Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp1668448ybx;
        Thu, 7 Nov 2019 15:22:37 -0800 (PST)
X-Google-Smtp-Source: APXvYqy8osOeTefAGivWxZBlqBN/Xj3T6xPcKZydqI+veVXldRv4smI+7LP58xUBXiKH1jmggOTr
X-Received: by 2002:a17:906:743:: with SMTP id z3mr5643994ejb.142.1573168957412;
        Thu, 07 Nov 2019 15:22:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573168957; cv=none;
        d=google.com; s=arc-20160816;
        b=wMeazT5JV1oT8RkixNAAPwEceXzOTcdDdE2D1ScD4+UQbYlTtBaqzFxXcTGfjIMD7V
         DtbNMr8csA14+kqn01S2BMgVYomrhU9N2QDmZe1xOdZhfiq+j7vfc4dFuP+qQWTMeTdR
         uSWCyHuPqSflbeZwoLZkn8vrBPry7hZltWhFRCah02LK0zp1V/ZKwaT8mLnxtNNnfEk7
         U0iDNkgqx1ss1qJHaSEUuJ39szYEL3C6SZo0soagrNO4q+GpEcZRITAVZ5aZcZptTY6Y
         YFn8oVqgKEfQbB8IIqICjLfXgFj2gx5j2LEjS/oM8mwoiUQpGkDIHepI6Ta5pgekp8nX
         QiOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:from:subject:cc:to:message-id:date;
        bh=QdJ/Op0AO3RQecHCGAmP8AxbylbKC7GcFqYLV4bLBow=;
        b=frcjBQ4hvBY8n5n+SIz0LsQtgYa07+L49xrv3jgxuzVFFHu7yqwwl/5doxguutBe47
         /Ccicl0OBoitDCBBC966VCW1nXHQ/hOTuzgonab3p4SsbrWWsK4UXPkWKEVQiQDrtgq2
         RodYvwMkkPjkTbibxeQyLybgp1sXv4Cg6Fu8Wsn1Nim1VuXSunRRuEQqZJ8g8cY231hf
         lyVhTt2rKWSGb3VT4lFWZ1EyFbyiJx4RcRJHv4u1SxXwgNDe2ouBT5YX8ShHmls44rkM
         iMit098BvQoNUrPNAjOYjEH88S6w/HvkyFSn65EcORaEHGetR+fOfBtDtZRW2CkBFOCz
         8gQQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s28si2736589edm.64.2019.11.07.15.22.13;
        Thu, 07 Nov 2019 15:22:37 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727768AbfKGXVU (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Thu, 7 Nov 2019 18:21:20 -0500
Received: from shards.monkeyblade.net ([23.128.96.9]:49756 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725924AbfKGXVU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Nov 2019 18:21:20 -0500
Received: from localhost (unknown [IPv6:2601:601:9f00:1e2::d71])
        (using TLSv1 with cipher AES256-SHA (256/256 bits))
        (Client did not present a certificate)
        (Authenticated sender: davem-davemloft)
        by shards.monkeyblade.net (Postfix) with ESMTPSA id 579D415370B6A;
        Thu,  7 Nov 2019 15:21:19 -0800 (PST)
Date:   Thu, 07 Nov 2019 15:21:18 -0800 (PST)
Message-Id: <20191107.152118.922830217121663373.davem@davemloft.net>
To:     tranmanphong@gmail.com
Cc:     syzbot+7dc7c28d4577bbe55b10@syzkaller.appspotmail.com,
        gregkh@linuxfoundation.org, glider@google.com,
        hslester96@gmail.com, kstewart@linuxfoundation.org,
        linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
        netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
        tglx@linutronix.de, linux-kernel-mentees@lists.linuxfoundation.org
Subject: Re: [PATCH] usb: asix: Fix uninit-value in asix_mdio_write
From:   David Miller <davem@davemloft.net>
In-Reply-To: <20191107004404.23707-1-tranmanphong@gmail.com>
References: <0000000000009763320594f993ee@google.com>
        <20191107004404.23707-1-tranmanphong@gmail.com>
X-Mailer: Mew version 6.8 on Emacs 26.1
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Thu, 07 Nov 2019 15:21:19 -0800 (PST)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Phong Tran <tranmanphong@gmail.com>
Date: Thu,  7 Nov 2019 07:44:04 +0700

> The local variables use without initilization value.
> This fixes the syzbot report.
> 
> Reported-by: syzbot+7dc7c28d4577bbe55b10@syzkaller.appspotmail.com
> 
> Test result:
> 
> https://groups.google.com/d/msg/syzkaller-bugs/3H_n05x_sPU/sUoHhxgAAgAJ
> 
> Signed-off-by: Phong Tran <tranmanphong@gmail.com>

There are several more situations in this file where the data blob passed
to asix_read_cmd() is read without pre-initialization not checking the
return value from asix_read_cmd().

So, syzbot can see some of them but not all of them, yet all of them
are buggy and should be fixed.

These kinds of patches drive me absolutely crazy :-)

Really, one of two things needs to happen, either asix_read_cmd() clears
the incoming buffer unconditionally, or these call sites strictly must
check the return value always before accessing the buffer after the call.

I'm not applying this, sorry.