[PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open
@ 2025-11-05 19:47 Dharanitharan R
  2025-11-05 19:47 ` syzbot
  2025-11-05 21:55 ` Jacob Keller
  0 siblings, 2 replies; 4+ messages in thread
From: Dharanitharan R @ 2025-11-05 19:47 UTC (permalink / raw)
  To: netdev
  Cc: linux-usb, gregkh, davem, edumazet, kuba, pabeni,
	syzbot+b4d5d8faea6996fd, Dharanitharan R

KMSAN reported an uninitialized value use in rtl8150_open().
Initialize rx_skb->data and intr_buff before submitting URBs to
ensure memory is in a defined state.

Changes in v2:
 - Fixed whitespace and indentation (checkpatch clean)
 - Corrected syzbot tag

Reported-by: syzbot+b4d5d8faea6996fd@syzkaller.appspotmail.com
Signed-off-by: Dharanitharan R <dharanitharan725@gmail.com>
---
 drivers/net/usb/rtl8150.c | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)

diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
index f1a868f0032e..a7116d03c3d3 100644
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -735,33 +735,30 @@ static int rtl8150_open(struct net_device *netdev)
 	rtl8150_t *dev = netdev_priv(netdev);
 	int res;
 
-	if (dev->rx_skb == NULL)
-		dev->rx_skb = pull_skb(dev);
-	if (!dev->rx_skb)
-		return -ENOMEM;
-
 	set_registers(dev, IDR, 6, netdev->dev_addr);
 
 	/* Fix: initialize memory before using it (KMSAN uninit-value) */
 	memset(dev->rx_skb->data, 0, RTL8150_MTU);
 	memset(dev->intr_buff, 0, INTBUFSIZE);
 
-	usb_fill_bulk_urb(dev->rx_urb, dev->udev, usb_rcvbulkpipe(dev->udev, 1),
-		      dev->rx_skb->data, RTL8150_MTU, read_bulk_callback, dev);
-	if ((res = usb_submit_urb(dev->rx_urb, GFP_KERNEL))) {
-		if (res == -ENODEV)
-			netif_device_detach(dev->netdev);
+	usb_fill_bulk_urb(dev->rx_urb, dev->udev,
+			  usb_rcvbulkpipe(dev->udev, 1),
+			  dev->rx_skb->data, RTL8150_MTU,
+			  read_bulk_callback, dev);
+
+	res = usb_submit_urb(dev->rx_urb, GFP_KERNEL);
+	if (res) {
 		dev_warn(&netdev->dev, "rx_urb submit failed: %d\n", res);
 		return res;
 	}
 
-	usb_fill_int_urb(dev->intr_urb, dev->udev, usb_rcvintpipe(dev->udev, 3),
-		     dev->intr_buff, INTBUFSIZE, intr_callback,
-		     dev, dev->intr_interval);
-	if ((res = usb_submit_urb(dev->intr_urb, GFP_KERNEL))) {
-		if (res == -ENODEV)
-			netif_device_detach(dev->netdev);
-		dev_warn(&netdev->dev, "intr_urb submit failed: %d\n", res);
+	usb_fill_int_urb(dev->intr_urb, dev->udev,
+			 usb_rcvintpipe(dev->udev, 3),
+			 dev->intr_buff, INTBUFSIZE,
+			 intr_callback, dev, dev->intr_interval);
+
+	res = usb_submit_urb(dev->intr_urb, GFP_KERNEL);
+	if (res) {
 		usb_kill_urb(dev->rx_urb);
 		return res;
 	}
@@ -769,8 +766,7 @@ static int rtl8150_open(struct net_device *netdev)
 	enable_net_traffic(dev);
 	set_carrier(netdev);
 	netif_start_queue(netdev);
-
-	return res;
+	return 0;
 }
 
 static int rtl8150_close(struct net_device *netdev)
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open
  2025-11-05 19:47 [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open Dharanitharan R
@ 2025-11-05 19:47 ` syzbot
  2025-11-05 21:55 ` Jacob Keller
  1 sibling, 0 replies; 4+ messages in thread
From: syzbot @ 2025-11-05 19:47 UTC (permalink / raw)
  To: dharanitharan725
  Cc: davem, dharanitharan725, edumazet, gregkh, kuba, linux-usb,
	netdev, pabeni

> KMSAN reported an uninitialized value use in rtl8150_open().
> Initialize rx_skb->data and intr_buff before submitting URBs to
> ensure memory is in a defined state.
>
> Changes in v2:
>  - Fixed whitespace and indentation (checkpatch clean)
>  - Corrected syzbot tag
>
> Reported-by: syzbot+b4d5d8faea6996fd@syzkaller.appspotmail.com
> Signed-off-by: Dharanitharan R <dharanitharan725@gmail.com>
> ---
>  drivers/net/usb/rtl8150.c | 34 +++++++++++++++-------------------
>  1 file changed, 15 insertions(+), 19 deletions(-)
>
> diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
> index f1a868f0032e..a7116d03c3d3 100644
> --- a/drivers/net/usb/rtl8150.c
> +++ b/drivers/net/usb/rtl8150.c
> @@ -735,33 +735,30 @@ static int rtl8150_open(struct net_device *netdev)
>  	rtl8150_t *dev = netdev_priv(netdev);
>  	int res;
>  
> -	if (dev->rx_skb == NULL)
> -		dev->rx_skb = pull_skb(dev);
> -	if (!dev->rx_skb)
> -		return -ENOMEM;
> -
>  	set_registers(dev, IDR, 6, netdev->dev_addr);
>  
>  	/* Fix: initialize memory before using it (KMSAN uninit-value) */
>  	memset(dev->rx_skb->data, 0, RTL8150_MTU);
>  	memset(dev->intr_buff, 0, INTBUFSIZE);
>  
> -	usb_fill_bulk_urb(dev->rx_urb, dev->udev, usb_rcvbulkpipe(dev->udev, 1),
> -		      dev->rx_skb->data, RTL8150_MTU, read_bulk_callback, dev);
> -	if ((res = usb_submit_urb(dev->rx_urb, GFP_KERNEL))) {
> -		if (res == -ENODEV)
> -			netif_device_detach(dev->netdev);
> +	usb_fill_bulk_urb(dev->rx_urb, dev->udev,
> +			  usb_rcvbulkpipe(dev->udev, 1),
> +			  dev->rx_skb->data, RTL8150_MTU,
> +			  read_bulk_callback, dev);
> +
> +	res = usb_submit_urb(dev->rx_urb, GFP_KERNEL);
> +	if (res) {
>  		dev_warn(&netdev->dev, "rx_urb submit failed: %d\n", res);
>  		return res;
>  	}
>  
> -	usb_fill_int_urb(dev->intr_urb, dev->udev, usb_rcvintpipe(dev->udev, 3),
> -		     dev->intr_buff, INTBUFSIZE, intr_callback,
> -		     dev, dev->intr_interval);
> -	if ((res = usb_submit_urb(dev->intr_urb, GFP_KERNEL))) {
> -		if (res == -ENODEV)
> -			netif_device_detach(dev->netdev);
> -		dev_warn(&netdev->dev, "intr_urb submit failed: %d\n", res);
> +	usb_fill_int_urb(dev->intr_urb, dev->udev,
> +			 usb_rcvintpipe(dev->udev, 3),
> +			 dev->intr_buff, INTBUFSIZE,
> +			 intr_callback, dev, dev->intr_interval);
> +
> +	res = usb_submit_urb(dev->intr_urb, GFP_KERNEL);
> +	if (res) {
>  		usb_kill_urb(dev->rx_urb);
>  		return res;
>  	}
> @@ -769,8 +766,7 @@ static int rtl8150_open(struct net_device *netdev)
>  	enable_net_traffic(dev);
>  	set_carrier(netdev);
>  	netif_start_queue(netdev);
> -
> -	return res;
> +	return 0;
>  }
>  
>  static int rtl8150_close(struct net_device *netdev)
> -- 
> 2.43.0
>

I see the command but can't find the corresponding bug.
The email is sent to  syzbot+HASH@syzkaller.appspotmail.com address
but the HASH does not correspond to any known bug.
Please double check the address.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open
  2025-11-05 19:47 [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open Dharanitharan R
  2025-11-05 19:47 ` syzbot
@ 2025-11-05 21:55 ` Jacob Keller
  2025-11-05 21:55   ` syzbot
  1 sibling, 1 reply; 4+ messages in thread
From: Jacob Keller @ 2025-11-05 21:55 UTC (permalink / raw)
  To: Dharanitharan R, netdev
  Cc: linux-usb, gregkh, davem, edumazet, kuba, pabeni,
	syzbot+b4d5d8faea6996fd


[-- Attachment #1.1: Type: text/plain, Size: 1195 bytes --]



On 11/5/2025 11:47 AM, Dharanitharan R wrote:
> diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
> index f1a868f0032e..a7116d03c3d3 100644
> --- a/drivers/net/usb/rtl8150.c
> +++ b/drivers/net/usb/rtl8150.c
> @@ -735,33 +735,30 @@ static int rtl8150_open(struct net_device *netdev)
>  	rtl8150_t *dev = netdev_priv(netdev);
>  	int res;
>  
> -	if (dev->rx_skb == NULL)
> -		dev->rx_skb = pull_skb(dev);
> -	if (!dev->rx_skb)
> -		return -ENOMEM;
> -

None of the changes in the diff make any sense, as you remove the only
place where rx_skb is initialized in the first place.

>  	set_registers(dev, IDR, 6, netdev->dev_addr);
>  
>  	/* Fix: initialize memory before using it (KMSAN uninit-value) */
>  	memset(dev->rx_skb->data, 0, RTL8150_MTU);
>  	memset(dev->intr_buff, 0, INTBUFSIZE);
>  

This isn't even in the current driver code, but its shown as part of the
diff context. Based on your commit description this is probably what
you're trying to insert? But its obviously not a properly formatted or
generated patch. It reeks of being generated by a bad LLM.

Please don't waste reviewers time with this kind of generated nonsense.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open
  2025-11-05 21:55 ` Jacob Keller
@ 2025-11-05 21:55   ` syzbot
  0 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2025-11-05 21:55 UTC (permalink / raw)
  To: jacob.e.keller
  Cc: davem, dharanitharan725, edumazet, gregkh, jacob.e.keller, kuba,
	linux-usb, netdev, pabeni

>
>
> On 11/5/2025 11:47 AM, Dharanitharan R wrote:
>> diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
>> index f1a868f0032e..a7116d03c3d3 100644
>> --- a/drivers/net/usb/rtl8150.c
>> +++ b/drivers/net/usb/rtl8150.c
>> @@ -735,33 +735,30 @@ static int rtl8150_open(struct net_device *netdev)
>>  	rtl8150_t *dev = netdev_priv(netdev);
>>  	int res;
>>  
>> -	if (dev->rx_skb == NULL)
>> -		dev->rx_skb = pull_skb(dev);
>> -	if (!dev->rx_skb)
>> -		return -ENOMEM;
>> -
>
> None of the changes in the diff make any sense, as you remove the only
> place where rx_skb is initialized in the first place.
>
>>  	set_registers(dev, IDR, 6, netdev->dev_addr);
>>  
>>  	/* Fix: initialize memory before using it (KMSAN uninit-value) */
>>  	memset(dev->rx_skb->data, 0, RTL8150_MTU);
>>  	memset(dev->intr_buff, 0, INTBUFSIZE);
>>  
>
> This isn't even in the current driver code, but its shown as part of the
> diff context. Based on your commit description this is probably what
> you're trying to insert? But its obviously not a properly formatted or
> generated patch. It reeks of being generated by a bad LLM.
>
> Please don't waste reviewers time with this kind of generated nonsense.

I see the command but can't find the corresponding bug.
The email is sent to  syzbot+HASH@syzkaller.appspotmail.com address
but the HASH does not correspond to any known bug.
Please double check the address.


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-11-05 21:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-05 19:47 [PATCH v2] usb: rtl8150: Initialize buffers to fix KMSAN uninit-value in rtl8150_open Dharanitharan R
2025-11-05 19:47 ` syzbot
2025-11-05 21:55 ` Jacob Keller
2025-11-05 21:55   ` syzbot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).