Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp7844586rwp; Wed, 19 Jul 2023 00:48:46 -0700 (PDT) X-Google-Smtp-Source: APBJJlGZwHGCscfkeo4v3yXMPJ9NahZX1fdBhynjvsigxtgTVdvM2wu9Zy7A+/PSrhly18jLxwB5 X-Received: by 2002:a05:6a20:3d1a:b0:133:cdda:a26b with SMTP id y26-20020a056a203d1a00b00133cddaa26bmr17893800pzi.21.1689752926011; Wed, 19 Jul 2023 00:48:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689752925; cv=none; d=google.com; s=arc-20160816; b=D/1i+PSTv14RcAT7fwGbBjVkTtddz4t5cEjDJBjVrw7gCEo63h0SB2GWMOrJazrOsl FSOc6VRXvBU+C7LqHLZWnru1CHjVAA1wIeeE5CwoUTt2JK8bZYcCm9y+1a/dcjTeEYPG gk8irmvc7/kT5130bTk4r1uorkTkAZsz4ZsYRpKkPdj3k4aHhDfLNAn+VDCNP4RRTf7A OgUUXgiPJil68ae1SCymJC6BuQlaQ9chfvT+O1Ep7S6WY5TsS9CvciR3MmN29bOQOC6k dXKIC6g+02wy7bvKXe5epoy/1PXq0pM/ZUL11eRaS9Hi7Stu+hvQ+uLrkDhum73nMGDE E0fA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=Xu9MR2/47O8c4IQ+Z6/XUDDcYM9DaE5vQmOhxYk2ODc=; fh=73qSLqWYTlpbS8kR+1FqJzFbTHTdKQSR08Funmzajks=; b=BEE8YmbHvjvRvrajUZOrPfC0m8GVZQGsLLivjVwu5YcTdVR4WucbPGQf8Dmk4nRg9P gmVOFP5xFZ1C4VidlbtCNHo5PqXwxd2vht9oMnR8tO08SKvJp4wxtj5lqZ1tnVh/dlZX QAl22AmsHF4wSipvh5+xqcTOJia8xgsbhDs3rMDYlFPQk3Xe3tbSvRH9TG6CpeFfOg0j Tq3VVhZYuxUGdYShJv9sgHphDzwjxZZsDkZn2irA8Obth0kDwKVauNpYV+NMeWGspTzI Q3jFghCrABEbrGwTSuu1/f1LppSSQmWXrLSjDGped/cutcOasTspNw+9W9w7I/9DTsJ6 vwpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fj13-20020a056a003a0d00b0066aa7b0e3c8si2912919pfb.322.2023.07.19.00.48.33; Wed, 19 Jul 2023 00:48:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xs4all.nl Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229739AbjGSHeQ (ORCPT + 99 others); Wed, 19 Jul 2023 03:34:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229452AbjGSHeP (ORCPT ); Wed, 19 Jul 2023 03:34:15 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC598E43; Wed, 19 Jul 2023 00:34:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 78751612F3; Wed, 19 Jul 2023 07:34:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4E3D7C433C8; Wed, 19 Jul 2023 07:34:11 +0000 (UTC) Message-ID: <81c898ca-cf43-d6b8-8686-a274c7adf3be@xs4all.nl> Date: Wed, 19 Jul 2023 09:34:09 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH] Initialization of read buffer for dib3000_read_reg Content-Language: en-US To: Kernel-Development , "mchehab@kernel.org" Cc: "linux-media@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "skhan@linuxfoundation.org" , "linux-kernel-mentees@lists.linuxfoundation.org" , "syzbot+c88fc0ebe0d5935c70da@syzkaller.appspotmail.com" References: <20230413091841.22000-1-kdev@benbenng.net> <0100018779eb40dc-cee9e39d-5d87-4733-83db-eca5218fcc8f-000000@email.amazonses.com> From: Hans Verkuil In-Reply-To: <0100018779eb40dc-cee9e39d-5d87-4733-83db-eca5218fcc8f-000000@email.amazonses.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,NICE_REPLY_A,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Some comments on this patch: On 13/04/2023 11:21, Kernel-Development wrote: > This is a patch that fixes a bug: > KMSAN: uninit-value in dib3000mb_attach (2) > > Local variable u8 rb[2] is not initialized as it is used as read buffer > for i2c_transfer(). It is expected that i2c_transfer() should fill in > the buffer before the target function returns rb's content. However > error handling of i2c_transfer is not done, and on occasions where the > read fails, uninitialized rb value will be returned. > > The usage of this function, defined as macro rd() in > drivers/media/dvb-frontends/dib3000mb_priv,h, does not expect any error > to occur. Adding error handling here might involve significant code > changes. > > Thus 0-initialization is done on rb. This might affect some logic on > error case as the use of the return value is used as boolean and flags. > > Reported-by: syzbot+c88fc0ebe0d5935c70da@syzkaller.appspotmail.com > Link: https://syzkaller.appspot.com/bug?id=2f4d19de8c9e9f0b9794e53ca54d68e0ffe9f068 > Signed-off-by: (Ben) HokChun Ng > --- > drivers/media/dvb-frontends/dib3000mb.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/media/dvb-frontends/dib3000mb.c b/drivers/media/dvb-frontends/dib3000mb.c > index a6c2fc4586eb..0dd96656aaf4 100644 > --- a/drivers/media/dvb-frontends/dib3000mb.c > +++ b/drivers/media/dvb-frontends/dib3000mb.c > @@ -50,15 +50,19 @@ MODULE_PARM_DESC(debug, "set debugging level (1=info,2=xfer,4=setfe,8=getfe (|-a > > static int dib3000_read_reg(struct dib3000_state *state, u16 reg) > { > + int errno; > u8 wb[] = { ((reg >> 8) | 0x80) & 0xff, reg & 0xff }; > - u8 rb[2]; > + u8 rb[2] = { 0, 0 }; Really all you need to do here is zero this array, which can be even shorter by writing: u8 rb[2] = {}; It is enough to just show the "i2c read error" message, nothing else is needed here. BTW, checkpatch.pl also complains about your email address ('Kernel-Development ' being different from your SoB line: (Ben) HokChun Ng . It's a good idea to ensure the two are the same. I would stick to (Ben) HokChun Ng since that has your actual name. Regards, Hans > struct i2c_msg msg[] = { > { .addr = state->config.demod_address, .flags = 0, .buf = wb, .len = 2 }, > { .addr = state->config.demod_address, .flags = I2C_M_RD, .buf = rb, .len = 2 }, > }; > > - if (i2c_transfer(state->i2c, msg, 2) != 2) > - deb_i2c("i2c read error\n"); > + errno = i2c_transfer(state->i2c, msg, 2); > + if (errno != 2) { > + deb_i2c("i2c read error (errno: %d)\n", -errno); > + return 0; > + } > > deb_i2c("reading i2c bus (reg: %5d 0x%04x, val: %5d 0x%04x)\n",reg,reg, > (rb[0] << 8) | rb[1],(rb[0] << 8) | rb[1]);