[PATCH v3] net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails

Anant Thazhemadam Sat, 03 Oct 2020 14:20:24 -0700

When get_registers() fails, in set_ethernet_addr(),the uninitialized
value of node_id gets copied as the address. This can be considered as
set_ethernet_addr() itself failing.


The return type of set_ethernet_addr() is modified to indicate if it
failed or not, and return values are appropriately checked by caller.

When set_ethernet_addr() fails, a randomly generated MAC address is set
as the MAC address instead.

On the other hand, for the case when get_registers() does succeed,
set_ethernet_addr() has been updated to use ether_addr_copy() to copy
the address, instead of memcpy().

Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Tested-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com
Acked-by: Petko Manolov <pet...@nucleusys.com>
Signed-off-by: Anant Thazhemadam <anant.thazhema...@gmail.com>
---
Changes in v3:

        * Set a random MAC address to the device rather than making
          the device not work at all in the even set_ethernet_addr()
          fails. (Suggested by David Miller <da...@davemloft.net>)

        * Update set_ethernet_addr() to use ether_addr_copy() to copy 
          the MAC Address (instead of using memcpy() for that same).
          (Suggested by Joe Perches <j...@perches.com>)


Changes in v2:

        * Modified condition checking get_registers()'s return value to 
                ret == sizeof(node_id)
          for stricter checking in compliance with the new 
usb_control_msg_recv()
          API

        * Added Acked-by: Petko Manolov

 drivers/net/usb/rtl8150.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
index 733f120c852b..bbd49ebdf095 100644
--- a/drivers/net/usb/rtl8150.c
+++ b/drivers/net/usb/rtl8150.c
@@ -274,12 +274,17 @@ static int write_mii_word(rtl8150_t * dev, u8 phy, __u8 
indx, u16 reg)
                return 1;
 }
 
-static inline void set_ethernet_addr(rtl8150_t * dev)
+static bool set_ethernet_addr(rtl8150_t *dev)
 {
-       u8 node_id[6];
+       u8 node_id[ETH_ALEN];
+       int ret;
 
-       get_registers(dev, IDR, sizeof(node_id), node_id);
-       memcpy(dev->netdev->dev_addr, node_id, sizeof(node_id));
+       ret = get_registers(dev, IDR, sizeof(node_id), node_id);
+       if (ret == sizeof(node_id)) {
+               ether_addr_copy(dev->netdev->dev_addr, node_id);
+               return true;
+       }
+       return false;
 }
 
 static int rtl8150_set_mac_address(struct net_device *netdev, void *p)
@@ -909,7 +914,10 @@ static int rtl8150_probe(struct usb_interface *intf,
                goto out1;
        }
        fill_skb_pool(dev);
-       set_ethernet_addr(dev);
+       if (!set_ethernet_addr(dev)) {
+               dev_err(&intf->dev, "assigining a random MAC address\n");
+               eth_hw_addr_random(dev->netdev);
+       }
 
        usb_set_intfdata(intf, dev);
        SET_NETDEV_DEV(netdev, &intf->dev);
-- 
2.25.1

[PATCH v3] net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails

Reply via email to