When get_registers() fails in set_ethernet_addr(),the uninitialized
value of node_id gets copied over as the address.
So, check the return value of get_registers().
If get_registers() executed successfully (i.e., it returns
sizeof(node_id)), copy over the MAC address using ether_addr_copy()
(instead of using memcpy()).
Else, if get_registers() failed instead, a randomly generated MAC
address is set as the MAC address instead.
Reported-by: syzbot+abbc768b560c84d92fd3@xxxxxxxxxxxxxxxxxxxxxxxxx
Tested-by: syzbot+abbc768b560c84d92fd3@xxxxxxxxxxxxxxxxxxxxxxxxx
Acked-by: Petko Manolov <petkan@xxxxxxxxxxxxx>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@xxxxxxxxx>
---
Changes in v4:
* Use netdev_notice() instead of dev_warn() and update the
logged message to show the new random MAC as well
(Suggested by Joe Perches <joe@xxxxxxxxxxx>)
* Convert set_ethernet_addr()'s return type back to void.
Since we're not treating get_registers() (and thus
set_ethernet_addr()) failing as an erroneous condition,
we can perform the error handling (setting a random
ethernet address) that was being done in v3 within
set_ethernet_addr() itself.
(Suggested by Petko Manolov <petkan@xxxxxxxxxxxxx>)
Changes in v3:
* Set a random MAC address to the device rather than making
the device not work at all in the even set_ethernet_addr()
fails. (Suggested by David Miller <davem@xxxxxxxxxxxxx>)
* Update set_ethernet_addr() to use ether_addr_copy() to copy
the MAC Address (instead of using memcpy() for that same).
(Suggested by Joe Perches <joe@xxxxxxxxxxx>)
Changes in v2:
* Modified condition checking get_registers()'s return value to
ret == sizeof(node_id)
for stricter checking in compliance with the new
usb_control_msg_recv() API
(Suggested by Petko Manolov <petkan@xxxxxxxxxxxxx>)
* Added Acked-by: Petko Manolov
drivers/net/usb/rtl8150.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
index 733f120c852b..9d079dc2a535 100644
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -274,12 +274,20 @@ static int write_mii_word(rtl8150_t * dev, u8 phy, __u8 indx, u16 reg)
return 1;
}
-static inline void set_ethernet_addr(rtl8150_t * dev)
+static void set_ethernet_addr(rtl8150_t *dev)
{
- u8 node_id[6];
+ u8 node_id[ETH_ALEN];
+ int ret;
+
+ ret = get_registers(dev, IDR, sizeof(node_id), node_id);
- get_registers(dev, IDR, sizeof(node_id), node_id);
- memcpy(dev->netdev->dev_addr, node_id, sizeof(node_id));
+ if (ret == sizeof(node_id)) {
+ ether_addr_copy(dev->netdev->dev_addr, node_id);
+ } else {
+ eth_hw_addr_random(dev->netdev);
+ netdev_notice(dev->netdev, "Assigned a random MAC address: %pM\n",
+ dev->netdev->dev_addr);
+ }
}
static int rtl8150_set_mac_address(struct net_device *netdev, void *p)
--
2.25.1
