Re: [PATCH] net: atm: lec: add pre_send validation to avoid uninitialized

Next message: Benson Leung: "[PATCH 1/2] usb: typec: ucsi: psy: Fix ucsi_psy_get_current_now in non-PD cases"
Previous message: Punit Agrawal: "Re: [PATCH v6 00/34] arm_mpam: Add basic mpam driver"
In reply to: kernel test robot: "Re: [PATCH] net: atm: lec: add pre_send validation to avoid uninitialized"
Next in thread: kernel test robot: "Re: [PATCH] net: atm: lec: add pre_send validation to avoid uninitialized"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Simon Horman

Date: Mon Dec 08 2025 - 12:47:13 EST

+ Edward

On Sun, Dec 07, 2025 at 04:14:53AM +0000, Dharanitharan R wrote:
> syzbot reported a KMSAN uninitialized-value crash caused by reading
> fields from struct atmlec_msg before validating that the skb contains
> enough linear data. A malformed short skb can cause lec_arp_update()
> and other handlers to access uninitialized memory.
>
> Add a pre_send() validator that ensures the message header and optional
> TLVs are fully present. This prevents all lec message types from reading
> beyond initialized skb data.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: syzbot+5dd615f890ddada54057@xxxxxxxxxxxxxxxxxxxxxxxxx
> Tested-by: syzbot+5dd615f890ddada54057@xxxxxxxxxxxxxxxxxxxxxxxxx

No blank lines between tags please.

>
> Closes: https://syzkaller.appspot.com/bug?extid=5dd615f890ddada54057

Likewise here.

>
> Signed-off-by: Dharanitharan R <dharanitharan725@xxxxxxxxx>

But more importantly, this seems to duplicate another patch
that is under review:

* [PATCH net v3] net: atm: implement pre_send to check input before sending
https://lore.kernel.org/all/tencent_4312C2065549BCEEF0EECACCA467F446F406@xxxxxx/