Hi Wang, On 5/6/22 14:59, Wang Cheng wrote:
Reported-and-tested-by: syzbot+6f5ecd144854c0d8580b@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Wang Cheng <wanngchenng@xxxxxxxxx> --- drivers/staging/rtl8712/usb_intf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c index ee4c61f85a07..50dcd3ecb685 100644 --- a/drivers/staging/rtl8712/usb_intf.c +++ b/drivers/staging/rtl8712/usb_intf.c @@ -538,13 +538,13 @@ static int r871xu_drv_init(struct usb_interface *pusb_intf, } else { AutoloadFail = false; } - if (((mac[0] == 0xff) && (mac[1] == 0xff) && + if ((!AutoloadFail) || + ((mac[0] == 0xff) && (mac[1] == 0xff) && (mac[2] == 0xff) && (mac[3] == 0xff) && (mac[4] == 0xff) && (mac[5] == 0xff)) || ((mac[0] == 0x00) && (mac[1] == 0x00) && (mac[2] == 0x00) && (mac[3] == 0x00) && - (mac[4] == 0x00) && (mac[5] == 0x00)) || - (!AutoloadFail)) { + (mac[4] == 0x00) && (mac[5] == 0x00))) { mac[0] = 0x00; mac[1] = 0xe0; mac[2] = 0x4c;
Hmm, the whole r871xu_drv_init() looks odd, but it's unrelated. I see that this patch does not help with below kernel path r871xu_drv_init() if (tmpU1b & _EEPROM_EN) <- true [1] if (!r8712_initmac || !mac_pton(r8712_initmac, mac)) <- (*) if ((!AutoloadFail) || <- false, since [1] branch taken [code touches stack data] (*) false because of r8712_initmac is equal to NULLI saw, that syzbot said OK on your patch, but it's because you have just hided an error inside read API
With regards, Pavel Skripkin
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature