From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Ethan Nelson-Moore <enelsonmoore@gmail.com>
Cc: linux-usb@vger.kernel.org, netdev@vger.kernel.org,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Peter Korsgaard <peter@korsgaard.com>
Subject: Re: [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability
Date: Tue, 5 May 2026 09:46:39 +0300 [thread overview]
Message-ID: <afmST20gS204Q6gO@ashevche-desk.local> (raw)
In-Reply-To: <20260505014634.49100-1-enelsonmoore@gmail.com>
On Mon, May 04, 2026 at 06:46:30PM -0700, Ethan Nelson-Moore wrote:
> The mcs7830 driver contains a comment indicating that mcs7830_get_regs
See, even in the comment the function is referred as func(). Please,
follow this convention everywhere (comments, commit messages, documentation
where it's appropriate).
> leaks uninitialized memory to user space on some devices. If true, this
> would indicate a security vulnerability. However, I investigated the
> issue and found that it is not true because ethtool_get_regs (in
ethtool_get_regs()
> net/ethtool/ioctl.c) uses vzalloc to allocate its buffer, which zeroes
vzalloc()
> the memory. Update the comment to explain this behavior.
...
> * - implement get_eeprom/[set_eeprom]
> * - switch PHY on/off on ifup/ifdown (perhaps in usbnet.c, via MII)
> * - mcs7830_get_regs() handling is weird: for rev 2 we return 32 regs,
> - * can access only ~ 24, remaining user buffer is uninitialized garbage
> + * can access only ~ 24; this is not a security vulnerability because
> + * ethtool_get_regs allocates a zeroed buffer
Same as above.
> * - anything else?
...
Also, while the patches are not conflicting with or dependent on each other,
they are against the same driver, hence the series is preferable over
individual patches.
--
With Best Regards,
Andy Shevchenko
prev parent reply other threads:[~2026-05-05 6:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-05 1:46 [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability Ethan Nelson-Moore
2026-05-05 6:46 ` Andy Shevchenko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afmST20gS204Q6gO@ashevche-desk.local \
--to=andriy.shevchenko@linux.intel.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=enelsonmoore@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=peter@korsgaard.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox