android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
86aff7c5f7
android_kernel_samsung_sm8650/drivers
History
Eric Dumazet d9c54763e5 nbd: always initialize struct msghdr completely 
commit 78fbb92af27d0982634116c7a31065f24d092826 upstream.

syzbot complains that msg->msg_get_inq value can be uninitialized [1]

struct msghdr got many new fields recently, we should always make
sure their values is zero by default.

[1]
 BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
  tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571
  inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879
  sock_recvmsg_nosec net/socket.c:1044 [inline]
  sock_recvmsg+0x12b/0x1e0 net/socket.c:1066
  __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538
  nbd_read_reply drivers/block/nbd.c:732 [inline]
  recv_work+0x262/0x3100 drivers/block/nbd.c:863
  process_one_work kernel/workqueue.c:2627 [inline]
  process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700
  worker_thread+0xf45/0x1490 kernel/workqueue.c:2781
  kthread+0x3ed/0x540 kernel/kthread.c:388
  ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
  ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

Local variable msg created at:
  __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513
  nbd_read_reply drivers/block/nbd.c:732 [inline]
  recv_work+0x262/0x3100 drivers/block/nbd.c:863

CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: nbd5-recv recv_work

Fixes: f94fd25cb0 ("tcp: pass back data left in socket after receive")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: stable@vger.kernel.org
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: linux-block@vger.kernel.org
Cc: nbd@other.debian.org
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240112132657.647112-1-edumazet@google.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-31 16:17:06 -08:00
..
accessibility
acpi acpi: property: Let args be NULL in __acpi_node_get_property_reference 2024-01-25 15:27:46 -08:00
amba amba: bus: fix refcount leak 2023-09-13 09:42:56 +02:00
android binder: fix race between mmput() and do_exit() 2024-01-25 15:27:39 -08:00
ata scsi: sd: Fix system start for ATA devices 2023-12-08 08:51:14 +01:00
atm atm: solos-pci: Fix potential deadlock on &tx_queue_lock 2023-12-20 17:00:16 +01:00
auxdisplay auxdisplay: hd44780: move cursor home after clear display command 2023-12-08 08:51:16 +01:00
base rtc: Extend timeout for waiting for UIP to clear to 1s 2024-01-31 16:17:01 -08:00
bcma
block nbd: always initialize struct msghdr completely 2024-01-31 16:17:06 -08:00
bluetooth Bluetooth: btmtkuart: fix recv_buf() return value 2024-01-25 15:27:30 -08:00
bus bus: mhi: host: Add spinlock to protect WP access when queueing TREs 2024-01-31 16:16:59 -08:00
cdrom
char hwrng: core - Fix page fault dead lock on mmap-ed hwrng 2024-01-31 16:16:58 -08:00
clk clk: si5341: fix an error code problem in si5341_output_clk_set_rate 2024-01-25 15:27:36 -08:00
clocksource clocksource/drivers/timer-ti-dm: Fix make W=n kerneldoc warnings 2024-01-25 15:27:39 -08:00
comedi
connector
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2023-10-19 23:08:58 +02:00
cpufreq cpufreq: scmi: process the result of devm_of_clk_add_hw_provider() 2024-01-25 15:27:20 -08:00
cpuidle powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT 2023-09-13 09:42:48 +02:00
crypto crypto: sahara - do not resize req->src when doing hash operations 2024-01-25 15:27:23 -08:00
cxl cxl/region: fix x9 interleave typo 2024-01-25 15:27:48 -08:00
dax
dca
devfreq PM / devfreq: Fix buffer overflow in trans_stat_show 2024-01-31 16:16:58 -08:00
dio
dma dmaengine: fix NULL pointer in channel unregistration function 2024-01-31 16:17:00 -08:00
dma-buf dma-buf: fix check in dma_resv_add_fence 2023-12-08 08:51:15 +01:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 15:27:18 -08:00
eisa
extcon extcon: cht_wc: add POWER_SUPPLY dependency 2023-09-13 09:42:53 +02:00
firewire firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards 2024-01-10 17:10:35 +01:00
firmware firmware: meson_sm: populate platform devices from sm device tree data 2024-01-25 15:27:24 -08:00
fpga
fsi fsi: aspeed: Reset master errors after CFAM reset 2023-09-13 09:42:54 +02:00
gnss
gpio gpio: dwapb: mask/unmask IRQ when disable/enale it 2024-01-01 12:39:07 +00:00
gpu drm/amd/display: pbn_div need be updated for hotplug event 2024-01-31 16:17:03 -08:00
greybus
hid HID: wacom: Correct behavior when processing some confidence == false touches 2024-01-25 15:27:44 -08:00
hsi
hte hte: tegra: Fix missing error code in tegra_hte_test_probe() 2023-11-20 11:51:58 +01:00
hv Drivers: hv: vmbus: Don't dereference ACPI root object handle 2023-09-13 09:42:59 +02:00
hwmon hwmon: (corsair-psu) Fix probe when built-in 2024-01-20 11:50:06 +01:00
hwspinlock hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation 2023-09-19 12:28:05 +02:00
hwtracing coresight: etm4x: Fix width of CCITMIN field 2024-01-20 11:50:11 +01:00
i2c i2c: s3c24xx: fix transferring more than one message in polling mode 2024-01-25 15:27:52 -08:00
i3c i3c: master: svc: fix random hot join failure since timeout error 2023-11-28 17:07:17 +00:00
idle intel_idle: add Emerald Rapids Xeon support 2023-10-10 22:00:44 +02:00
iio iio: adc: ad7091r: Enable internal vref if external vref is not supplied 2024-01-31 16:17:00 -08:00
infiniband IB/iser: Prevent invalidating wrong MR 2024-01-25 15:27:38 -08:00
input Input: atkbd - use ab83 as id when skipping the getid command 2024-01-25 15:27:39 -08:00
interconnect Revert "interconnect: qcom: sm8250: Enable sync_state" 2024-01-10 17:10:37 +01:00
iommu iommu/dma: Trace bounce buffer usage when mapping buffers 2024-01-25 15:27:43 -08:00
ipack
irqchip irqchip/stm32-exti: add missing DT IRQ flag translation 2023-11-08 14:10:57 +01:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:27:26 +02:00
leds leds: aw2013: Select missing dependency REGMAP_I2C 2024-01-25 15:27:45 -08:00
macintosh
mailbox mailbox: qcom-ipcc: fix incorrect num_chans counting 2023-09-19 12:27:58 +02:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 17:07:13 +00:00
md Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" 2024-01-25 15:27:52 -08:00
media media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run 2024-01-31 16:17:01 -08:00
memory
memstick
message
mfd mfd: intel-lpss: Fix the fractional clock divider flags 2024-01-25 15:27:45 -08:00
misc accel/habanalabs: fix information leak in sec_attest_info() 2024-01-25 15:27:37 -08:00
mmc mmc: mmc_spi: remove custom DMA mapped buffers 2024-01-31 16:17:01 -08:00
most
mtd mtd: Fix gluebi NULL pointer dereference caused by ftl notifier 2024-01-25 15:27:21 -08:00
mux
net net: fec: fix the unhandled context fault from smmu 2024-01-31 16:17:06 -08:00
nfc
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-13 09:43:02 +02:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 11:52:05 +01:00
nvme nvmet-tcp: Fix the H2C expected PDU len calculation 2024-01-25 15:27:48 -08:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2023-11-02 09:35:31 +01:00
of of: unittest: Fix of_count_phandle_with_args() expected value message 2024-01-25 15:27:38 -08:00
opp OPP: Pass rounded rate to _set_opp() 2024-01-31 16:16:58 -08:00
parisc parisc/power: Fix power soft-off button emulation on qemu 2024-01-31 16:16:59 -08:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2024-01-20 11:50:11 +01:00
pci PCI: mediatek-gen3: Fix translation window size calculation 2024-01-25 15:27:48 -08:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 11:52:13 +01:00
peci
perf perf: hisi: Fix use-after-free when register pmu fails 2023-11-20 11:52:01 +01:00
phy phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins 2023-10-25 12:03:16 +02:00
pinctrl pinctrl: cy8c95x0: Fix get_pincfg 2024-01-20 11:50:09 +01:00
platform platform/x86/intel/vsec: Fix xa_alloc memory leak 2024-01-25 15:27:20 -08:00
pnp
power power: supply: bq256xx: fix some problem in bq256xx_hw_init 2024-01-25 15:27:45 -08:00
powercap powercap: DTPM: Fix missing cpufreq_cpu_put() calls 2023-12-13 18:39:21 +01:00
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 17:07:05 +00:00
pwm pwm: Fix out-of-bounds access in of_pwm_single_xlate() 2024-01-25 15:27:42 -08:00
rapidio
ras
regulator regulator: mt6358: Fail probe on unknown chip ID 2023-11-20 11:51:56 +01:00
remoteproc
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-20 11:50:07 +01:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-01-31 16:16:59 -08:00
rtc rtc: Extend timeout for waiting for UIP to clear to 1s 2024-01-31 16:17:01 -08:00
s390 s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB 2024-01-31 16:16:59 -08:00
sbus
scsi scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable State 2024-01-25 15:27:42 -08:00
sh
siox
slimbus
soc soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration 2024-01-25 15:27:28 -08:00
soundwire soundwire: stream: fix NULL pointer dereference for multi_link 2023-12-20 17:00:25 +01:00
spi spi: sh-msiof: Enforce fixed DTDL for R-Car H3 2024-01-25 15:27:20 -08:00
spmi spmi: mtk-pmif: Serialize PMIF status check and command submission 2024-01-25 15:27:47 -08:00
ssb
staging media: rkvdec: Hook the (TRY_)DECODER_CMD stateless ioctls 2024-01-25 15:27:32 -08:00
target scsi: target: core: add missing file_{start,end}_write() 2024-01-25 15:27:42 -08:00
tc
tee tee: optee: Fix supplicant based device enumeration 2023-12-13 18:39:12 +01:00
thermal thermal: core: prevent potential string overflow 2023-11-20 11:51:54 +01:00
thunderbolt thunderbolt: Fix memory leak in margining_port_remove() 2024-01-01 12:39:08 +00:00
tty serial: sc16is7xx: improve do/while loop in sc16is7xx_irq() 2024-01-31 16:17:02 -08:00
ufs scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() 2024-01-31 16:17:00 -08:00
uio uio: Fix use-after-free in uio_open 2024-01-20 11:50:10 +01:00
usb usb: dwc3: gadget: Handle EP0 request dequeuing properly 2024-01-31 16:16:57 -08:00
vdpa vdpa: Fix an error handling path in eni_vdpa_probe() 2024-01-25 15:27:47 -08:00
vfio vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() 2023-10-06 14:56:45 +02:00
vhost vhost-vdpa: fix use after free in vhost_vdpa_probe() 2023-11-28 17:07:04 +00:00
video fbdev: flush deferred IO before closing 2024-01-25 15:27:42 -08:00
virt virt: sevguest: Fix passing a stack buffer as a scatterlist target 2023-11-20 11:52:13 +01:00
virtio virtio_pci: fix the common cfg map size 2023-11-02 09:35:23 +01:00
vlynq
w1
watchdog watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused 2024-01-25 15:27:36 -08:00
xen xen: simplify evtchn_do_upcall() call maze 2023-12-08 08:51:20 +01:00
zorro
Kconfig
Makefile