kern/59997: if_ure.c has a check to avoid setting hardware capabilities that's impossible to satisfy

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/59997: if_ure.c has a check to avoid setting hardware capabilities that's impossible to satisfy
From: "david%gutteridge.ca@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Thu, 12 Feb 2026 01:20:01 +0000 (UTC)

>Number:         59997
>Category:       kern
>Synopsis:       if_ure.c has a check to avoid setting hardware capabilities that's impossible to satisfy
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 12 01:20:00 +0000 2026
>Originator:     David H. Gutteridge
>Release:        HEAD as of 2026-02-11
>Organization:
TNF
>Environment:
NetBSD arcusxx.nonus-porta.net 11.99.5 NetBSD 11.99.5 (GENERIC) #0: Sun Feb  8 14:58:19 UTC 2026  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
if_ure.c has a check to avoid setting hardware capabilities that's
impossible to satisfy, given the state of the code.

(Line numbers as of if_ure.c r. 1.62.)

At line 939 we have:

if (un->un_flags & ~URE_FLAG_VER_4C00) {
(Which then sets various presumably hardware-specific capabilities.)

However, above this at line 815 we have:

if (uaa->uaa_product == USB_PRODUCT_REALTEK_RTL8152)
    un->un_flags |= URE_FLAG_8152;

The Realtek 4C00 device is an 8152 chipset, thus URE_FLAG_8152 is set,
and the bitwise complement of URE_FLAG_VER_4C00 isn't sufficient to
test what's intended there.

(As a demonstration of that ID combination:
[     4.439971] ure0: Realtek (0x0bda) USB 10/100 LAN (0x8152), rev 2.10/20.00, addr 3
[     4.453798] ure0: RTL8152 ver 4c00
Courtesy of: https://dmesgd.nycbug.org/dmesgd?do=view&id=7514 )

Presumably this test should really be:

if (un->un_flags & ~(URE_FLAG_8152 | URE_FLAG_VER_4C00)) {

This has existed in this state since r. 1.1 of the file. I don't see
the equivalent context in OpenBSD's version, though their code diverges
in all sorts of ways for various reasons, anyway. I haven't looked at
Linux to see contextually what it does -- I assume this oldest device
version "4C00" lacks these capabilities, but don't know the reference.

The reasons I haven't just gone in and changed this:
  * I don't have any "4C00" hardware to test with (I only have much
    newer).
  * I haven't looked at all the equivalent code so far, only OpenBSD.
  * Maybe I'm having a bad day and hallucinating like some code
    inspection tools do.

(I'm happy to commit the change, of course.)
>How-To-Repeat:
Human-powered code inspection.
>Fix:
As above.

Prev by Date: PR/59996 CVS commit: src/sys/uvm
Previous by Thread: PR/59996 CVS commit: src/sys/uvm
Indexes:

Home | Main Index | Thread Index | Old Index