Re: [PATCH net v2] net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset
From: Khalid Aziz <khalid@kernel.org>
Date: 2025-10-15 15:55:48
Also in:
linux-kernel-mentees, linux-usb, lkml
On 10/13/25 12:16 PM, I Viswanath wrote:
dev->chipid is used in lan78xx_init_mac_address before it's initialized:
lan78xx_reset() {
lan78xx_init_mac_address()
lan78xx_read_eeprom()
lan78xx_read_raw_eeprom() <- dev->chipid is used here
dev->chipid = ... <- dev->chipid is initialized correctly here
}
Reorder initialization so that dev->chipid is set before calling
lan78xx_init_mac_address().
Fixes: a0db7d10b76e ("lan78xx: Add to handle mux control per chip id")How did you determine this is the commit that introduced this bug? From what I can see, commit a0db7d10b76e does not touch lan78xx_reset() function. This bug was introduced when devid was replaced by chipid (commit 87177ba6e47e "lan78xx: replace devid to chipid & chiprev") or even earlier when the order of calls to lan78xx_init_mac_address() and lan78xx_read_reg() was introduced in lan78xx_reset() depending upon if lan78xx_init_mac_address() at that time used devid in its call sequence at the time. -- Khalid
quoted hunk ↗ jump to hunk
Signed-off-by: I Viswanath <redacted> --- v1: Link: https://lore.kernel.org/netdev/20251001131409.155650-1-viswanathiyyappan@gmail.com/ (local) v2: - Add Fixes tag drivers/net/usb/lan78xx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index 42d35cc6b421..b4b086f86ed8 100644 --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c@@ -3247,10 +3247,6 @@ static int lan78xx_reset(struct lan78xx_net *dev) } } while (buf & HW_CFG_LRST_); - ret = lan78xx_init_mac_address(dev); - if (ret < 0) - return ret; - /* save DEVID for later usage */ ret = lan78xx_read_reg(dev, ID_REV, &buf); if (ret < 0)@@ -3259,6 +3255,10 @@ static int lan78xx_reset(struct lan78xx_net *dev) dev->chipid = (buf & ID_REV_CHIP_ID_MASK_) >> 16; dev->chiprev = buf & ID_REV_CHIP_REV_MASK_; + ret = lan78xx_init_mac_address(dev); + if (ret < 0) + return ret; + /* Respond to the IN token with a NAK */ ret = lan78xx_read_reg(dev, USB_CFG0, &buf); if (ret < 0)