Re: [PATCH net v2] net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset

[Khalid Aziz]

On 10/13/25 12:16 PM, I Viswanath wrote:
> dev->chipid is used in lan78xx_init_mac_address before it's initialized:
>
> lan78xx_reset() {
>      lan78xx_init_mac_address()
>          lan78xx_read_eeprom()
>              lan78xx_read_raw_eeprom() <- dev->chipid is used here
>
>      dev->chipid = ... <- dev->chipid is initialized correctly here
> }
>
> Reorder initialization so that dev->chipid is set before calling
> lan78xx_init_mac_address().
>
> Fixes: a0db7d10b76e ("lan78xx: Add to handle mux control per chip id")

How did you determine this is the commit that introduced this bug?

From what I can see, commit a0db7d10b76e does not touch lan78xx_reset() 
function. This bug was introduced when devid was replaced by chipid 
(commit 87177ba6e47e "lan78xx: replace devid to chipid & chiprev") or 
even earlier when the order of calls to lan78xx_init_mac_address() and 
lan78xx_read_reg() was introduced in lan78xx_reset() depending upon if 
lan78xx_init_mac_address() at that time used devid in its call sequence 
at the time.

--
Khalid

> Signed-off-by: I Viswanath <viswanathiyyappan@xxxxxxxxx>
> ---
> v1:
> Link: https://lore.kernel.org/netdev/20251001131409.155650-1-viswanathiyyappan@xxxxxxxxx/
>
> v2:
> - Add Fixes tag
>
>   drivers/net/usb/lan78xx.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
> index 42d35cc6b421..b4b086f86ed8 100644
> --- a/drivers/net/usb/lan78xx.c
> +++ b/drivers/net/usb/lan78xx.c
> @@ -3247,10 +3247,6 @@ static int lan78xx_reset(struct lan78xx_net *dev)
>   		}
>   	} while (buf & HW_CFG_LRST_);
>   
> -	ret = lan78xx_init_mac_address(dev);
> -	if (ret < 0)
> -		return ret;
> -
>   	/* save DEVID for later usage */
>   	ret = lan78xx_read_reg(dev, ID_REV, &buf);
>   	if (ret < 0)
> @@ -3259,6 +3255,10 @@ static int lan78xx_reset(struct lan78xx_net *dev)
>   	dev->chipid = (buf & ID_REV_CHIP_ID_MASK_) >> 16;
>   	dev->chiprev = buf & ID_REV_CHIP_REV_MASK_;
>   
> +	ret = lan78xx_init_mac_address(dev);
> +	if (ret < 0)
> +		return ret;
> +
>   	/* Respond to the IN token with a NAK */
>   	ret = lan78xx_read_reg(dev, USB_CFG0, &buf);
>   	if (ret < 0)