mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-25 21:54:06 +08:00
ca8f245f28
Don't use uninitialized ircode[] in cxusb_rc_query() when cxusb_ctrl_msg() fails to populate its contents. syzbot reported: dvb-usb: bulk message failed: -22 (1/-30591) ===================================================== BUG: KMSAN: uninit-value in ir_lookup_by_scancode drivers/media/rc/rc-main.c:494 [inline] BUG: KMSAN: uninit-value in rc_g_keycode_from_table drivers/media/rc/rc-main.c:582 [inline] BUG: KMSAN: uninit-value in rc_keydown+0x1a6/0x6f0 drivers/media/rc/rc-main.c:816 CPU: 1 PID: 11436 Comm: kworker/1:2 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events dvb_usb_read_remote_control Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x191/0x1f0 lib/dump_stack.c:113 kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108 __msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250 bsearch+0x1dd/0x250 lib/bsearch.c:41 ir_lookup_by_scancode drivers/media/rc/rc-main.c:494 [inline] rc_g_keycode_from_table drivers/media/rc/rc-main.c:582 [inline] rc_keydown+0x1a6/0x6f0 drivers/media/rc/rc-main.c:816 cxusb_rc_query+0x2e1/0x360 drivers/media/usb/dvb-usb/cxusb.c:548 dvb_usb_read_remote_control+0xf9/0x290 drivers/media/usb/dvb-usb/dvb-usb-remote.c:261 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:150 [inline] kmsan_internal_chain_origin+0xd2/0x170 mm/kmsan/kmsan.c:314 __msan_chain_origin+0x6b/0xe0 mm/kmsan/kmsan_instr.c:184 rc_g_keycode_from_table drivers/media/rc/rc-main.c:583 [inline] rc_keydown+0x2c4/0x6f0 drivers/media/rc/rc-main.c:816 cxusb_rc_query+0x2e1/0x360 drivers/media/usb/dvb-usb/cxusb.c:548 dvb_usb_read_remote_control+0xf9/0x290 drivers/media/usb/dvb-usb/dvb-usb-remote.c:261 process_one_work+0x1572/0x1ef0 kernel/workqueue.c:2269 worker_thread+0x111b/0x2460 kernel/workqueue.c:2415 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355 Local variable description: ----ircode@cxusb_rc_query Variable was created at: cxusb_rc_query+0x4d/0x360 drivers/media/usb/dvb-usb/cxusb.c:543 dvb_usb_read_remote_control+0xf9/0x290 drivers/media/usb/dvb-usb/dvb-usb-remote.c:261 Signed-off-by: Vito Caputo <vcaputo@pengaru.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Sean Young <sean@mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> |
||
---|---|---|
.. | ||
a800.c | ||
af9005-fe.c | ||
af9005-remote.c | ||
af9005-script.h | ||
af9005.c | ||
af9005.h | ||
az6027.c | ||
az6027.h | ||
cinergyT2-core.c | ||
cinergyT2-fe.c | ||
cinergyT2.h | ||
cxusb-analog.c | ||
cxusb.c | ||
cxusb.h | ||
dib07x0.h | ||
dib0700_core.c | ||
dib0700_devices.c | ||
dib0700.h | ||
dibusb-common.c | ||
dibusb-mb.c | ||
dibusb-mc-common.c | ||
dibusb-mc.c | ||
dibusb.h | ||
digitv.c | ||
digitv.h | ||
dtt200u-fe.c | ||
dtt200u.c | ||
dtt200u.h | ||
dtv5100.c | ||
dtv5100.h | ||
dvb-usb-common.h | ||
dvb-usb-dvb.c | ||
dvb-usb-firmware.c | ||
dvb-usb-i2c.c | ||
dvb-usb-init.c | ||
dvb-usb-remote.c | ||
dvb-usb-urb.c | ||
dvb-usb.h | ||
dw2102.c | ||
dw2102.h | ||
gp8psk.c | ||
gp8psk.h | ||
Kconfig | ||
m920x.c | ||
m920x.h | ||
Makefile | ||
nova-t-usb2.c | ||
opera1.c | ||
pctv452e.c | ||
technisat-usb2.c | ||
ttusb2.c | ||
ttusb2.h | ||
umt-010.c | ||
usb-urb.c | ||
vp702x-fe.c | ||
vp702x.c | ||
vp702x.h | ||
vp7045-fe.c | ||
vp7045.c | ||
vp7045.h |