1. Patchew
  2. linux
  3. View series

[PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet

Qianqiang Liu posted 1 patch 1 month, 2 weeks ago 
drivers/nfc/virtual_ncidev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet
Posted by Qianqiang Liu 1 month, 2 weeks ago 
When an unsupported rf_tech_and_mode (0xe6) occurs in nci_rf_discover_ntf_packet,
the ntf.ntf_type may be assigned an uninitialized value.

To resolve this, use the __GFP_ZERO flag when calling alloc_skb(),
ensuring that skb->data is properly initialized.

Reported-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3f8fa0edaa75710cd66e
Tested-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>
---
 drivers/nfc/virtual_ncidev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/virtual_ncidev.c b/drivers/nfc/virtual_ncidev.c
index 6b89d596ba9a..31da26287327 100644
--- a/drivers/nfc/virtual_ncidev.c
+++ b/drivers/nfc/virtual_ncidev.c
@@ -117,7 +117,7 @@ static ssize_t virtual_ncidev_write(struct file *file,
 	struct virtual_nci_dev *vdev = file->private_data;
 	struct sk_buff *skb;
 
-	skb = alloc_skb(count, GFP_KERNEL);
+	skb = alloc_skb(count, GFP_KERNEL | __GFP_ZERO);
 	if (!skb)
 		return -ENOMEM;
 
-- 
2.47.0
Re: [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet
Posted by Krzysztof Kozlowski 1 month, 1 week ago 
On 12/10/2024 20:47, Qianqiang Liu wrote:
> When an unsupported rf_tech_and_mode (0xe6) occurs in nci_rf_discover_ntf_packet,
> the ntf.ntf_type may be assigned an uninitialized value.
> 
> To resolve this, use the __GFP_ZERO flag when calling alloc_skb(),
> ensuring that skb->data is properly initialized.
> 
> Reported-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=3f8fa0edaa75710cd66e
> Tested-by: syzbot+3f8fa0edaa75710cd66e@syzkaller.appspotmail.com
> Signed-off-by: Qianqiang Liu <qianqiang.liu@163.com>

Do not attach (thread) your patchsets to some other threads (unrelated
or older versions). This buries them deep in the mailbox and might
interfere with applying entire sets.

> ---
>  drivers/nfc/virtual_ncidev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/virtual_ncidev.c b/drivers/nfc/virtual_ncidev.c
> index 6b89d596ba9a..31da26287327 100644
> --- a/drivers/nfc/virtual_ncidev.c
> +++ b/drivers/nfc/virtual_ncidev.c
> @@ -117,7 +117,7 @@ static ssize_t virtual_ncidev_write(struct file *file,
>  	struct virtual_nci_dev *vdev = file->private_data;
>  	struct sk_buff *skb;
>  
> -	skb = alloc_skb(count, GFP_KERNEL);
> +	skb = alloc_skb(count, GFP_KERNEL | __GFP_ZERO);
>  	if (!skb)
>  		return -ENOMEM;

Same comments as before:

https://lore.kernel.org/all/20240803121817.383567-1-zhanghao1@kylinos.cn/

Respond to existing feedback, please.

Best regards,
Krzysztof
Re: [PATCH] nfc/nci: Fix uninit-value issue in nci_ntf_packet
Posted by Qianqiang Liu 1 month, 1 week ago 
On Wed, Oct 16, 2024 at 09:58:53AM +0200, Krzysztof Kozlowski wrote:
> 
> Same comments as before:
> 
> https://lore.kernel.org/all/20240803121817.383567-1-zhanghao1@kylinos.cn/
> 
> Respond to existing feedback, please.
> 
> Best regards,
> Krzysztof

Got it, thanks!

-- 
Best,
Qianqiang Liu

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.