Re: [PATCH net-next] tipc: eliminate complaint of KMSAN uninit-value in tipc_conn_rcv_sub

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Miller <davem@davemloft.net>
To: ying.xue@windriver.com
Cc: netdev@vger.kernel.org, jon.maloy@ericsson.com,
	syzkaller-bugs@googlegroups.com,
	tipc-discussion@lists.sourceforge.net
Subject: Re: [PATCH net-next] tipc: eliminate complaint of KMSAN uninit-value in tipc_conn_rcv_sub
Date: Sat, 19 May 2018 23:00:21 -0400 (EDT)	[thread overview]
Message-ID: <20180519.230021.538446373514892322.davem@davemloft.net> (raw)
In-Reply-To: <1526644255-9182-1-git-send-email-ying.xue@windriver.com>

From: Ying Xue <ying.xue@windriver.com>
Date: Fri, 18 May 2018 19:50:55 +0800

> As variable s of struct tipc_subscr type is not initialized
> in tipc_conn_rcv_from_sock() before it is used in tipc_conn_rcv_sub(),
> KMSAN reported the following uninit-value type complaint:

I agree with others that the short read is the bug.

You need to decide what should happen if not a full tipc_subscr object
is obtained from the sock_recvmsg() call.

Proceeding to pass it on to tipc_conn_rcv_sub() cannot possibly be
correct.

You're not getting what you are expecting from the peer, the memset()
you are adding doesn't change that.

And once you get this badly sized read, what does that do to
the stream of subsequent recvmsg calls here?

next prev parent reply	other threads:[~2018-05-20  3:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-18 11:50 [PATCH net-next] tipc: eliminate complaint of KMSAN uninit-value in tipc_conn_rcv_sub Ying Xue
2018-05-18 12:10 ` Dmitry Vyukov
2018-05-20  3:00 ` David Miller [this message]
2018-05-21 13:02   ` Jon Maloy
2018-05-23 13:38   ` Ying Xue

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180519.230021.538446373514892322.davem@davemloft.net \
    --to=davem@davemloft.net \
    --cc=jon.maloy@ericsson.com \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tipc-discussion@lists.sourceforge.net \
    --cc=ying.xue@windriver.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).