superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers
History
Bhanu Seshu Kumar Valluri 49bdb63ff6 net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom 
Syzbot reported read of uninitialized variable BUG with following call stack.

lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout
=====================================================
BUG: KMSAN: uninit-value in lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]
BUG: KMSAN: uninit-value in lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
BUG: KMSAN: uninit-value in lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1095 [inline]
 lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
 lan78xx_reset+0x999/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766
 lan78xx_probe+0x225c/0x3310 drivers/net/usb/lan78xx.c:4707

Local variable sig.i.i created at:
 lan78xx_read_eeprom drivers/net/usb/lan78xx.c:1092 [inline]
 lan78xx_init_mac_address drivers/net/usb/lan78xx.c:1937 [inline]
 lan78xx_reset+0x77e/0x2cd0 drivers/net/usb/lan78xx.c:3241
 lan78xx_bind+0x711/0x1690 drivers/net/usb/lan78xx.c:3766

The function lan78xx_read_raw_eeprom failed to properly propagate EEPROM
read timeout errors (-ETIMEDOUT). In the fallthrough path, it first
attempted to restore the pin configuration for LED outputs and then
returned only the status of that restore operation, discarding the
original timeout error.

As a result, callers could mistakenly treat the data buffer as valid
even though the EEPROM read had actually timed out with no data or partial
data.

To fix this, handle errors in restoring the LED pin configuration separately.
If the restore succeeds, return any prior EEPROM timeout error correctly
to the caller.

Reported-by: syzbot+62ec8226f01cb4ca19d9@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=62ec8226f01cb4ca19d9
Fixes: 8b1b2ca83b ("net: usb: lan78xx: Improve error handling in EEPROM and OTP operations")
Signed-off-by: Bhanu Seshu Kumar Valluri <bhanuseshukumar@gmail.com>
Reviewed-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20250930084902.19062-1-bhanuseshukumar@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-10-03 10:15:35 -07:00
..
accel accel/habanalabs: add Infineon version check 2025-09-25 09:14:45 +03:00
accessibility
acpi ACPI updates for 6.18-rc1 2025-10-01 16:24:50 -07:00
amba
android
ata for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
atm
auxdisplay
base Power management updates for 6.18-rc1 2025-10-01 16:08:37 -07:00
bcma
block for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
bluetooth Bluetooth: bcsp: receive data only if registered 2025-09-27 11:37:02 -04:00
bus
cache cache: sifive_ccache: Optimize cache flushes 2025-09-11 19:13:21 +01:00
cdrom
cdx - Add support for new AMD family 0x1a models to amd64_edac 2025-09-30 11:41:03 -07:00
char soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
clk bitmap-for-6.18 2025-10-02 08:57:03 -07:00
clocksource clocksource/drivers/sh_cmt: Split start/stop of clock source and events 2025-09-23 12:42:43 +02:00
comedi
connector
counter
cpufreq Merge back earlier cpufreq material for 6.18 2025-09-24 21:32:28 +02:00
cpuidle cpuidle: Fail cpuidle device registration if there is one already 2025-09-20 13:08:54 +02:00
crypto soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
cxl
dax fs: rename generic_delete_inode() and generic_drop_inode() 2025-09-15 16:09:42 +02:00
dca
devfreq PM / devfreq: rockchip-dfi: add support for LPDDR5 2025-09-09 23:37:39 +09:00
dibs dibs: Check correct variable in dibs_init() 2025-09-26 15:10:59 -07:00
dio
dma
dma-buf dma-buf: dma-heap: export declared functions 2025-09-11 11:22:17 +02:00
dpll dpll: zl3073x: Allow to configure phase offset averaging factor 2025-09-29 18:57:41 -07:00
edac - Add support for new AMD family 0x1a models to amd64_edac 2025-09-30 11:41:03 -07:00
eisa
extcon
firewire firewire updates for v6.18 2025-10-01 12:52:43 -07:00
firmware soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
fpga
fsi
fwctl
gnss
gpio Pin control changes for the v6.18 kernel cycle: 2025-10-01 13:14:48 -07:00
gpu [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
greybus
hid drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
hsi
hte
hv
hwmon gpio updates for v6.18-rc1 2025-10-01 11:34:12 -07:00
hwspinlock
hwtracing coresight: trbe: Prevent overflow in PERF_IDX2OFF() 2025-09-18 15:23:58 +01:00
i2c soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
i3c i3c: fix big-endian FIFO transfers 2025-09-29 00:17:22 +02:00
idle
iio
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-09-25 11:00:59 -07:00
input MFD for v6.18 2025-10-01 12:04:12 -07:00
interconnect
iommu iommufd 6.17 second rc pull 2025-09-22 11:16:14 -07:00
ipack
irqchip Devicetree updates for v6.18: 2025-10-01 16:58:24 -07:00
isdn
leds leds: led-class: Add Device Tree support to led_get() 2025-09-16 16:49:28 +01:00
macintosh
mailbox
mcb
md for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
media [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
memory memory: tegra210: Use bindings for client ids 2025-09-10 11:40:44 +02:00
memstick for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
message
mfd soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
misc drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
mmc for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
most
mtd for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
mux
net net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom 2025-10-03 10:15:35 -07:00
nfc
ntb
nubus
nvdimm
nvme for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
nvmem
of Devicetree updates for v6.18: 2025-10-01 16:58:24 -07:00
opp
parisc
parport
pci drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
pcmcia
peci
perf RISC-V updates for the v6.18 merge window (part one) 2025-09-29 19:01:08 -07:00
phy bitmap-for-6.18 2025-10-02 08:57:03 -07:00
pinctrl soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
platform chrome-platform: Updates for v6.18 2025-10-01 09:16:28 -07:00
pmdomain soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
pnp
power power supply and reset changes for the 6.18 series 2025-10-01 13:02:59 -07:00
powercap
pps
ps3 powerpc/ps3: Use str_write_read() in ps3stor_read_write_sectors() 2025-09-06 17:01:26 +05:30
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-01 10:14:49 +02:00
pwm gpio updates for v6.18-rc1 2025-10-01 11:34:12 -07:00
rapidio
ras RAS: Export log_non_standard_event() to drivers 2025-09-15 16:20:29 +02:00
regulator MFD for v6.18 2025-10-01 12:04:12 -07:00
remoteproc
reset soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
rpmsg
rtc Merge branches 'ib-mfd-char-crypto-6.18', 'ib-mfd-gpio-6.18', 'ib-mfd-gpio-hwmon-i2c-can-rtc-watchdog-6.18', 'ib-mfd-gpio-input-pinctrl-pwm-6.18', 'ib-mfd-input-6.18', 'ib-mfd-input-rtc-6.18' and 'ib-mfd-power-regulator-6.18' into ibs-for-mfd-merged 2025-10-01 10:27:35 +01:00
s390 Networking changes for 6.18. 2025-10-02 15:17:01 -07:00
sbus
scsi for-6.18/block-20250929 2025-10-02 10:16:56 -07:00
sh
siox
slimbus
soc sound updates for 6.18-rc1 2025-10-02 11:37:19 -07:00
soundwire soundwire: bus: add sdw_slave_get_current_bank helper 2025-09-18 22:24:27 +01:00
spi soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
spmi
ssb
staging Networking changes for 6.18. 2025-10-02 15:17:01 -07:00
target block: add a bio_init_inline helper 2025-09-09 07:31:59 -06:00
tc
tee soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
thermal - Add missing file when importing conflicting change for the Renesas 2025-09-28 12:01:58 +02:00
thunderbolt
tty soc: driver updates for 6.18 2025-10-01 17:32:51 -07:00
ufs scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE 2025-09-09 22:38:38 -04:00
uio
usb [GIT PULL for v6.18] media updates 2025-10-02 13:13:26 -07:00
vdpa
vfio
vhost vhost: vringh: Fix copy_to_iter return value check 2025-09-26 17:31:35 -07:00
video drm next for 6.18-rc1 2025-10-02 12:47:25 -07:00
virt arm64 updates for 6.18 2025-09-29 18:48:39 -07:00
virtio
w1
watchdog watchdog: Add Nuvoton NCT6694 WDT support 2025-09-16 14:41:57 +01:00
xen xen: take system_transition_mutex on suspend 2025-09-22 10:16:55 +02:00
zorro zorro: Remove extra whitespace in macro definitions 2025-09-15 14:30:17 +02:00
Kconfig
Makefile dibs: Create drivers/dibs 2025-09-23 11:13:21 +02:00