From: Petko Manolov <petkan@nucleusys.com>
To: Pavel Skripkin <paskripkin@gmail.com>
Cc: davem@davemloft.net, kuba@kernel.org, linux-usb@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+02c9f70f3afae308464a@syzkaller.appspotmail.com
Subject: Re: [PATCH] net: pegasus: fix uninit-value in get_interrupt_interval
Date: Sun, 1 Aug 2021 23:24:21 +0300 [thread overview]
Message-ID: <YQcC9eOf5+MXZRsG@carbon> (raw)
In-Reply-To: <20210801223513.06bede26@gmail.com>
On 21-08-01 22:35:13, Pavel Skripkin wrote:
> On Sun, 1 Aug 2021 15:36:27 +0300 Petko Manolov <petkan@nucleusys.com> wrote:
>
> > On 21-07-31 00:44:11, Pavel Skripkin wrote:
> > > Syzbot reported uninit value pegasus_probe(). The problem was in missing
> > > error handling.
> > >
> > > get_interrupt_interval() internally calls read_eprom_word() which can fail
> > > in some cases. For example: failed to receive usb control message. These
> > > cases should be handled to prevent uninit value bug, since
> > > read_eprom_word() will not initialize passed stack variable in case of
> > > internal failure.
> >
> > Well, this is most definitelly a bug.
> >
> > ACK!
> >
> >
> > Petko
>
> BTW: I found a lot uses of {get,set}_registers without error checking. I
> think, some of them could be fixed easily (like in enable_eprom_write), but, I
> guess, disable_eprom_write is not so easy. For example, if we cannot disable
> eprom should we retry? If not, will device get in some unexpected state?
Everything bracketed by PEGASUS_WRITE_EEPROM is more or less dead code. I've
added this feature because the chip give us the ability to write to the flash,
but i seriously doubt anybody ever used it. Come to think about it, i should
just remove this code.
> Im not familiar with this device, but I can prepare a patch to wrap all these
> calls with proper error checking
Well, i've stared at the code a bit and i see some places where not checking the
error returned by {get,set}_registers() could really be problematic. I'll cook
a patch with what i think needs doing and will submit it here for review.
cheers,
Petko
next prev parent reply other threads:[~2021-08-01 20:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-30 21:44 [PATCH] net: pegasus: fix uninit-value in get_interrupt_interval Pavel Skripkin
2021-08-01 12:36 ` Petko Manolov
2021-08-01 19:35 ` Pavel Skripkin
2021-08-01 20:24 ` Petko Manolov [this message]
2021-08-02 20:07 ` Petko Manolov
2021-08-02 22:18 ` Pavel Skripkin
2021-08-03 5:36 ` Greg KH
2021-08-04 10:44 ` Pavel Skripkin
2021-08-04 11:58 ` Jakub Kicinski
2021-08-04 14:30 ` [PATCH net v2] " Pavel Skripkin
2021-08-05 14:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YQcC9eOf5+MXZRsG@carbon \
--to=petkan@nucleusys.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=syzbot+02c9f70f3afae308464a@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.