overview]
Message-ID: <20191111085746.GA3994938@kroah.com> (raw)
In-Reply-To: <s5himo9as9j.wl-tiwai@suse.de>
On Mon, Oct 28, 2019 at 02:55:52PM +0100, Takashi Iwai wrote:
> On Mon, 28 Oct 2019 14:30:50 +0100,
> Greg KH wrote:
> >
> > On Mon, Oct 28, 2019 at 02:13:20PM +0100, Takashi Iwai wrote:
> > > On Mon, 28 Oct 2019 11:32:07 +0100,
> > > syzbot wrote:
> > > >
> > > > Uninit was stored to memory at:
> > > > kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline]
> > > > kmsan_internal_chain_origin+0xbd/0x180 mm/kmsan/kmsan.c:319
> > > > __msan_chain_origin+0x6b/0xd0 mm/kmsan/kmsan_instr.c:179
> > > > parse_term_proc_unit+0x73d/0x7e0 sound/usb/mixer.c:896
> > > > __check_input_term+0x13ef/0x2360 sound/usb/mixer.c:989
> > >
> > > So this comes from the invalid descriptor for a processing unit, and
> > > it's very likely the same issue as already spotted -- the validator up
> > > to 5.3-rc4 had a bug that passed the invalid descriptor falsely.
> > > This should have been covered by 5.3-rc5, commit ba8bf0967a15 ("ALSA:
> > > usb-audio: Fix copy&paste error in the validator").
> >
> > SHould we be backporting the validator to any older kernels as well?
>
> Yes, that would be nice. I didn't mark them for stable just because
> they are a bit largish and wanted to let them tested for 5.4 for a
> while.
>
> The following commits are relevant (from top/old to bottom/new).
>
> 57f8770620e9b51c61089751f0b5ad3dbe376ff2
> ALSA: usb-audio: More validations of descriptor units
> 68e9fde245591d18200f8a9054cac22339437adb
> ALSA: usb-audio: Simplify parse_audio_unit()
> 52c3e317a857091fd746e15179a637f32be4d337
> ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects
> b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a
> ALSA: usb-audio: Remove superfluous bLength checks
> e0ccdef92653f8867e2d1667facfd3c23699f540
> ALSA: usb-audio: Clean up check_input_term()
> 60849562a5db4a1eee2160167e4dce4590d3eafe
> ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk()
> b39e077fcb283dd96dd251a3abeba585402c61fe
> ALSA: usb-audio: remove some dead code
> ba8bf0967a154796be15c4983603aad0b05c3138
> ALSA: usb-audio: Fix copy&paste error in the validator
>
Thanks, I've queued this series up for 5.3.y and 4.19.y
greg k-h
_______________________________________________
Alsa-devel mailing list
Alsa-devel@alsa-project.org
https://mailman.alsa-project.org/mailman/listinfo/alsa-devel
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: Takashi Iwai <tiwai@suse.de>
Cc: syzbot <syzbot+8f2612936028bfd28f28@syzkaller.appspotmail.com>,
allison@lohutok.net, alsa-devel@alsa-project.org,
benquike@gmail.com, dan.carpenter@oracle.com, glider@google.com,
linux-kernel@vger.kernel.org, perex@perex.cz,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
tiwai@suse.com, wang6495@umn.edu, yuehaibing@huawei.com
Subject: Re: KMSAN: uninit-value in get_term_name
Date: Mon, 11 Nov 2019 09:57:46 +0100 [thread overview]
Message-ID: <20191111085746.GA3994938@kroah.com> (raw)
In-Reply-To: <s5himo9as9j.wl-tiwai@suse.de>
On Mon, Oct 28, 2019 at 02:55:52PM +0100, Takashi Iwai wrote:
> On Mon, 28 Oct 2019 14:30:50 +0100,
> Greg KH wrote:
> >
> > On Mon, Oct 28, 2019 at 02:13:20PM +0100, Takashi Iwai wrote:
> > > On Mon, 28 Oct 2019 11:32:07 +0100,
> > > syzbot wrote:
> > > >
> > > > Uninit was stored to memory at:
> > > > kmsan_save_stack_with_flags mm/kmsan/kmsan.c:151 [inline]
> > > > kmsan_internal_chain_origin+0xbd/0x180 mm/kmsan/kmsan.c:319
> > > > __msan_chain_origin+0x6b/0xd0 mm/kmsan/kmsan_instr.c:179
> > > > parse_term_proc_unit+0x73d/0x7e0 sound/usb/mixer.c:896
> > > > __check_input_term+0x13ef/0x2360 sound/usb/mixer.c:989
> > >
> > > So this comes from the invalid descriptor for a processing unit, and
> > > it's very likely the same issue as already spotted -- the validator up
> > > to 5.3-rc4 had a bug that passed the invalid descriptor falsely.
> > > This should have been covered by 5.3-rc5, commit ba8bf0967a15 ("ALSA:
> > > usb-audio: Fix copy&paste error in the validator").
> >
> > SHould we be backporting the validator to any older kernels as well?
>
> Yes, that would be nice. I didn't mark them for stable just because
> they are a bit largish and wanted to let them tested for 5.4 for a
> while.
>
> The following commits are relevant (from top/old to bottom/new).
>
> 57f8770620e9b51c61089751f0b5ad3dbe376ff2
> ALSA: usb-audio: More validations of descriptor units
> 68e9fde245591d18200f8a9054cac22339437adb
> ALSA: usb-audio: Simplify parse_audio_unit()
> 52c3e317a857091fd746e15179a637f32be4d337
> ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects
> b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a
> ALSA: usb-audio: Remove superfluous bLength checks
> e0ccdef92653f8867e2d1667facfd3c23699f540
> ALSA: usb-audio: Clean up check_input_term()
> 60849562a5db4a1eee2160167e4dce4590d3eafe
> ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk()
> b39e077fcb283dd96dd251a3abeba585402c61fe
> ALSA: usb-audio: remove some dead code
> ba8bf0967a154796be15c4983603aad0b05c3138
> ALSA: usb-audio: Fix copy&paste error in the validator
>
Thanks, I've queued this series up for 5.3.y and 4.19.y
greg k-h
next prev parent reply other threads:[~2019-11-11 8:58 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-28 10:32 [alsa-devel] KMSAN: uninit-value in get_term_name syzbot
2019-10-28 10:32 ` syzbot
2019-10-28 13:13 ` [alsa-devel] " Takashi Iwai
2019-10-28 13:13 ` Takashi Iwai
2019-10-28 13:17 ` [alsa-devel] " Alexander Potapenko
2019-10-28 13:17 ` Alexander Potapenko
2019-10-28 13:30 ` [alsa-devel] " Greg KH
2019-10-28 13:30 ` Greg KH
2019-10-28 13:55 ` [alsa-devel] " Takashi Iwai
2019-10-28 13:55 ` Takashi Iwai
2019-10-28 14:40 ` [alsa-devel] " Greg KH
2019-10-28 14:40 ` Greg KH
2019-11-11 8:57 ` Greg KH [this message]
2019-11-11 8:57 ` Greg KH
2019-10-28 13:38 ` [alsa-devel] " Andrey Konovalov
2019-10-28 13:38 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191111085746.GA3994938@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=allison@lohutok.net \
--cc=alsa-devel@alsa-project.org \
--cc=benquike@gmail.com \
--cc=dan.carpenter@oracle.com \
--cc=glider@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+8f2612936028bfd28f28@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
--cc=tiwai@suse.de \
--cc=wang6495@umn.edu \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.