Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added
kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(),
with an assumption that kcov_remote_stop() is called upon continue of
the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in
nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before
break of the for loop.
Reported-by: syzbot <[email protected]>
Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2
Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
Debugged-by: Andrey Konovalov <[email protected]>
Signed-off-by: Tetsuo Handa <[email protected]>
---
net/nfc/nci/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index 0d26c8ec9993..b133dc55304c 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -1518,6 +1518,7 @@ static void nci_rx_work(struct work_struct *work)
if (!nci_plen(skb->data)) {
kfree_skb(skb);
+ kcov_remote_stop();
break;
}
--
2.34.1
On 05/05/2024 12:36, Tetsuo Handa wrote:
> Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added
> kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(),
> with an assumption that kcov_remote_stop() is called upon continue of
> the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in
> nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before
> break of the for loop.
>
> Reported-by: syzbot <[email protected]>
> Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2
> Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
> Debugged-by: Andrey Konovalov <[email protected]>
> Signed-off-by: Tetsuo Handa <[email protected]>
Reviewed-by: Krzysztof Kozlowski <[email protected]>
Best regards,
Krzysztof
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <[email protected]>:
On Sun, 5 May 2024 19:36:49 +0900 you wrote:
> Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added
> kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(),
> with an assumption that kcov_remote_stop() is called upon continue of
> the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in
> nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before
> break of the for loop.
>
> [...]
Here is the summary with links:
- nfc: nci: Fix kcov check in nci_rx_work()
https://git.kernel.org/netdev/net/c/19e35f24750d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html