nfc: nci: Fix kcov check in nci_rx_work()

Tetsuo Handa · aloktiwa · commit 0d726393df07 · 2024-06-19T07:35:49.000-07:00
[ Upstream commit 19e35f2 ] Commit 7e8cdc9 ("nfc: Add KCOV annotations") added kcov_remote_start_common()/kcov_remote_stop() pair into nci_rx_work(), with an assumption that kcov_remote_stop() is called upon continue of the for loop. But commit d24b035 ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") forgot to call kcov_remote_stop() before break of the for loop. Reported-by: syzbot <syzbot+0438378d6f157baae1a2@syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 Fixes: d24b035 ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") Suggested-by: Andrey Konovalov <andreyknvl@gmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/6d10f829-5a0c-405a-b39a-d7266f3a1a0b@I-love.SAKURA.ne.jp Signed-off-by: Jakub Kicinski <kuba@kernel.org> Stable-dep-of: 6671e35 ("nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()") Signed-off-by: Sasha Levin <sashal@kernel.org> FOF: 0724 Signed-off-by: Alok Tiwari <alok.a.tiwari@oracle.com>
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
@@ -1501,6 +1501,7 @@ static void nci_rx_work(struct work_struct *work)
 
 		if (!nci_plen(skb->data)) {
 			kfree_skb(skb);
+			kcov_remote_stop();
 			break;
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -1501,6 +1501,7 @@ static void nci_rx_work(struct work_struct *work)`
`1501`	`1501`
`1502`	`1502`	`if (!nci_plen(skb->data)) {`
`1503`	`1503`	`kfree_skb(skb);`
	`1504`	`+ kcov_remote_stop();`
`1504`	`1505`	`break;`
`1505`	`1506`	`}`
`1506`	`1507`