redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/media/usb
History
Vito Caputo b96f53c165 media: cxusb: detect cxusb_ctrl_msg error in query 
commit ca8f245f28 upstream.

Don't use uninitialized ircode[] in cxusb_rc_query() when
cxusb_ctrl_msg() fails to populate its contents.

syzbot reported:

dvb-usb: bulk message failed: -22 (1/-30591)
=====================================================
BUG: KMSAN: uninit-value in ir_lookup_by_scancode drivers/media/rc/rc-main.c:494 [inline]
BUG: KMSAN: uninit-value in rc_g_keycode_from_table drivers/media/rc/rc-main.c:582 [inline]
BUG: KMSAN: uninit-value in rc_keydown+0x1a6/0x6f0 drivers/media/rc/rc-main.c:816
CPU: 1 PID: 11436 Comm: kworker/1:2 Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events dvb_usb_read_remote_control
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x191/0x1f0 lib/dump_stack.c:113
 kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
 bsearch+0x1dd/0x250 lib/bsearch.c:41
 ir_lookup_by_scancode drivers/media/rc/rc-main.c:494 [inline]
 rc_g_keycode_from_table drivers/media/rc/rc-main.c:582 [inline]
 rc_keydown+0x1a6/0x6f0 drivers/media/rc/rc-main.c:816
 cxusb_rc_query+0x2e1/0x360 drivers/media/usb/dvb-usb/cxusb.c:548
 dvb_usb_read_remote_control+0xf9/0x290 drivers/media/usb/dvb-usb/dvb-usb-remote.c:261
 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269
 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline]
 kmsan_internal_chain_origin+0xd2/0x170 mm/kmsan/kmsan.c:314
 __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:184
 rc_g_keycode_from_table drivers/media/rc/rc-main.c:583 [inline]
 rc_keydown+0x2c4/0x6f0 drivers/media/rc/rc-main.c:816
 cxusb_rc_query+0x2e1/0x360 drivers/media/usb/dvb-usb/cxusb.c:548
 dvb_usb_read_remote_control+0xf9/0x290 drivers/media/usb/dvb-usb/dvb-usb-remote.c:261
 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269
 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415
 kthread+0x4b5/0x4f0 kernel/kthread.c:256
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355

Local variable description: ----ircode@cxusb_rc_query
Variable was created at:
 cxusb_rc_query+0x4d/0x360 drivers/media/usb/dvb-usb/cxusb.c:543
 dvb_usb_read_remote_control+0xf9/0x290 drivers/media/usb/dvb-usb/dvb-usb-remote.c:261

Signed-off-by: Vito Caputo <vcaputo@pengaru.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-11-29 10:10:16 +01:00
..
airspy media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
as102 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118 2019-05-24 17:39:02 +02:00
au0828 media: drivers/media: don't set pix->priv = 0 2019-07-23 08:48:33 -04:00
b2c2 media: b2c2-flexcop-usb: add sanity checking 2019-11-29 10:10:16 +01:00
cpia2 media: cpia2_usb: fix memory leaks 2019-08-26 10:40:01 -03:00
cx231xx media: usb: cx231xx-417: fix a memory leak bug 2019-08-26 10:40:17 -03:00
dvb-usb media: cxusb: detect cxusb_ctrl_msg error in query 2019-11-29 10:10:16 +01:00
dvb-usb-v2 media: don't do a 31 bit shift on a signed int 2019-08-26 14:11:10 -03:00
em28xx media: em28xx: Fix exception handling in em28xx_alloc_urbs() 2019-08-29 10:22:20 -03:00
go7007 media: usb: go7007: s2250-board: convert to i2c_new_dummy_device 2019-08-13 11:46:13 -03:00
gspca media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table 2019-08-26 10:43:20 -03:00
hackrf Linux 5.2-rc4 2019-06-11 12:09:28 -04:00
hdpvr media: hdpvr: remove redundant assignment to retval 2019-08-26 10:43:53 -03:00
msi2500 media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
pulse8-cec treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 55 2019-05-24 17:36:42 +02:00
pvrusb2 media: pvrusb2: qctrl.flag will be uninitlaized if cx2341x_ctrl_query() returns error code 2019-08-29 10:22:39 -03:00
pwc media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
rainshadow-cec treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 55 2019-05-24 17:36:42 +02:00
s2255 media: drivers/media: don't set pix->priv = 0 2019-07-23 08:48:33 -04:00
siano USB fixes for 5.2-rc3 2019-05-31 08:16:31 -07:00
stk1160 media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
stkwebcam media: stkwebcam: fix runtime PM after driver unbind 2019-10-04 14:38:46 +02:00
tm6000 media: Fix various misspellings of disconnected 2019-08-19 12:02:28 -03:00
ttusb-budget treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ttusb-dec media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() 2019-08-21 18:39:55 -03:00
usbtv media: media/usb: don't set description in ENUM_FMT 2019-07-22 14:01:05 -04:00
usbvision media: usbvision: Fix races among open, close, and disconnect 2019-11-29 10:10:06 +01:00
uvc media: uvcvideo: Fix error path in control parsing failure 2019-11-29 10:10:15 +01:00
zr364xx media: media/usb: Use kmemdup rather than duplicating its implementation 2019-08-14 05:02:43 -03:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00