[Linux-kernel-mentees] [PATCH] net: usb: rtl8150: prevent set_ethernet_addr from setting uninit address

Anant Thazhemadam anant.thazhemadam at gmail.com
Tue Sep 29 08:46:39 UTC 2020

A sample crash report can be found here.

The line where the bug seems to get triggered is,

if (!batadv_compare_eth(hard_iface->net_dev->dev_addr,
Looks like it goes through the list of ethernet interfaces, and
compares it with the address of the new device; which can
end up going uninitialized too.

The address should have been set by set_ethernet_addr:

    static inline void set_ethernet_addr(rtl8150_t * dev)
        u8 node_id[6];

        get_registers(dev, IDR, sizeof(node_id), node_id);
        memcpy(dev->netdev->dev_addr, node_id, sizeof(node_id));

However, when get_registers() fails (when ret <= 0 or ret > size),
no memory is copied back into node_id, which remains uninitialized.
The address is then set to be this uninitialized node_id value.

Checking for the return value of get_registers() in set_ethernet_addr()
and further checking the value of set_ethernet_addr() where ever it has
been invoked, and handling the condition wherein get_registers() fails
appropriately helps solve this issue.
Thank you for your time.


More information about the Linux-kernel-mentees mailing list