lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 14 May 2022 19:51:12 +0300
From:   Pavel Skripkin <>
To:     David Kahurani <>,
Subject: Re: [PATCH] net: ax88179: add proper error handling of usb read

Hi David,

On 5/14/22 16:32, David Kahurani wrote:
> Reads that are lesser than the requested size lead to uninit-value bugs.
> In this particular case a variable which was supposed to be initialized
> after a read is left uninitialized after a partial read.
> Qualify such reads as errors and handle them correctly and while at it
> convert the reader functions to return zero on success for easier error
> handling.
> Fixes: e2ca90c276e1 ("ax88179_178a: ASIX AX88179_178A USB 3.0/2.0 to gigabit ethernet adapter driver")
> Signed-off-by: David Kahurani <>
> Reported-and-tested-by:
> ---

<--- here (*)

>   drivers/net/usb/ax88179_178a.c | 281 ++++++++++++++++++++++++++-------
>   1 file changed, 227 insertions(+), 54 deletions(-)

I don't see any error in that patch, but I had to find previous versions 
of that patch in my inbox.

Usually new versions of single patches are linked in one thread and have 
a version number in a title. You can generate patch with version using 
-v option of git format-patch like:

$ git format-patch -v2 HEAD~

And you can send new version as reply using --in-reply= option of git 
send-email. It helps a lot with finding previous version, since all 
version are linked in one thread

And all updates from version to version should be put under --- (*), 
since it's hard to remember why previous version was rejected.

>  		jtimeout = jiffies + delay;
>  		do {
> -			ax88179_read_cmd(dev, AX_ACCESS_MAC, AX_SROM_CMD,
> -					 1, 1, &buf);
> +			ret = ax88179_read_cmd(dev, AX_ACCESS_MAC, AX_SROM_CMD,
> +					       1, 1, &buf);
> +			if (ret) {
> +				netdev_dbg(dev->net,
> +					   "Failed to read SROM_CMD: %d\n",
> +					   ret);
> +				return ret;
> +			}
>  			if (time_after(jiffies, jtimeout))
>  				return -EINVAL;
>  		} while (buf & EEP_BUSY);

I think, this change might be dangerous. Maybe it should be done in the 
same way as in asix driver [1]. Code polls for some register after a 
write and maybe non-fatal read error might occur here.

Just my thoughts, I don't know anything about that device :)

> +		ret = ax88179_read_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN,
> +				       ETH_ALEN, mac);
> +
> +		if (ret)
> +			netdev_dbg(dev->net, "Failed to read NODE_ID: %d", ret);
> +		else
> +			netif_dbg(dev, ifup, dev->net,
> +				  "MAC address read from ASIX chip");

Maybe also use `netif_dbg` here?... There should be a reason why it was 
used here in the first place. Or should not :)

Anyway, if someone will say that bailing out from while loop on any 
error is OK feel free to add

Reviewed-by: Pavel Skripkin <>


With regards,
Pavel Skripkin

Download attachment "OpenPGP_signature" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists