Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp569089ybc; Tue, 19 Nov 2019 05:59:02 -0800 (PST) X-Google-Smtp-Source: APXvYqz2j7IsugPHJR538y9Hkdj4yF96T1iLliA4sxUbIfQcqtVt197W7nUhgnb643XRAf+Oc9yA X-Received: by 2002:a17:906:53cc:: with SMTP id p12mr34923895ejo.52.1574171942203; Tue, 19 Nov 2019 05:59:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574171942; cv=none; d=google.com; s=arc-20160816; b=HbpnTVyXR/T2ObfNrqaQR9mNYC7cq9q9W7i+qs1iVBcmPlG4fPdNLISM4zCz9BrR51 bSZbkM90smcS4dN5ZWpXYlBLoyqujZ8A9L/Z05plYfJbuQ9+RMJQgo6s/sgRYyigFJ+k +kWR7LyDcZBurbCkgfRCTq4DgK1EQY+5hplFujPpkyPFgnppDmci/aNnqiwRLSnG0vNs hVFmcd5YIa9eVtCfCRGnH/5jvFjHrVlfCuVRQHFIk9AIUB27+tByAezZayc5D7xfHBlu x7G15H8TTq4P0u3xCWqv7LjScgsRgQpLnlHREQmiYui2WsAyjOMWHB3llmfb7uvjIEM3 nvIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:cc:dkim-signature; bh=sRIw6rp9Mc/Zdv75hs9vE0HKh/1jxjYXzfWj5KShO4o=; b=Xlo0FSJC1csOhV7d5VoZUCtDIMT8893Z2GhJvbQsZrZEU5v6ZBmuCqlLv6i74euYYN q5UpImbu1pgNuCuYYeMnoypI1IzkFicUSG+OqDWLdlk8qWg9HtQMujOqC0sSnmF7UNLe gUOFAK1y+wR8JYj0lxX7ozPmEOXwyl2FWdA8bpY6T9LEhjmJ0GZnZuHCPpr9M+gQhqJ2 5rV+flS/fAQOM5vFVJtbPOVgLCmTKwdxqUmlPEJHqcF18AHKyEgH+WuFYPw447CFpTWG XrWjnwvlAJ5p3/J48jyZiVtXZtmZeneTmHPOGpVWmLLTzwjsO7BHzWdcmtkB1ioUsOYY j30w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MrhrrF8V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gs14si9205547ejb.347.2019.11.19.05.58.36; Tue, 19 Nov 2019 05:59:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MrhrrF8V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727530AbfKSNaA (ORCPT + 99 others); Tue, 19 Nov 2019 08:30:00 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:37504 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725904AbfKSNaA (ORCPT ); Tue, 19 Nov 2019 08:30:00 -0500 Received: by mail-pl1-f196.google.com with SMTP id bb5so11771012plb.4; Tue, 19 Nov 2019 05:29:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=cc:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=sRIw6rp9Mc/Zdv75hs9vE0HKh/1jxjYXzfWj5KShO4o=; b=MrhrrF8VKUR53os//rbTAXNlYR381za1H7vFBS2zlR43gNP9tiyijNaDdSFPm1ylZG 7BpsZiu0xUbFqrsK+ucimbYqFbLMaa12nDUf4kHzSThkSH6y+PteD6qYuW+oYdiiwSpg bN07C1TVSW7/jx1bNm+Bi0XpYBY64QsJbMqykRhmaczEolhgAG7qci5fr/cFvTUThXVt 3iWjfxVJwDOZLxmacN1ZywbivHp1acfzctqa/aocOPR/NgBsqCLxWmSFXIh1OHnx91z4 DGpouLhOKrqJtFvGo56iGd5qkMokxcqRHj0TAZqHP58nPcJZJ7Xd0F71eOTtQ3HRZbpi 56kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:cc:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=sRIw6rp9Mc/Zdv75hs9vE0HKh/1jxjYXzfWj5KShO4o=; b=Oi3cD9QeyHYAukP8wY/oPriNlVBfZc5NU1mH2+w8uwcSWVk6kMWMvJ1gvjx8ysmny2 Y5byh3UdogZwG1+71pKdkLNtkY4OPmNp+NUHF4jp1bqzgadHueTD44KBXZJgctROhCZ9 uFdCJYqKmC1bQQJQKwBX4Q8v8Ollj565+Ef7HAhqD1C8GcUUSp+5HAqKL2LF/6OLSxvg 9yhPp35EYQwgApMh12NMkx4k/4VErAI0JZVKplFavM2AoBSzA+2gMsKszGSAwnK5pYH3 TxF88jx+VIAGc70vxJYW4DrxapZFU/xDinVN3LR5K73L1tVa0dbIQ2LoAYE1rhVVoBxe +8PA== X-Gm-Message-State: APjAAAVmvA4ShEWnrGuCcXbV1AxIPlxPgKOmuXfvTHcXq6+cpzsrnMzI KF8aPQcvH+FEHuw2T4FMVz0= X-Received: by 2002:a17:902:bd82:: with SMTP id q2mr35320894pls.106.1574170197473; Tue, 19 Nov 2019 05:29:57 -0800 (PST) Received: from ?IPv6:2405:4800:58c7:fb0:3103:9cb5:5896:cd6e? ([2405:4800:58c7:fb0:3103:9cb5:5896:cd6e]) by smtp.gmail.com with ESMTPSA id r15sm26254360pfh.81.2019.11.19.05.29.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 19 Nov 2019 05:29:56 -0800 (PST) Cc: tranmanphong@gmail.com, "open list:HID CORE LAYER" , lkml , linux-kernel-mentees@lists.linuxfoundation.org, syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com Subject: Re: [PATCH] HID: hid-lg4ff: Fix uninit-value set_autocenter_default To: Benjamin Tissoires References: <20191105141807.27054-1-tranmanphong@gmail.com> From: Phong Tran Message-ID: <0407e8bb-bbf5-ec64-cdac-ef266f1ab391@gmail.com> Date: Tue, 19 Nov 2019 20:29:49 +0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/18/19 4:43 PM, Benjamin Tissoires wrote: > On Tue, Nov 5, 2019 at 3:18 PM Phong Tran wrote: >> >> syzbot found a problem using of uinit pointer in >> lg4ff_set_autocenter_default(). >> >> Reported-by: syzbot+1234691fec1b8ceba8b1@syzkaller.appspotmail.com >> >> Tested by syzbot: >> >> https://groups.google.com/d/msg/syzkaller-bugs/ApnMLW6sfKE/Qq0bIHGEAQAJ > > This seems weird to me: > > the syzbot link above is about `hid_get_drvdata(hid)`, and, as I read > it, the possibility that hid might not have an initialized value. > In the dashboard [1] shows BUG: KMSAN: uninit-value in dev_get_drvdata include/linux/device.h:1388 [inline] BUG: KMSAN: uninit-value in hid_get_drvdata include/linux/hid.h:628 [inline] BUG: KMSAN: uninit-value in lg4ff_set_autocenter_default+0x23a/0xa20 drivers/hid/hid-lg4ff.c:477 base on that I did the initialization the pointer in the patch. > Here you are changing the initialized values of value, entry and > drv_data, all 3 are never used before their first assignment. > > I have a feeling this particular syzbot check has already been fixed > upstream by d9d4b1e46d95 "HID: Fix assumption that devices have > inputs". > I think the commit d9d4b1 fixed this report [2] by syzbot. [1] https://syzkaller.appspot.com/bug?extid=1234691fec1b8ceba8b1 [2] https://syzkaller.appspot.com/bug?extid=403741a091bf41d4ae79 regards, Phong. > Cheers, > Benjamin > >> >> Signed-off-by: Phong Tran >> --- >> drivers/hid/hid-lg4ff.c | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c >> index 5e6a0cef2a06..44dfd08b0c32 100644 >> --- a/drivers/hid/hid-lg4ff.c >> +++ b/drivers/hid/hid-lg4ff.c >> @@ -468,10 +468,10 @@ static int lg4ff_play(struct input_dev *dev, void *data, struct ff_effect *effec >> static void lg4ff_set_autocenter_default(struct input_dev *dev, u16 magnitude) >> { >> struct hid_device *hid = input_get_drvdata(dev); >> - s32 *value; >> + s32 *value = NULL; >> u32 expand_a, expand_b; >> - struct lg4ff_device_entry *entry; >> - struct lg_drv_data *drv_data; >> + struct lg4ff_device_entry *entry = NULL; >> + struct lg_drv_data *drv_data = NULL; >> unsigned long flags; >> >> drv_data = hid_get_drvdata(hid); >> -- >> 2.20.1 >> >