> -----Original Message-----
> From: Intel-wired-lan <[email protected]> On Behalf
> Of Agalakov Daniil
> Sent: Wednesday, March 18, 2026 1:05 PM
> To: Nguyen, Anthony L <[email protected]>
> Cc: Agalakov Daniil <[email protected]>; Kitszel, Przemyslaw
> <[email protected]>; Andrew Lunn <[email protected]>;
> David S. Miller <[email protected]>; Eric Dumazet
> <[email protected]>; Jakub Kicinski <[email protected]>; Paolo Abeni
> <[email protected]>; [email protected];
> [email protected]; [email protected]; lvc-
> [email protected]; Daniil Iskhakov <[email protected]>; Roman
> Razov <[email protected]>
> Subject: [Intel-wired-lan] [PATCH net 2/3] e1000: fix endianness
> conversion of uninitialized words
>
> [Why]
> In e1000_set_eeprom(), the eeprom_buff is allocated to hold a range of
> words. However, only the boundary words (the first and the last) are
> populated from the EEPROM if the write request is not word-aligned.
> The words in the middle of the buffer remain uninitialized because
> they are intended to be completely overwritten by the new data via
> memcpy().
>
> The previous implementation had a loop that performed le16_to_cpus()
> on the entire buffer. This resulted in endianness conversion being
> performed on uninitialized memory for all interior words.
>
> Fix this by converting the endianness only for the boundary words
> immediately after they are successfully read from the EEPROM.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Co-developed-by: Iskhakov Daniil <[email protected]>
> Signed-off-by: Iskhakov Daniil <[email protected]>
> Signed-off-by: Agalakov Daniil <[email protected]>
> ---
> drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
> b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
> index 4dcbeabb3ad2..c15ad95c63c1 100644
> --- a/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
> +++ b/drivers/net/ethernet/intel/e1000/e1000_ethtool.c
> @@ -499,6 +499,9 @@ static int e1000_set_eeprom(struct net_device
> *netdev,
> if (ret_val)
> goto out;
>
> + /* Device's eeprom is always little-endian, word
> addressable */
> + le16_to_cpus(&eeprom_buff[0]);
> +
> ptr++;
> }
> if ((eeprom->offset + eeprom->len) & 1) { @@ -509,11 +512,10 @@
> static int e1000_set_eeprom(struct net_device *netdev,
> &eeprom_buff[last_word -
> first_word]);
> if (ret_val)
> goto out;
> - }
>
> - /* Device's eeprom is always little-endian, word addressable */
> - for (i = 0; i < last_word - first_word + 1; i++)
> - le16_to_cpus(&eeprom_buff[i]);
> + /* Device's eeprom is always little-endian, word
> addressable */
> + le16_to_cpus(&eeprom_buff[last_word - first_word]);
> + }
>
> memcpy(ptr, bytes, eeprom->len);
>
> --
> 2.51.0
Reviewed-by: Aleksandr Loktionov <[email protected]>
