From: Greg KH <greg@kroah.com>
To: Stefan Schmidt <stefan@datenfreihafen.org>
Cc: Alexander Aring <alex.aring@gmail.com>,
Pavel Skripkin <paskripkin@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
linux-wpan - ML <linux-wpan@vger.kernel.org>,
"open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
kernel list <linux-kernel@vger.kernel.org>,
"# 3.19.x" <stable@vger.kernel.org>,
Alexander Potapenko <glider@google.com>
Subject: Re: [PATCH RFT] ieee802154: atusb: move to new USB API
Date: Wed, 5 Jan 2022 09:08:39 +0100 [thread overview]
Message-ID: <YdVSBy47e0+OdXAo@kroah.com> (raw)
In-Reply-To: <ab1ec1c0-389c-dcae-9cd8-6e6771a94178@datenfreihafen.org>
On Tue, Jan 04, 2022 at 08:41:23PM +0100, Stefan Schmidt wrote:
> Hello.
>
> On 03.01.22 16:35, Alexander Aring wrote:
> > Hi,
> >
> > On Mon, 3 Jan 2022 at 08:03, Greg KH <greg@kroah.com> wrote:
> > >
> > > On Sun, Jan 02, 2022 at 08:19:43PM +0300, Pavel Skripkin wrote:
> > > > Alexander reported a use of uninitialized value in
> > > > atusb_set_extended_addr(), that is caused by reading 0 bytes via
> > > > usb_control_msg().
> > > >
> > > > Since there is an API, that cannot read less bytes, than was requested,
> > > > let's move atusb driver to use it. It will fix all potintial bugs with
> > > > uninit values and make code more modern
> > > >
> > > > Fail log:
> > > >
> > > > BUG: KASAN: uninit-cmp in ieee802154_is_valid_extended_unicast_addr include/linux/ieee802154.h:310 [inline]
> > > > BUG: KASAN: uninit-cmp in atusb_set_extended_addr drivers/net/ieee802154/atusb.c:1000 [inline]
> > > > BUG: KASAN: uninit-cmp in atusb_probe.cold+0x29f/0x14db drivers/net/ieee802154/atusb.c:1056
> > > > Uninit value used in comparison: 311daa649a2003bd stack handle: 000000009a2003bd
> > > > ieee802154_is_valid_extended_unicast_addr include/linux/ieee802154.h:310 [inline]
> > > > atusb_set_extended_addr drivers/net/ieee802154/atusb.c:1000 [inline]
> > > > atusb_probe.cold+0x29f/0x14db drivers/net/ieee802154/atusb.c:1056
> > > > usb_probe_interface+0x314/0x7f0 drivers/usb/core/driver.c:396
> > > >
> > > > Fixes: 7490b008d123 ("ieee802154: add support for atusb transceiver")
> > > > Cc: stable@vger.kernel.org # 5.9
> > > > Reported-by: Alexander Potapenko <glider@google.com>
> > > > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> > > > ---
> > > > drivers/net/ieee802154/atusb.c | 61 +++++++++++++++++++++-------------
> > > > 1 file changed, 38 insertions(+), 23 deletions(-)
> > > >
> > > > diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c
> > > > index 23ee0b14cbfa..43befea0110f 100644
> > > > --- a/drivers/net/ieee802154/atusb.c
> > > > +++ b/drivers/net/ieee802154/atusb.c
> > > > @@ -80,10 +80,9 @@ struct atusb_chip_data {
> > > > * in atusb->err and reject all subsequent requests until the error is cleared.
> > > > */
> > > >
> > > > -static int atusb_control_msg(struct atusb *atusb, unsigned int pipe,
> > > > - __u8 request, __u8 requesttype,
> > > > - __u16 value, __u16 index,
> > > > - void *data, __u16 size, int timeout)
> > > > +static int atusb_control_msg_recv(struct atusb *atusb, __u8 request, __u8 requesttype,
> > > > + __u16 value, __u16 index,
> > > > + void *data, __u16 size, int timeout)
> > >
> > > Why do you need a wrapper function at all? Why not just call the real
> > > usb functions instead?
>
> > ...
>
> > >
> > > I would recommend just moving to use the real USB functions and no
> > > wrapper function at all like this, it will make things more obvious and
> > > easier to understand over time.
> >
> > okay.
>
> With the small fix handle the actual KASAN report applied now
It was? What is the git commit id?
thanks,
greg k-h
next prev parent reply other threads:[~2022-01-05 8:08 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-24 19:24 Use of uninitialized value in atusb_set_extended_addr() Alexander Potapenko
2021-12-24 19:57 ` Pavel Skripkin
2022-01-02 17:19 ` [PATCH RFT] ieee802154: atusb: move to new USB API Pavel Skripkin
2022-01-02 22:15 ` Alexander Aring
2022-01-02 22:21 ` Pavel Skripkin
2022-01-02 22:36 ` Alexander Aring
2022-01-03 12:09 ` [PATCH v2] ieee802154: atusb: fix uninit value in atusb_set_extended_addr Pavel Skripkin
2022-01-03 15:27 ` Alexander Aring
2022-01-04 15:40 ` Stefan Schmidt
2022-01-04 17:27 ` Pavel Skripkin
2022-01-04 18:04 ` Stefan Schmidt
2022-01-04 18:11 ` Pavel Skripkin
2022-01-04 18:28 ` [PATCH v3] " Pavel Skripkin
2022-01-04 18:57 ` Alexander Aring
2022-01-04 19:25 ` Stefan Schmidt
2022-01-03 13:04 ` [PATCH RFT] ieee802154: atusb: move to new USB API Greg KH
2022-01-03 13:03 ` Greg KH
2022-01-03 15:35 ` Alexander Aring
2022-01-04 19:41 ` Stefan Schmidt
2022-01-05 8:08 ` Greg KH [this message]
2022-01-05 9:01 ` Stefan Schmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YdVSBy47e0+OdXAo@kroah.com \
--to=greg@kroah.com \
--cc=alex.aring@gmail.com \
--cc=davem@davemloft.net \
--cc=glider@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=stable@vger.kernel.org \
--cc=stefan@datenfreihafen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.