Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp892343pxb;
        Wed, 6 Apr 2022 03:26:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwoze+47wyMUKHl6lQPPID6QEqcMq81IwrGoYIbOrIzi9JTBGgVXX9+l9t6jVgURv1xqeCB
X-Received: by 2002:a17:90b:3904:b0:1c6:c1f8:cbd8 with SMTP id ob4-20020a17090b390400b001c6c1f8cbd8mr8987874pjb.53.1649240790807;
        Wed, 06 Apr 2022 03:26:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649240790; cv=none;
        d=google.com; s=arc-20160816;
        b=j8BfhLwm6gPbHEPEjQOTfbQmW62uhWgC/jmYcYlFukQIj5A8PAyiIyBdO0cBfaOy1Y
         lioCG4w6FynTTUBZ2+SqzAzD8kYmCAOkEFY+71N9rIbP5DfJmyoMWhMFuXGNf3kUsmHJ
         SBKupuqZF1bPvRaO7s0iQWuyvPQ6c0gG7sHZI2fwTKA0AO0ePv1zL7RzRU2Jb6IndF4F
         83Wcl+iNX7RYIZqOItDNVpCGidtLFIX6Vqg+v87diZRrsuADUaQyTbKMJrlrEJhtc0RE
         301NkdAw184qUTiyQ3l5MDxWrarsVKDRyq2t6oq7zLLaPvCa79+hnEaSWLHyHYzJ28CE
         3/hA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=ggE3CoPrm/f4wEfOBojLQoE5/nMjWl8Fbt1nQfRaoYw=;
        b=eMb9FsDH5B59wW+kYeA1ypaLfWncxKGXuCpwsdWTZNeDNZmx6BSJy+W1PP06wBtiid
         td0BA3bxNNZRYa8pbRT0DAZ1c2lSerGTy/ZR4sAShkY85Kikhi7s7i26sv6XinGuGuet
         YLJwRd7IhxECbVldlnhsSSti7+Nb1+Q7hjk+XLuS3shomdXElUQFd3IzwZD2yCF0n5Qx
         Xd4fYiZGEXEN7SaYu8lM1VONpiTNkKlBvKcsxvnwQBqweq4nQYEzGOcUDLsH+M4SaTEF
         o3HKwvgWkaHNxxD/aTAAxabYAukkJG0i27eelX5t28l/cGHMT7cBuXLwQojZJn0NlcvJ
         iSoQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Qkntiv3Q;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18])
        by mx.google.com with ESMTPS id a12-20020a1709027d8c00b00153b2d16511si14579445plm.281.2022.04.06.03.26.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Apr 2022 03:26:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Qkntiv3Q;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9FF934BF6A0;
	Wed,  6 Apr 2022 01:48:03 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232297AbiDEHq3 (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 99 others); Tue, 5 Apr 2022 03:46:29 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34126 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232039AbiDEHoo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 03:44:44 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBC0797B87;
        Tue,  5 Apr 2022 00:41:13 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 702D46164B;
        Tue,  5 Apr 2022 07:41:13 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7D2CCC340EE;
        Tue,  5 Apr 2022 07:41:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649144472;
        bh=cJgNiIRKs43WwxcFvB9IigSsDaV6t6vyU5S0AYz5shw=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Qkntiv3QT2AxXHBtF510/wrA4xOUR1BOVzEcPhqEGgYBfPW0m46TKvv4FAmx9b3Z5
         3+6Qr78Rb57LXmkRinwQp+p4vLtTjmObos+2pglsWoJtc6HOPodRJywqA4IrQPOk7G
         8i4r7Tkx+PWsD/SOLtDmfGvCQDB4MUM7PhvUvpaU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Anssi Hannula <anssi.hannula@bitwise.fi>,
        Mathias Nyman <mathias.nyman@linux.intel.com>
Subject: [PATCH 5.17 0018/1126] xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
Date:   Tue,  5 Apr 2022 09:12:45 +0200
Message-Id: <20220405070408.078203683@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070407.513532867@linuxfoundation.org>
References: <20220405070407.513532867@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Anssi Hannula <anssi.hannula@bitwise.fi>

commit 05519b8589a679edb8fa781259893d20bece04ad upstream.

xhci_decode_ctrl_ctx() returns the untouched buffer as-is if both "drop"
and "add" parameters are zero.

Fix the function to return an empty string in that case.

It was not immediately clear from the possible call chains whether this
issue is currently actually triggerable or not.

Note that before commit 4843b4b5ec64 ("xhci: fix even more unsafe memory
usage in xhci tracing") the result effect in the failure case was different
as a static buffer was used here, but the code still worked incorrectly.

Fixes: 90d6d5731da7 ("xhci: Add tracing for input control context")
Cc: stable@vger.kernel.org
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 4843b4b5ec64 ("xhci: fix even more unsafe memory usage in xhci tracing")
Link: https://lore.kernel.org/r/20220303110903.1662404-4-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/host/xhci.h |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -2470,6 +2470,8 @@ static inline const char *xhci_decode_ct
 	unsigned int	bit;
 	int		ret = 0;
 
+	str[0] = '\0';
+
 	if (drop) {
 		ret = sprintf(str, "Drop:");
 		for_each_set_bit(bit, &drop, 32)