Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp615338pxa; Thu, 27 Aug 2020 10:55:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy4Uz1gMYnxLa64TsnI/2gxghX15xncEIcg3E6tZHGMLC+LNJzFYKtuEl6ry1iduxNJOk3E X-Received: by 2002:a17:906:fb8c:: with SMTP id lr12mr3897749ejb.9.1598550959368; Thu, 27 Aug 2020 10:55:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598550959; cv=none; d=google.com; s=arc-20160816; b=DD22yubv5dxcxmIMGj+Llt4JeZ5y2N5lRr9oyF4hBZ+EgxhSoX6oRzv59t1MQy3Yn6 XltJw92eVBRsl3WoNYerifowyY9BAVKniil3IDtLWKpc+pILM27KeeZhu/4Dt6QUeNXI xOys4dY7YhwCIRh7qRQmR4qEA7p6d6KO6Cw7Q6bKEVvIPJVYme8a47OoFwxtXYjBlFNl vybzZzrJvtK0tTLrmYMSIvCk43pJJlfjT9LQXxKipr+cGuM/DAV0VH4kEiIUdr/FDlIr +yV8+MwSkf+6aXYcdUVO+GgOXvSM5HU5QTjESR0YDgmRngTiHdIW9rE9vpCzo/+ZAltM sk2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=S/hwn9tNBTESGDgCvWZgL3QXIQZRS2bhT6bUIQ/l68E=; b=zc+ysJ6+JwPXnf0pqYbU++XVKm5FKE3xXtnQAdZKniVSouE90vUcFtQOoQKk2Q9YUg NkN+IBbeJ9NLSuudZhQYxIUkyMzclJ0tSn1vQa+F/rsZoYGLvrHGNCOdwcsFfr7TemGa AfeP16+OlMzA5OoB96fvMCzW7roZlhOBdDSeIotfnKaFdRYuW20S8tNOkqriKLMS8XzU L2KE9NSPM7eRXWlYvTJodVhTuDEOVT3Brvm01b5Ekhh7yNeV5MdgDhnJcIlI41/UnlAL T3dPA9Kcb0ESEI2SGO1LIRPhBNvYmuUTk1WybzWZHq2WEE1+pSRGArEhRMlEeW7L7rkX P6UQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cun4+ImZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b19si1829234ejq.472.2020.08.27.10.55.36; Thu, 27 Aug 2020 10:55:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cun4+ImZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727772AbgH0Rwf (ORCPT + 99 others); Thu, 27 Aug 2020 13:52:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:40300 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726977AbgH0Rwb (ORCPT ); Thu, 27 Aug 2020 13:52:31 -0400 Received: from gmail.com (unknown [104.132.1.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2DEE5207CD; Thu, 27 Aug 2020 17:52:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598550751; bh=iOxLgmIGQYHrxMElFT3exVNdV/6tWHPjbcYrBonVTVM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cun4+ImZ+yvvc46aY/WjwXu3szA3hLizs32IMEtX3BJt56GbT65LdsxBhLNLAkLFU KnbyJDTc/U9ezZ42ZjSfd+DoZfKSr2zm/NwzjQ1LayblEKQMMP9XWsPmqhka6hKFsm m2B9VvCgk7N+tocFDJ6KqxB3ZUGXc9g+zNcuYvww= Date: Thu, 27 Aug 2020 10:52:15 -0700 From: Eric Biggers To: Himadri Pandya Cc: davem@davemloft.net, kuba@kernel.org, linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, linux-kernel-mentees@lists.linuxfoundation.org, gregkh@linuxfoundation.org Subject: Re: [PATCH] net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() Message-ID: <20200827175215.GA2582911@gmail.com> References: <20200827065355.15177-1-himadrispandya@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200827065355.15177-1-himadrispandya@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 27, 2020 at 12:23:55PM +0530, Himadri Pandya wrote: > The buffer size is 2 Bytes and we expect to receive the same amount of > data. But sometimes we receive less data and run into uninit-was-stored > issue upon read. Hence modify the error check on the return value to match > with the buffer size as a prevention. > > Reported-and-tested by: syzbot+a7e220df5a81d1ab400e@syzkaller.appspotmail.com > Signed-off-by: Himadri Pandya > --- > drivers/net/usb/asix_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c > index e39f41efda3e..7bc6e8f856fe 100644 > --- a/drivers/net/usb/asix_common.c > +++ b/drivers/net/usb/asix_common.c > @@ -296,7 +296,7 @@ int asix_read_phy_addr(struct usbnet *dev, int internal) > > netdev_dbg(dev->net, "asix_get_phy_addr()\n"); > > - if (ret < 0) { > + if (ret < 2) { > netdev_err(dev->net, "Error reading PHYID register: %02x\n", ret); > goto out; > } If ret is 0 or 1 here, shouldn't asix_read_phy_addr() return an error code instead of 0 or 1? - Eric