From patchwork Fri Apr 10 13:02:28 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Kazior X-Patchwork-Id: 6195411 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 78CC0BF4A6 for ; Fri, 10 Apr 2015 13:05:25 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 8467C2037E for ; Fri, 10 Apr 2015 13:05:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5A72E2035B for ; Fri, 10 Apr 2015 13:05:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932453AbbDJNFQ (ORCPT ); Fri, 10 Apr 2015 09:05:16 -0400 Received: from mail-lb0-f173.google.com ([209.85.217.173]:33044 "EHLO mail-lb0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755739AbbDJNFO (ORCPT ); Fri, 10 Apr 2015 09:05:14 -0400 Received: by lbbzk7 with SMTP id zk7so13203464lbb.0 for ; Fri, 10 Apr 2015 06:05:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tieto.com; s=google; h=from:to:cc:subject:date:message-id; bh=luQlk8yF2SoSJbu4VXKq6Lz5/NvvBQw2V+CPBwnvfD8=; b=g2fpERE5iL3jPOhSFB4F9a6edhxKSXg6xkmCEZJEw5SUNG29FtrlHwG1OIqIE1uYmj XAeT1YWhn9iKUfrvy3MkK2aYpdtm28VfVOij9anwrVjtdjQUzdKgy4NJGDAOKyVLyJ3+ 3OLYA0LvG4XUHdxQ85+4KcMypXoBVsfXxoZY0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=luQlk8yF2SoSJbu4VXKq6Lz5/NvvBQw2V+CPBwnvfD8=; b=UhodWVj3FF9LJ1Cooed5Qm0iKMN6pkhz4CE0eT5+KTcMg02MpVG+6KIUrzGgHl82wK mBeqtHJOO17U3tR4ZHTyhoWza1WIVz3WIkwISToRce4ms+xCUjiLdwS2idES6iIxdwq2 U8ou8qNyr26bjRc+KXPqKvTbBi10OdPB221CiC8L7YHmfpUfPYmPLllnFNOEQ1N6eLlX MuhPa8KE6k/Ar30sEErAA9b0qLDYavt/ZpxL/OhOR3h6KbkLUc8kGJXcZj8wJlIwezez uhIgSexw6gU1NzCbaKpGl8rD6WmkkZGzVJfcfCSlPnnLPzY0vqTp2dVXMT8kbJmAXOgh TvrQ== X-Gm-Message-State: ALoCoQmJUbV5NkF+JTcYUo6la26iA/5ZNHhde7pPBAI8ic1BxvSYj6BZD3f36D3ycRnPkAaL7ZgjcxE+ZWBDmRZ8nJIcMvmkKcBphEHNt91fkgoJrrnBmmCKfOBiEevcACBYYrG+ZNwz X-Received: by 10.152.5.39 with SMTP id p7mr1394795lap.18.1428671113389; Fri, 10 Apr 2015 06:05:13 -0700 (PDT) Received: from bob.homerouter.cpe (apn-46-215-71-130.dynamic.gprs.plus.pl. [46.215.71.130]) by mx.google.com with ESMTPSA id an8sm451429lac.25.2015.04.10.06.05.12 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 10 Apr 2015 06:05:12 -0700 (PDT) From: Michal Kazior To: ath10k@lists.infradead.org Cc: linux-wireless@vger.kernel.org, Michal Kazior Subject: [PATCH] ath10k: add extra check for frame tracing Date: Fri, 10 Apr 2015 13:02:28 +0000 Message-Id: <1428670948-7665-1-git-send-email-michal.kazior@tieto.com> X-Mailer: git-send-email 2.1.4 X-DomainID: tieto.com Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Frames are logged via tracing in two slices: header and payload, separately. This is done for performance reasons when one wants to, e.g. analyse metadata only of frames only. If for some reason device delivered a frame buffer which was sized below what 802.11 header implied tracing logic would blow doing an invalid memory accesses. I've hit this problem when running IBSS on QCA988X with 999.999.0.636 and tracing at the same time. Fixes: 5ce8e7fdcc7a ("ath10k: handle ieee80211 header and payload tracing separately") Signed-off-by: Michal Kazior --- drivers/net/wireless/ath/ath10k/trace.h | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/trace.h b/drivers/net/wireless/ath/ath10k/trace.h index 71dfcd96354b..71bdb368813d 100644 --- a/drivers/net/wireless/ath/ath10k/trace.h +++ b/drivers/net/wireless/ath/ath10k/trace.h @@ -21,11 +21,16 @@ #include "core.h" #if !defined(_TRACE_H_) -static inline u32 ath10k_frm_hdr_len(const void *buf) +static inline u32 ath10k_frm_hdr_len(const void *buf, size_t len) { const struct ieee80211_hdr *hdr = buf; - return ieee80211_hdrlen(hdr->frame_control); + /* In some rare cases (e.g. fcs error) device reports frame buffer + * shorter than what frame header implies (e.g. len = 0). The buffer + * can still be accessed so do a simple min() to guarantee caller + * doesn't get value greater than len. + */ + return min_t(u32, len, ieee80211_hdrlen(hdr->frame_control)); } #endif @@ -360,13 +365,13 @@ DECLARE_EVENT_CLASS(ath10k_hdr_event, __string(device, dev_name(ar->dev)) __string(driver, dev_driver_string(ar->dev)) __field(size_t, len) - __dynamic_array(u8, data, ath10k_frm_hdr_len(data)) + __dynamic_array(u8, data, ath10k_frm_hdr_len(data, len)) ), TP_fast_assign( __assign_str(device, dev_name(ar->dev)); __assign_str(driver, dev_driver_string(ar->dev)); - __entry->len = ath10k_frm_hdr_len(data); + __entry->len = ath10k_frm_hdr_len(data, len); memcpy(__get_dynamic_array(data), data, __entry->len); ), @@ -387,15 +392,16 @@ DECLARE_EVENT_CLASS(ath10k_payload_event, __string(device, dev_name(ar->dev)) __string(driver, dev_driver_string(ar->dev)) __field(size_t, len) - __dynamic_array(u8, payload, (len - ath10k_frm_hdr_len(data))) + __dynamic_array(u8, payload, (len - + ath10k_frm_hdr_len(data, len))) ), TP_fast_assign( __assign_str(device, dev_name(ar->dev)); __assign_str(driver, dev_driver_string(ar->dev)); - __entry->len = len - ath10k_frm_hdr_len(data); + __entry->len = len - ath10k_frm_hdr_len(data, len); memcpy(__get_dynamic_array(payload), - data + ath10k_frm_hdr_len(data), __entry->len); + data + ath10k_frm_hdr_len(data, len), __entry->len); ), TP_printk(