From: Andrew Lunn <andrew@lunn.ch>
To: Pavel Skripkin <paskripkin@gmail.com>
Cc: davem@davemloft.net, kuba@kernel.org, linux@rempel-privat.de,
robert.foss@collabora.com, linux-usb@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+a631ec9e717fb0423053@syzkaller.appspotmail.com
Subject: Re: [PATCH v3] net: asix: fix uninit value bugs
Date: Sat, 14 Aug 2021 17:36:54 +0200 [thread overview]
Message-ID: <YRfjFr9GbcoJrycc@lunn.ch> (raw)
In-Reply-To: <20210814135505.11920-1-paskripkin@gmail.com>
On Sat, Aug 14, 2021 at 04:55:05PM +0300, Pavel Skripkin wrote:
> Syzbot reported uninit-value in asix_mdio_read(). The problem was in
> missing error handling. asix_read_cmd() should initialize passed stack
> variable smsr, but it can fail in some cases. Then while condidition
> checks possibly uninit smsr variable.
>
> Since smsr is uninitialized stack variable, driver can misbehave,
> because smsr will be random in case of asix_read_cmd() failure.
> Fix it by adding error handling and just continue the loop instead of
> checking uninit value.
>
> Also, same loop was used in 3 other functions. Fixed uninit value bug
> in them too.
Hi Pavel
Which suggests it might make sense to refactor the code to make a
helper? I will leave you to decide if you want to do that.
The code does looks correct now.
Andrew
next prev parent reply other threads:[~2021-08-14 15:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-13 16:01 [PATCH] net: asix: fix uninit value in asix_mdio_read Pavel Skripkin
2021-08-13 22:23 ` Andrew Lunn
2021-08-13 22:29 ` Pavel Skripkin
2021-08-13 22:42 ` [PATCH v2] " Pavel Skripkin
2021-08-13 22:52 ` Jakub Kicinski
2021-08-14 13:55 ` [PATCH v3] net: asix: fix uninit value bugs Pavel Skripkin
2021-08-14 15:36 ` Andrew Lunn [this message]
2021-08-14 15:40 ` Pavel Skripkin
2021-08-14 16:20 ` Pavel Skripkin
2021-08-17 16:37 ` [PATCH v4] " Pavel Skripkin
2021-08-18 10:50 ` patchwork-bot+netdevbpf
2021-08-13 22:57 ` [PATCH v2] net: asix: fix uninit value in asix_mdio_read Andrew Lunn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YRfjFr9GbcoJrycc@lunn.ch \
--to=andrew@lunn.ch \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux@rempel-privat.de \
--cc=netdev@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=robert.foss@collabora.com \
--cc=syzbot+a631ec9e717fb0423053@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.