Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers
History
Bhanu Seshu Kumar Valluri 49bdb63ff6 net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom 
Syzbot reported read of uninitialized variable BUG with following call stack.

lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout
=====================================================
BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]
BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]
 lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
 lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766
 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707

Local variable sig.i.i created at:
 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]
 lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
 lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766

The function lan78xx_read_raw_eeprom failed to properly propagate EEPROM
read timeout errors (-ETIMEDOUT). In the fallthrough path, it first
attempted to restore the pin configuration for LED outputs and then
returned only the status of that restore operation, discarding the
original timeout error.

As a result, callers could mistakenly treat the data buffer as valid
even though the EEPROM read had actually timed out with no data or partial
data.

To fix this, handle errors in restoring the LED pin configuration separately.
If the restore succeeds, return any prior EEPROM timeout error correctly
to the caller.

Reported-by: syzbot+62ec8226f01cb4ca19d9@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=62ec8226f01cb4ca19d9
Fixes: 8b1b2ca83b ("net: usb: lan78xx: Improve error handling in EEPROM and OTP operations")
Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@gmail.com>
Reviewed-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20250930084902.19062-1-bhanuseshukumar@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-10-03 10:15:35 -07:00
..
accel
accessibility
acpi ACPI updates for 6.18-rc1 2025-10-01 16:24:50 -07:00
amba
android
ata for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
atm
auxdisplay
base Power management updates for 6.18-rc1 2025-10-01 16:08:37 -07:00
bcma
block for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
bluetooth Bluetooth: bcsp: receive data only if registered 2025-09-27 11:37:02 -04:00
bus
cache
cdrom
cdx - Add support for new AMD family 0x1a models to amd64_edac 2025-09-30 11:41:03 -07:00
char soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
clk bitmap-for-6.18 2025-10-02 08:57:03 -07:00
clocksource
comedi
connector
counter
cpufreq
cpuidle
crypto soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
cxl
dax
dca
devfreq
dibs dibs: Check correct variable in dibs_init() 2025-09-26 15:10:59 -07:00
dio
dma
dma-buf
dpll dpll: zl3073x: Allow to configure phase offset averaging factor 2025-09-29 18:57:41 -07:00
edac - Add support for new AMD family 0x1a models to amd64_edac 2025-09-30 11:41:03 -07:00
eisa
extcon
firewire firewire updates for v6.18 2025-10-01 12:52:43 -07:00
firmware soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
fpga
fsi
fwctl
gnss
gpio Pin control changes for the v6.18 kernel cycle: 2025-10-01 13:14:48 -07:00
gpu [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
greybus
hid drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
hsi
hte
hv
hwmon gpio updates for v6.18-rc1 2025-10-01 11:34:12 -07:00
hwspinlock
hwtracing
i2c soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
i3c i3c: fix big-endian FIFO transfers 2025-09-29 00:17:22 +02:00
idle
iio
infiniband
input MFD for v6.18 2025-10-01 12:04:12 -07:00
interconnect
iommu
ipack
irqchip Devicetree updates for v6.18: 2025-10-01 16:58:24 -07:00
isdn
leds
macintosh
mailbox
mcb
md for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
media [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
memory
memstick for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
message
mfd soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
misc drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
mmc for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
most
mtd for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
mux
net net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom 2025-10-03 10:15:35 -07:00
nfc
ntb
nubus
nvdimm
nvme for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
nvmem
of Devicetree updates for v6.18: 2025-10-01 16:58:24 -07:00
opp
parisc
parport
pci drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
pcmcia
peci
perf RISC-V updates for the v6.18 merge window (part one) 2025-09-29 19:01:08 -07:00
phy bitmap-for-6.18 2025-10-02 08:57:03 -07:00
pinctrl soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
platform chrome-platform: Updates for v6.18 2025-10-01 09:16:28 -07:00
pmdomain soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
pnp
power power supply and reset changes for the 6.18 series 2025-10-01 13:02:59 -07:00
powercap
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-01 10:14:49 +02:00
pwm gpio updates for v6.18-rc1 2025-10-01 11:34:12 -07:00
rapidio
ras
regulator MFD for v6.18 2025-10-01 12:04:12 -07:00
remoteproc
reset soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
rpmsg
rtc Merge branches 'ib-mfd-char-crypto-6.18', 'ib-mfd-gpio-6.18', 'ib-mfd-gpio-hwmon-i2c-can-rtc-watchdog-6.18', 'ib-mfd-gpio-input-pinctrl-pwm-6.18', 'ib-mfd-input-6.18', 'ib-mfd-input-rtc-6.18' and 'ib-mfd-power-regulator-6.18' into ibs-for-mfd-merged 2025-10-01 10:27:35 +01:00
s390 Networking changes for 6.18. 2025-10-02 15:17:01 -07:00
sbus
scsi for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
sh
siox
slimbus
soc sound updates for 6.18-rc1 2025-10-02 11:37:19 -07:00
soundwire
spi soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
spmi
ssb
staging Networking changes for 6.18. 2025-10-02 15:17:01 -07:00
target
tc
tee soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
thermal - Add missing file when importing conflicting change for the Renesas 2025-09-28 12:01:58 +02:00
thunderbolt
tty soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
ufs
uio
usb [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
vdpa
vfio
vhost vhost: vringh: Fix copy_to_iter return value check 2025-09-26 17:31:35 -07:00
video drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
virt arm64 updates for 6.18 2025-09-29 18:48:39 -07:00
virtio
w1
watchdog
xen
zorro
Kconfig
Makefile