Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1402460ybi; Fri, 2 Aug 2019 15:05:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqyoexFngtU9IfxmJy4NCFegfO+pekAvrmCeduH77vc6aOPLESYBr2kMvKHUMpLNDS5noUKi X-Received: by 2002:a17:90a:a489:: with SMTP id z9mr6141054pjp.24.1564783531195; Fri, 02 Aug 2019 15:05:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564783531; cv=none; d=google.com; s=arc-20160816; b=MzRgDOhZgg57mmCdMevk3O0xpOO4+aAi5cxpD0rl+Ger+FqYdd+mk6T37vXCwkEK0v CURrjvRTDTopxfM7URQFmBWyfhia/mJ2awt/xy2Y71kR5jdH9axcfW2ODApsYMDkkkzU EJ1rnj/aqYPAutizU9NHHTxZXVWxPn2AcnEXF5dFHgzg/hV+MSrK3E/Wj4RSStD6+loi BHRss3TSTW3lHAVNshdxwLnPzFs2/xLDaee+zEXLqT1+RnfJ3L1QG9zSVCYhgMkvQ9UW a8f/MNdzFz60d0lOJP3U7+Rri7GpsKb/0ZozE0JNhLtq9vmxNFUPcTUoxif7m6jqKmeh ns9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=4Q5ds0k9CQkpnHT0N4jNKIrLG54tT61s+89WYMg/gw0=; b=JzSyFQuUGMkdWLfzxhWrDng+Rcg4bWeEXrlKamOf4LwWlE5HK1mHNp3k/jb65LUZAy QK7Ghu2hpCXn3m+JycMcJHixLkz0sv15XZJ6BpVDs6ChJ78RZBXZlCc9GQwm0/KkPjPN DENNy6FpuZWpvfo7mDmIjY+pw0oaPQI7o8321VlSOt3pCUMJQW4EUdsKXqXFFP2qjg67 6kZcRP0DS9qjNl0SdGYFFzxhFiqIUwYTBu486OjH8i9NwQjJuafkNWvAMG/zaxJ5zy7o Fmka8PHRSy+Jkbr6IZx7Nkk27Cs6Z9ChaTnFvyN92PCeBVYI4ojHjXBG4kspPsgt6krZ HrCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q25si36424940pgv.114.2019.08.02.15.05.15; Fri, 02 Aug 2019 15:05:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392442AbfHBLqR (ORCPT + 99 others); Fri, 2 Aug 2019 07:46:17 -0400 Received: from metis.ext.pengutronix.de ([85.220.165.71]:54265 "EHLO metis.ext.pengutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388195AbfHBLqR (ORCPT ); Fri, 2 Aug 2019 07:46:17 -0400 Received: from gallifrey.ext.pengutronix.de ([2001:67c:670:201:5054:ff:fe8d:eefb] helo=bjornoya.blackshift.org) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1htW0e-0004pR-WB; Fri, 02 Aug 2019 13:46:09 +0200 Received: from [IPv6:2a03:f580:87bc:d400:595f:209f:a34b:fbc1] (unknown [IPv6:2a03:f580:87bc:d400:595f:209f:a34b:fbc1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits)) (Client CN "mkl@blackshift.org", Issuer "StartCom Class 1 Client CA" (not verified)) (Authenticated sender: mkl@blackshift.org) by smtp.blackshift.org (Postfix) with ESMTPSA id 1A76D43D6FF; Fri, 2 Aug 2019 11:46:04 +0000 (UTC) Subject: Re: [PATCH] peak_usb: Fix info-leaks to USB devices To: Tomas Bortoli , wg@grandegger.com, linux-can@vger.kernel.org Cc: davem@davemloft.net, gregkh@linuxfoundation.org, alexios.zavras@intel.com, tglx@linutronix.de, allison@lohutok.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller@googlegroups.com References: <20190731145447.29270-1-tomasbortoli@gmail.com> From: Marc Kleine-Budde Openpgp: preference=signencrypt Autocrypt: addr=mkl@pengutronix.de; prefer-encrypt=mutual; keydata= mQINBFFVq30BEACtnSvtXHoeHJxG6nRULcvlkW6RuNwHKmrqoksispp43X8+nwqIFYgb8UaX zu8T6kZP2wEIpM9RjEL3jdBjZNCsjSS6x1qzpc2+2ivjdiJsqeaagIgvy2JWy7vUa4/PyGfx QyUeXOxdj59DvLwAx8I6hOgeHx2X/ntKAMUxwawYfPZpP3gwTNKc27dJWSomOLgp+gbmOmgc 6U5KwhAxPTEb3CsT5RicsC+uQQFumdl5I6XS+pbeXZndXwnj5t84M+HEj7RN6bUfV2WZO/AB Xt5+qFkC/AVUcj/dcHvZwQJlGeZxoi4veCoOT2MYqfR0ax1MmN+LVRvKm29oSyD4Ts/97cbs XsZDRxnEG3z/7Winiv0ZanclA7v7CQwrzsbpCv+oj+zokGuKasofzKdpywkjAfSE1zTyF+8K nxBAmzwEqeQ3iKqBc3AcCseqSPX53mPqmwvNVS2GqBpnOfY7Mxr1AEmxdEcRYbhG6Xdn+ACq Dq0Db3A++3PhMSaOu125uIAIwMXRJIzCXYSqXo8NIeo9tobk0C/9w3fUfMTrBDtSviLHqlp8 eQEP8+TDSmRP/CwmFHv36jd+XGmBHzW5I7qw0OORRwNFYBeEuiOIgxAfjjbLGHh9SRwEqXAL kw+WVTwh0MN1k7I9/CDVlGvc3yIKS0sA+wudYiselXzgLuP5cQARAQABtCZNYXJjIEtsZWlu ZS1CdWRkZSA8bWtsQHBlbmd1dHJvbml4LmRlPokCVAQTAQoAPgIbAwIeAQIXgAULCQgHAwUV CgkICwUWAgMBABYhBMFAC6CzmJ5vvH1bXCte4hHFiupUBQJcUsSbBQkM366zAAoJECte4hHF iupUgkAP/2RdxKPZ3GMqag33jKwKAbn/fRqAFWqUH9TCsRH3h6+/uEPnZdzhkL4a9p/6OeJn Z6NXqgsyRAOTZsSFcwlfxLNHVxBWm8pMwrBecdt4lzrjSt/3ws2GqxPsmza1Gs61lEdYvLST Ix2vPbB4FAfE0kizKAjRZzlwOyuHOr2ilujDsKTpFtd8lV1nBNNn6HBIBR5ShvJnwyUdzuby tOsSt7qJEvF1x3y49bHCy3uy+MmYuoEyG6zo9udUzhVsKe3hHYC2kfB16ZOBjFC3lH2U5An+ yQYIIPZrSWXUeKjeMaKGvbg6W9Oi4XEtrwpzUGhbewxCZZCIrzAH2hz0dUhacxB201Y/faY6 BdTS75SPs+zjTYo8yE9Y9eG7x/lB60nQjJiZVNvZ88QDfVuLl/heuIq+fyNajBbqbtBT5CWf mOP4Dh4xjm3Vwlz8imWW/drEVJZJrPYqv0HdPbY8jVMpqoe5jDloyVn3prfLdXSbKPexlJaW 5tnPd4lj8rqOFShRnLFCibpeHWIumqrIqIkiRA9kFW3XMgtU6JkIrQzhJb6Tc6mZg2wuYW0d Wo2qvdziMgPkMFiWJpsxM9xPk9BBVwR+uojNq5LzdCsXQ2seG0dhaOTaaIDWVS8U/V8Nqjrl 6bGG2quo5YzJuXKjtKjZ4R6k762pHJ3tnzI/jnlc1sXzuQENBFxSzJYBCAC58uHRFEjVVE3J 31eyEQT6H1zSFCccTMPO/ewwAnotQWo98Bc67ecmprcnjRjSUKTbyY/eFxS21JnC4ZB0pJKx MNwK6zq71wLmpseXOgjufuG3kvCgwHLGf/nkBHXmSINHvW00eFK/kJBakwHEbddq8Dr4ewmr G7yr8d6A3CSn/qhOYWhIxNORK3SVo4Io7ExNX/ljbisGsgRzsWvY1JlN4sabSNEr7a8YaqTd 2CfFe/5fPcQRGsfhAbH2pVGigr7JddONJPXGE7XzOrx5KTwEv19H6xNe+D/W3FwjZdO4TKIo vcZveSDrFWOi4o2Te4O5OB/2zZbNWPEON8MaXi9zABEBAAGJA3IEGAEKACYWIQTBQAugs5ie b7x9W1wrXuIRxYrqVAUCXFLMlgIbAgUJAeKNmgFACRArXuIRxYrqVMB0IAQZAQoAHRYhBJrx JF84Dn3PPNRrhVrGIaOR5J0gBQJcUsyWAAoJEFrGIaOR5J0grw4H/itil/yryJCvzi6iuZHS suSHHOiEf+UQHib1MLP96LM7FmDabjVSmJDpH4TsMu17A0HTG+bPMAdeia0+q9FWSvSHYW8D wNhfkb8zojpa37qBpVpiNy7r6BKGSRSoFOv6m/iIoRJuJ041AEKao6djj/FdQF8OV1EtWKRO +nE2bNuDCcwHkhHP+FHExdzhKSmnIsMjGpGwIQKN6DxlJ7fN4W7UZFIQdSO21ei+akinBo4K O0uNCnVmePU1UzrwXKG2sS2f97A+sZE89vkc59NtfPHhofI3JkmYexIF6uqLA3PumTqLQ2Lu bywPAC3YNphlhmBrG589p+sdtwDQlpoH9O7NeBAAg/lyGOUUIONrheii/l/zR0xxr2TDE6tq 6HZWdtjWoqcaky6MSyJQIeJ20AjzdV/PxMkd8zOijRVTnlK44bcfidqFM6yuT1bvXAO6NOPy pvBRnfP66L/xECnZe7s07rXpNFy72XGNZwhj89xfpK4a9E8HQcOD0mNtCJaz7TTugqBOsQx2 45VPHosmhdtBQ6/gjlf2WY9FXb5RyceeSuK4lVrz9uZB+fUHBge/giOSsrqFo/9fWAZsE67k 6Mkdbpc7ZQwxelcpP/giB9N+XAfBsffQ8q6kIyuFV4ILsIECCIA4nt1rYmzphv6t5J6PmlTq TzW9jNzbYANoOFAGnjzNRyc9i8UiLvjhTzaKPBOkQfhStEJaZrdSWuR/7Tt2wZBBoNTsgNAw A+cEu+SWCvdX7vNpsCHMiHtcEmVt5R0Tex1Ky87EfXdnGR2mDi6Iyxi3MQcHez3C61Ga3Baf P8UtXR6zrrrlX22xXtpNJf4I4Z6RaLpB/avIXTFXPbJ8CUUbVD2R2mZ/jyzaTzgiABDZspbS gw17QQUrKqUog0nHXuaGGA1uvreHTnyBWx5P8FP7rhtvYKhw6XdJ06ns+2SFcQv0Bv6PcSDK aRXmnW+OsDthn84x1YkfGIRJEPvvmiOKQsFEiB4OUtTX2pheYmZcZc81KFfJMmE8Z9+LT6Ry uSS5AQ0EXFLNDgEIAL14qAzTMCE1PwRrYJRI/RSQGAGF3HLdYvjbQd9Ozzg02K3mNCF2Phb1 cjsbMk/V6WMxYoZCEtCh4X2GjQG2GDDW4KC9HOa8cTmr9Vcno+f+pUle09TMzWDgtnH92WKx d0FIQev1zDbxU7lk1dIqyOjjpyhmR8Put6vgunvuIjGJ/GapHL/O0yjVlpumtmow6eME2muc TeJjpapPWBGcy/8VU4LM8xMeMWv8DtQML5ogyJxZ0Smt+AntIzcF9miV2SeYXA3OFiojQstF vScN7owL1XiQ3UjJotCp6pUcSVgVv0SgJXbDo5Nv87M2itn68VPfTu2uBBxRYqXQovsR++kA EQEAAYkCPAQYAQoAJhYhBMFAC6CzmJ5vvH1bXCte4hHFiupUBQJcUs0OAhsMBQkB4o0iAAoJ ECte4hHFiupUbioQAJ40bEJmMOF28vFcGvQrpI+lfHJGk9zSrh4F4SlJyOVWV1yWyUAINr8w v1aamg2nAppZ16z4nAnGU/47tWZ4P8blLVG8x4SWzz3D7MCy1FsQBTrWGLqWldPhkBAGp2VH xDOK4rLhuQWx3H5zd3kPXaIgvHI3EliWaQN+u2xmTQSJN75I/V47QsaPvkm4TVe3JlB7l1Fg OmSvYx31YC+3slh89ayjPWt8hFaTLnB9NaW9bLhs3E2ESF9Dei0FRXIt3qnFV/hnETsx3X4h KEnXxhSRDVeURP7V6P/z3+WIfddVKZk5ZLHi39fJpxvsg9YLSfStMJ/cJfiPXk1vKdoa+FjN 7nGAZyF6NHTNhsI7aHnvZMDavmAD3lK6CY+UBGtGQA3QhrUc2cedp1V53lXwor/D/D3Wo9wY iSXKOl4fFCh2Peo7qYmFUaDdyiCxvFm+YcIeMZ8wO5udzkjDtP4lWKAn4tUcdcwMOT5d0I3q WATP4wFI8QktNBqF3VY47HFwF9PtNuOZIqeAquKezywUc5KqKdqEWCPx9pfLxBAh3GW2Zfjp lP6A5upKs2ktDZOC2HZXP4IJ1GTk8hnfS4ade8s9FNcwu9m3JlxcGKLPq5DnIbPVQI1UUR4F QyAqTtIdSpeFYbvH8D7pO4lxLSz2ZyBMk+aKKs6GL5MqEci8OcFW Message-ID: <94a82ee7-880e-704c-14ea-328b17854441@pengutronix.de> Date: Fri, 2 Aug 2019 13:45:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190731145447.29270-1-tomasbortoli@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="bUHFL0ZY0h4QKkg7KNcgGEekD5qTsRGu2" X-SA-Exim-Connect-IP: 2001:67c:670:201:5054:ff:fe8d:eefb X-SA-Exim-Mail-From: mkl@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bUHFL0ZY0h4QKkg7KNcgGEekD5qTsRGu2 Content-Type: multipart/mixed; boundary="taHezyBPFjLpFu9Ua1xiWSIFcmBQqJa51"; protected-headers="v1" From: Marc Kleine-Budde To: Tomas Bortoli , wg@grandegger.com, linux-can@vger.kernel.org Cc: davem@davemloft.net, gregkh@linuxfoundation.org, alexios.zavras@intel.com, tglx@linutronix.de, allison@lohutok.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller@googlegroups.com Message-ID: <94a82ee7-880e-704c-14ea-328b17854441@pengutronix.de> Subject: Re: [PATCH] peak_usb: Fix info-leaks to USB devices References: <20190731145447.29270-1-tomasbortoli@gmail.com> In-Reply-To: <20190731145447.29270-1-tomasbortoli@gmail.com> --taHezyBPFjLpFu9Ua1xiWSIFcmBQqJa51 Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 7/31/19 4:54 PM, Tomas Bortoli wrote: > Uninitialized Kernel memory can leak to USB devices. >=20 > Fix by using kzalloc() instead of kmalloc() on the affected buffers. >=20 > Signed-off-by: Tomas Bortoli > Reported-by: syzbot+d6a5a1a3657b596ef132@syzkaller.appspotmail.com > Reported-by: syzbot+513e4d0985298538bf9b@syzkaller.appspotmail.com Applied, but split into two patches, as the problem was introduced in two separate commits. regards, Marc --=20 Pengutronix e.K. | Marc Kleine-Budde | Industrial Linux Solutions | Phone: +49-231-2826-924 | Vertretung West/Dortmund | Fax: +49-5121-206917-5555 | Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de | --taHezyBPFjLpFu9Ua1xiWSIFcmBQqJa51-- --bUHFL0ZY0h4QKkg7KNcgGEekD5qTsRGu2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEmvEkXzgOfc881GuFWsYho5HknSAFAl1EIngACgkQWsYho5Hk nSD8vgf8DJdo1LsTA5upQRO9+/x1xqDq+ssUrsPgYQU8Oeik4bHaDvyhN5pOXXVP QXx9xNv6SFDKwi/I2IP/4A87PWbHRZf1TT67yMGRMBofgR9v1eM34oFdHRPsx16+ 6fylUL5cvukN2Zo540ppZ/OxHmUZvNMzSSytt6KWL1FfwRdZzUSQ6bk02HHF1xTY BAIHM6LKW12OgQ4eSJV9/EgDeOU+97BlnxDhlR6qUoDPgcp+tY/UpQqRA1dZ5wFY J9ZDx8tZTfAc+MhRZ1+yzRB/+oOssIuhvHe8UP/IgviBre1osMmmggH1TXnPJVzQ lgcWR9rpEFShfT+wI0YHK+Wi1rFgaA== =YiHU -----END PGP SIGNATURE----- --bUHFL0ZY0h4QKkg7KNcgGEekD5qTsRGu2--