5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp
[ Upstream commit 19e35f24750ddf860c51e51c68cf07ea181b4881 ]
Commit 7e8cdc97148c ("nfc: Add KCOV annotations") added kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(), with an assumption that kcov_remote_stop() is called upon continue of the for loop. But commit d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before break of the for loop.
Reported-by: syzbot syzbot+0438378d6f157baae1a2@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") Suggested-by: Andrey Konovalov andreyknvl@gmail.com Signed-off-by: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Reviewed-by: Krzysztof Kozlowski krzysztof.kozlowski@linaro.org Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA... Signed-off-by: Jakub Kicinski kuba@kernel.org Stable-dep-of: 6671e352497c ("nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()") Signed-off-by: Sasha Levin sashal@kernel.org --- net/nfc/nci/core.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index 7b3f3d6285004..ada7f32d03e48 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -1517,6 +1517,7 @@ static void nci_rx_work(struct work_struct *work)
if (!nci_valid_size(skb)) { kfree_skb(skb); + kcov_remote_stop(); break; }