Re: [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date: 2026-05-05 06:46:44
Also in:
linux-usb
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date: 2026-05-05 06:46:44
Also in:
linux-usb
On Mon, May 04, 2026 at 06:46:30PM -0700, Ethan Nelson-Moore wrote:
The mcs7830 driver contains a comment indicating that mcs7830_get_regs
See, even in the comment the function is referred as func(). Please, follow this convention everywhere (comments, commit messages, documentation where it's appropriate).
leaks uninitialized memory to user space on some devices. If true, this would indicate a security vulnerability. However, I investigated the issue and found that it is not true because ethtool_get_regs (in
ethtool_get_regs()
net/ethtool/ioctl.c) uses vzalloc to allocate its buffer, which zeroes
vzalloc()
the memory. Update the comment to explain this behavior.
...
* - implement get_eeprom/[set_eeprom] * - switch PHY on/off on ifup/ifdown (perhaps in usbnet.c, via MII) * - mcs7830_get_regs() handling is weird: for rev 2 we return 32 regs, - * can access only ~ 24, remaining user buffer is uninitialized garbage + * can access only ~ 24; this is not a security vulnerability because + * ethtool_get_regs allocates a zeroed buffer
Same as above.
* - anything else?
... Also, while the patches are not conflicting with or dependent on each other, they are against the same driver, hence the series is preferable over individual patches. -- With Best Regards, Andy Shevchenko