Thread (2 messages) 2 messages, 2 authors, 2026-05-05

Re: [PATCH net-next] net: usb: mcs7830: adjust incorrect comment implying a vulnerability

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date: 2026-05-05 06:46:44
Also in: linux-usb

On Mon, May 04, 2026 at 06:46:30PM -0700, Ethan Nelson-Moore wrote:
The mcs7830 driver contains a comment indicating that mcs7830_get_regs
See, even in the comment the function is referred as func(). Please,
follow this convention everywhere (comments, commit messages, documentation
where it's appropriate).
leaks uninitialized memory to user space on some devices. If true, this
would indicate a security vulnerability. However, I investigated the
issue and found that it is not true because ethtool_get_regs (in
ethtool_get_regs()

net/ethtool/ioctl.c) uses vzalloc to allocate its buffer, which zeroes
vzalloc()
the memory. Update the comment to explain this behavior.
...
  * - implement get_eeprom/[set_eeprom]
  * - switch PHY on/off on ifup/ifdown (perhaps in usbnet.c, via MII)
  * - mcs7830_get_regs() handling is weird: for rev 2 we return 32 regs,
- *   can access only ~ 24, remaining user buffer is uninitialized garbage
+ *   can access only ~ 24; this is not a security vulnerability because
+ *   ethtool_get_regs allocates a zeroed buffer
Same as above.
  * - anything else?
...

Also, while the patches are not conflicting with or dependent on each other,
they are against the same driver, hence the series is preferable over
individual patches.

-- 
With Best Regards,
Andy Shevchenko

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help