Re: [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_ntf

Netdev List
 help / color / mirror / Atom feed

* Re: [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_ntf_packet (3)
       [not found] <000000000000dbc80e061b01a34f@google.com>
@ 2024-10-12 14:15 ` Qianqiang Liu
  2024-10-12 18:00   ` syzbot
  0 siblings, 1 reply; 5+ messages in thread
From: Qianqiang Liu @ 2024-10-12 14:15 UTC (permalink / raw)
  To: syzbot
  Cc: davem, edumazet, krzk, kuba, linux-kernel, netdev, pabeni,
	syzkaller-bugs

#syz test

diff --git a/drivers/nfc/virtual_ncidev.c b/drivers/nfc/virtual_ncidev.c
index 6b89d596ba9a..31da26287327 100644
--- a/drivers/nfc/virtual_ncidev.c
+++ b/drivers/nfc/virtual_ncidev.c
@@ -117,7 +117,7 @@ static ssize_t virtual_ncidev_write(struct file *file,
 	struct virtual_nci_dev *vdev = file->private_data;
 	struct sk_buff *skb;
 
-	skb = alloc_skb(count, GFP_KERNEL);
+	skb = alloc_skb(count, GFP_KERNEL | __GFP_ZERO);
 	if (!skb)
 		return -ENOMEM;
 
-- 
Best,
Qianqiang Liu


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_ntf_packet (3)
  2024-10-12 14:15 ` [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_ntf_packet (3) Qianqiang Liu
@ 2024-10-12 18:00   ` syzbot
  2024-10-12 18:47     ` [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet Qianqiang Liu
  0 siblings, 1 reply; 5+ messages in thread
From: syzbot @ 2024-10-12 18:00 UTC (permalink / raw)
  To: davem, edumazet, krzk, kuba, linux-kernel, netdev, pabeni,
	qianqiang.liu, syzkaller-bugs

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
Tested-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com

Tested on:

commit:         7234e2ea Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11b63fd0580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=981fe2ff8a1e457a
dashboard link: https://syzkaller.appspot.com/bug?extid=3f8fa0edaa75710cd66e
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14f87b27980000

Note: testing is done by a robot and is best-effort only.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet
  2024-10-12 18:00   ` syzbot
@ 2024-10-12 18:47     ` Qianqiang Liu
  2024-10-16  7:58       ` Krzysztof Kozlowski
  0 siblings, 1 reply; 5+ messages in thread
From: Qianqiang Liu @ 2024-10-12 18:47 UTC (permalink / raw)
  To: krzk
  Cc: davem, edumazet, kuba, linux-kernel, netdev, pabeni,
	syzkaller-bugs, syzbot+3f8fa0edaa75710cd66e

When an unsupported rf_tech_and_mode (0xe6) occurs in nci_rf_discover_ntf_packet,
the ntf.ntf_type may be assigned an uninitialized value.

To resolve this, use the __GFP_ZERO flag when calling alloc_skb(),
ensuring that skb->data is properly initialized.

Reported-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3f8fa0edaa75710cd66e
Tested-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>
---
 drivers/nfc/virtual_ncidev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/virtual_ncidev.c b/drivers/nfc/virtual_ncidev.c
index 6b89d596ba9a..31da26287327 100644
--- a/drivers/nfc/virtual_ncidev.c
+++ b/drivers/nfc/virtual_ncidev.c
@@ -117,7 +117,7 @@ static ssize_t virtual_ncidev_write(struct file *file,
 	struct virtual_nci_dev *vdev = file->private_data;
 	struct sk_buff *skb;
 
-	skb = alloc_skb(count, GFP_KERNEL);
+	skb = alloc_skb(count, GFP_KERNEL | __GFP_ZERO);
 	if (!skb)
 		return -ENOMEM;
 
-- 
2.47.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet
  2024-10-12 18:47     ` [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet Qianqiang Liu
@ 2024-10-16  7:58       ` Krzysztof Kozlowski
  2024-10-16  8:35         ` Qianqiang Liu
  0 siblings, 1 reply; 5+ messages in thread
From: Krzysztof Kozlowski @ 2024-10-16  7:58 UTC (permalink / raw)
  To: Qianqiang Liu
  Cc: davem, edumazet, kuba, linux-kernel, netdev, pabeni,
	syzkaller-bugs, syzbot+3f8fa0edaa75710cd66e

On 12/10/2024 20:47, Qianqiang Liu wrote:
> When an unsupported rf_tech_and_mode (0xe6) occurs in nci_rf_discover_ntf_packet,
> the ntf.ntf_type may be assigned an uninitialized value.
> 
> To resolve this, use the __GFP_ZERO flag when calling alloc_skb(),
> ensuring that skb->data is properly initialized.
> 
> Reported-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=3f8fa0edaa75710cd66e
> Tested-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
> Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>

Do not attach (thread) your patchsets to some other threads (unrelated
or older versions). This buries them deep in the mailbox and might
interfere with applying entire sets.

> ---
>  drivers/nfc/virtual_ncidev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/virtual_ncidev.c b/drivers/nfc/virtual_ncidev.c
> index 6b89d596ba9a..31da26287327 100644
> --- a/drivers/nfc/virtual_ncidev.c
> +++ b/drivers/nfc/virtual_ncidev.c
> @@ -117,7 +117,7 @@ static ssize_t virtual_ncidev_write(struct file *file,
>  	struct virtual_nci_dev *vdev = file->private_data;
>  	struct sk_buff *skb;
>  
> -	skb = alloc_skb(count, GFP_KERNEL);
> +	skb = alloc_skb(count, GFP_KERNEL | __GFP_ZERO);
>  	if (!skb)
>  		return -ENOMEM;

Same comments as before:

https://lore.kernel.org/all/20240803121817.383567-1-zhanghao1@kylinos.cn/

Respond to existing feedback, please.

Best regards,
Krzysztof


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet
  2024-10-16  7:58       ` Krzysztof Kozlowski
@ 2024-10-16  8:35         ` Qianqiang Liu
  0 siblings, 0 replies; 5+ messages in thread
From: Qianqiang Liu @ 2024-10-16  8:35 UTC (permalink / raw)
  To: Krzysztof Kozlowski
  Cc: davem, edumazet, kuba, linux-kernel, netdev, pabeni,
	syzkaller-bugs, syzbot+3f8fa0edaa75710cd66e

On Wed, Oct 16, 2024 at 09:58:53AM +0200, Krzysztof Kozlowski wrote:
> 
> Same comments as before:
> 
> https://lore.kernel.org/all/20240803121817.383567-1-zhanghao1@kylinos.cn/
> 
> Respond to existing feedback, please.
> 
> Best regards,
> Krzysztof

Got it, thanks!

-- 
Best,
Qianqiang Liu


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-10-16  8:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <000000000000dbc80e061b01a34f@google.com>
2024-10-12 14:15 ` [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_ntf_packet (3) Qianqiang Liu
2024-10-12 18:00   ` syzbot
2024-10-12 18:47     ` [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet Qianqiang Liu
2024-10-16  7:58       ` Krzysztof Kozlowski
2024-10-16  8:35         ` Qianqiang Liu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox