lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 30 May 2024 20:16:59 +0530
From: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To: Edward Adam Davis <eadavis@...com>,
        syzbot+07762f019fd03d01f04c@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        Dan Carpenter <error27@...il.com>
Subject: Re: [syzbot] [input?] [usb?] KMSAN: uninit-value in asus_report_fixup

Hi Edward,

On 28/05/24 17:58, Edward Adam Davis wrote:
> please test uv asus_report_fixup
> 
> #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 70ec81c2e2b4
> 

I have tested the below patch:
and it prints something like this: No KMSAN failure.

[ 1200.138915][  T760] rdesc: g.�.�.�.I, asus_report_fixup

I don't see boot failure like syzbot did(and that looks unrelated to 
this bug that is being worked on(hid related))

> diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c
> index 02de2bf4f790..1a92392967fc 100644
> --- a/drivers/hid/hid-asus.c
> +++ b/drivers/hid/hid-asus.c
> @@ -1204,8 +1204,9 @@ static __u8 *asus_report_fixup(struct hid_device *hdev, __u8 *rdesc,
>   	}
>   
>   	/* match many more n-key devices */
> -	if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD) {
> -		for (int i = 0; i < *rsize + 1; i++) {
> +	printk("rdesc: %c.%c.%c.%c.%c, %s\n", rdesc[0], rdesc[1], rdesc[2], rdesc[3], rdesc[4], __func__);
> +	if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD && *rsize > 15) {
> +		for (int i = 0; i < *rsize - 14; i++) {
>   			/* offset to the count from 0x5a report part always 14 */
>   			if (rdesc[i] == 0x85 && rdesc[i + 1] == 0x5a &&
>   			    rdesc[i + 14] == 0x95 && rdesc[i + 15] == 0x05) {
> diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
> index a90ed2ceae84..9f0e09f667b1 100644
> --- a/drivers/hid/usbhid/hid-core.c
> +++ b/drivers/hid/usbhid/hid-core.c
> @@ -1029,7 +1029,7 @@ static int usbhid_parse(struct hid_device *hid)
>   		return -EINVAL;
>   	}
>   
> -	rdesc = kmalloc(rsize, GFP_KERNEL);
> +	rdesc = kzalloc(rsize, GFP_KERNEL);
>   	if (!rdesc)
>   		return -ENOMEM;
>   
Thanks,
Harshit
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ