* [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability
@ 2026-05-05 1:46 Ethan Nelson-Moore
2026-05-05 6:46 ` Andy Shevchenko
0 siblings, 1 reply; 2+ messages in thread
From: Ethan Nelson-Moore @ 2026-05-05 1:46 UTC (permalink / raw)
To: linux-usb, netdev
Cc: Ethan Nelson-Moore, Andrew Lunn, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Andy Shevchenko, Peter Korsgaard
The mcs7830 driver contains a comment indicating that mcs7830_get_regs
leaks uninitialized memory to user space on some devices. If true, this
would indicate a security vulnerability. However, I investigated the
issue and found that it is not true because ethtool_get_regs (in
net/ethtool/ioctl.c) uses vzalloc to allocate its buffer, which zeroes
the memory. Update the comment to explain this behavior.
Signed-off-by: Ethan Nelson-Moore <enelsonmoore@gmail.com>
---
drivers/net/usb/mcs7830.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
index d6698f30218d..dfdc7bd74166 100644
--- a/drivers/net/usb/mcs7830.c
+++ b/drivers/net/usb/mcs7830.c
@@ -22,7 +22,8 @@
* - implement get_eeprom/[set_eeprom]
* - switch PHY on/off on ifup/ifdown (perhaps in usbnet.c, via MII)
* - mcs7830_get_regs() handling is weird: for rev 2 we return 32 regs,
- * can access only ~ 24, remaining user buffer is uninitialized garbage
+ * can access only ~ 24; this is not a security vulnerability because
+ * ethtool_get_regs allocates a zeroed buffer
* - anything else?
*/
--
2.43.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability
2026-05-05 1:46 [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability Ethan Nelson-Moore
@ 2026-05-05 6:46 ` Andy Shevchenko
0 siblings, 0 replies; 2+ messages in thread
From: Andy Shevchenko @ 2026-05-05 6:46 UTC (permalink / raw)
To: Ethan Nelson-Moore
Cc: linux-usb, netdev, Andrew Lunn, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Peter Korsgaard
On Mon, May 04, 2026 at 06:46:30PM -0700, Ethan Nelson-Moore wrote:
> The mcs7830 driver contains a comment indicating that mcs7830_get_regs
See, even in the comment the function is referred as func(). Please,
follow this convention everywhere (comments, commit messages, documentation
where it's appropriate).
> leaks uninitialized memory to user space on some devices. If true, this
> would indicate a security vulnerability. However, I investigated the
> issue and found that it is not true because ethtool_get_regs (in
ethtool_get_regs()
> net/ethtool/ioctl.c) uses vzalloc to allocate its buffer, which zeroes
vzalloc()
> the memory. Update the comment to explain this behavior.
...
> * - implement get_eeprom/[set_eeprom]
> * - switch PHY on/off on ifup/ifdown (perhaps in usbnet.c, via MII)
> * - mcs7830_get_regs() handling is weird: for rev 2 we return 32 regs,
> - * can access only ~ 24, remaining user buffer is uninitialized garbage
> + * can access only ~ 24; this is not a security vulnerability because
> + * ethtool_get_regs allocates a zeroed buffer
Same as above.
> * - anything else?
...
Also, while the patches are not conflicting with or dependent on each other,
they are against the same driver, hence the series is preferable over
individual patches.
--
With Best Regards,
Andy Shevchenko
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-05 6:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-05 1:46 [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability Ethan Nelson-Moore
2026-05-05 6:46 ` Andy Shevchenko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox