From: Guenter Roeck <linux@roeck-us.net>
To: Marius Zachmann <mail@mariuszachmann.de>,
syzbot <syzbot+3bbbade4e1a7ab45ca3b@syzkaller.appspotmail.com>,
jdelvare@suse.com, linux-hwmon@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [hwmon?] KMSAN: uninit-value in get_temp_cnct
Date: Thu, 19 Jun 2025 06:01:27 -0700 [thread overview]
Message-ID: <61233ba1-e5ad-4d7a-ba31-3b5d0adcffcc@roeck-us.net> (raw)
In-Reply-To: <fe5fe144dea8665f96b943e9abe58fc8be536d69.camel@mariuszachmann.de>
On 6/19/25 01:01, Marius Zachmann wrote:
> Am Mittwoch, dem 18.06.2025 um 22:56 -0700 schrieb Guenter Roeck:
>> On 6/18/25 21:31, syzbot wrote:
>>> Hello,
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit: 4774cfe3543a Merge tag 'scsi-fixes' of
>>> git://git.kernel.or..
>>> git tree: upstream
>>> console output:
>>> https://syzkaller.appspot.com/x/log.txt?x=10e3f10c580000
>>> kernel config:
>>> https://syzkaller.appspot.com/x/.config?x=61539536677af51c
>>> dashboard link:
>>> https://syzkaller.appspot.com/bug?extid=3bbbade4e1a7ab45ca3b
>>> compiler: Debian clang version 20.1.6
>>> (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian
>>> LLD 20.1.6
>>> userspace arch: i386
>>>
>>> Unfortunately, I don't have any reproducer for this issue yet.
>>>
>>
>> It doesn't need one: The problem will be seen if the data returned
>> from the
>> power supply is shorter than expected. In the example below, the
>> problem will
>> be seen if less than NUM_TEMP_SENSORS+1 data bytes were received.
>> One possible fix would be to record the returned data length in
>> ccp_raw_event()
>> and to have each caller of send_usb_cmd() check if the returned
>> amount of data
>> is sufficient.
>>
>> Guenter
>
> The device should always return the same number of bytes.
The term is "should". That doesn't mean it always _does_ return the
expected number of bytes, only that it is expected to do so.
> I could zero-initialize the buffer at allocation. Then there should
> be no uninitialized values.
As long as the values are usable, sure. That would not really fix the
protocol error, though, it would just hide it.
> Also I could check the number of returned bytes in send_usb_cmd()
> instead of having each caller checking it, and return -EIO if
> it is not correct?
>
Yes, that would be an even better fix, though I would suggest to return
-EPROTO in that case to distinguish it from an actual i/o error.
Thanks,
Guenter
next prev parent reply other threads:[~2025-06-19 13:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 4:31 [syzbot] [hwmon?] KMSAN: uninit-value in get_temp_cnct syzbot
2025-06-19 5:56 ` Guenter Roeck
2025-06-19 8:01 ` Marius Zachmann
2025-06-19 13:01 ` Guenter Roeck [this message]
2025-06-19 13:37 ` [PATCH] hwmon: fill it with 0 when data size is insufficient Edward Adam Davis
2025-06-19 16:54 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=61233ba1-e5ad-4d7a-ba31-3b5d0adcffcc@roeck-us.net \
--to=linux@roeck-us.net \
--cc=jdelvare@suse.com \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@mariuszachmann.de \
--cc=syzbot+3bbbade4e1a7ab45ca3b@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox