| Message ID | 20200827065355.15177-1-himadrispandya@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() | expand |
Hello! On 27.08.2020 9:53, Himadri Pandya wrote: > The buffer size is 2 Bytes and we expect to receive the same amount of > data. But sometimes we receive less data and run into uninit-was-stored > issue upon read. Hence modify the error check on the return value to match > with the buffer size as a prevention. > > Reported-and-tested by: syzbot+a7e220df5a81d1ab400e@syzkaller.appspotmail.com > Signed-off-by: Himadri Pandya <himadrispandya@gmail.com> > --- > drivers/net/usb/asix_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c > index e39f41efda3e..7bc6e8f856fe 100644 > --- a/drivers/net/usb/asix_common.c > +++ b/drivers/net/usb/asix_common.c > @@ -296,7 +296,7 @@ int asix_read_phy_addr(struct usbnet *dev, int internal) > > netdev_dbg(dev->net, "asix_get_phy_addr()\n"); > > - if (ret < 0) { > + if (ret < 2) { > netdev_err(dev->net, "Error reading PHYID register: %02x\n", ret); Hm... printing possibly negative values as hex? [...] MBR, Sergei
From: Himadri Pandya <himadrispandya@gmail.com> Date: Thu, 27 Aug 2020 12:23:55 +0530 > The buffer size is 2 Bytes and we expect to receive the same amount of > data. But sometimes we receive less data and run into uninit-was-stored > issue upon read. Hence modify the error check on the return value to match > with the buffer size as a prevention. > > Reported-and-tested by: syzbot+a7e220df5a81d1ab400e@syzkaller.appspotmail.com > Signed-off-by: Himadri Pandya <himadrispandya@gmail.com> Applied, thanks.
On Thu, Aug 27, 2020 at 12:23:55PM +0530, Himadri Pandya wrote: > The buffer size is 2 Bytes and we expect to receive the same amount of > data. But sometimes we receive less data and run into uninit-was-stored > issue upon read. Hence modify the error check on the return value to match > with the buffer size as a prevention. > > Reported-and-tested by: syzbot+a7e220df5a81d1ab400e@syzkaller.appspotmail.com > Signed-off-by: Himadri Pandya <himadrispandya@gmail.com> > --- > drivers/net/usb/asix_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c > index e39f41efda3e..7bc6e8f856fe 100644 > --- a/drivers/net/usb/asix_common.c > +++ b/drivers/net/usb/asix_common.c > @@ -296,7 +296,7 @@ int asix_read_phy_addr(struct usbnet *dev, int internal) > > netdev_dbg(dev->net, "asix_get_phy_addr()\n"); > > - if (ret < 0) { > + if (ret < 2) { > netdev_err(dev->net, "Error reading PHYID register: %02x\n", ret); > goto out; > } If ret is 0 or 1 here, shouldn't asix_read_phy_addr() return an error code instead of 0 or 1? - Eric
On Thu, Aug 27, 2020 at 1:28 PM Sergei Shtylyov <sergei.shtylyov@gmail.com> wrote: > > Hello! > > On 27.08.2020 9:53, Himadri Pandya wrote: > > > The buffer size is 2 Bytes and we expect to receive the same amount of > > data. But sometimes we receive less data and run into uninit-was-stored > > issue upon read. Hence modify the error check on the return value to match > > with the buffer size as a prevention. > > > > Reported-and-tested by: syzbot+a7e220df5a81d1ab400e@syzkaller.appspotmail.com > > Signed-off-by: Himadri Pandya <himadrispandya@gmail.com> > > --- > > drivers/net/usb/asix_common.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c > > index e39f41efda3e..7bc6e8f856fe 100644 > > --- a/drivers/net/usb/asix_common.c > > +++ b/drivers/net/usb/asix_common.c > > @@ -296,7 +296,7 @@ int asix_read_phy_addr(struct usbnet *dev, int internal) > > > > netdev_dbg(dev->net, "asix_get_phy_addr()\n"); > > > > - if (ret < 0) { > > + if (ret < 2) { > > netdev_err(dev->net, "Error reading PHYID register: %02x\n", ret); > > Hm... printing possibly negative values as hex? > Yeah. That's odd! Fixing it. Thanks, Himadri > [...] > > MBR, Sergei
diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c index e39f41efda3e..7bc6e8f856fe 100644 --- a/drivers/net/usb/asix_common.c +++ b/drivers/net/usb/asix_common.c @@ -296,7 +296,7 @@ int asix_read_phy_addr(struct usbnet *dev, int internal) netdev_dbg(dev->net, "asix_get_phy_addr()\n"); - if (ret < 0) { + if (ret < 2) { netdev_err(dev->net, "Error reading PHYID register: %02x\n", ret); goto out; }
The buffer size is 2 Bytes and we expect to receive the same amount of data. But sometimes we receive less data and run into uninit-was-stored issue upon read. Hence modify the error check on the return value to match with the buffer size as a prevention. Reported-and-tested by: syzbot+a7e220df5a81d1ab400e@syzkaller.appspotmail.com Signed-off-by: Himadri Pandya <himadrispandya@gmail.com> --- drivers/net/usb/asix_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)