| Message ID | 20191019190222.29681-1-Larry.Finger@lwfinger.net (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | rtlwifi: rtl_pci: Fix problem of too small skb->len | expand |
Hi, This patch doesn't appear to do anything? The increased length is not actually used, is a part of the patch missing? ps: superficial reading, i am not hampered by any specific knowledge of this driver. On 2019-10-19 21:02, Larry Finger wrote: > In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap > only"), buffers whose length is too short cause a WARN_ON(1) to be > executed. This change exposed a fault in rtlwifi drivers, which is fixed > by increasing the length of the affected buffer before it is sent to > mac80211. > > Cc: Stable <stable@vger.kernel.org> # v5.0+ > Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> > --- > > Kalle, > > Please send to v5.4. > > Larry > --- > > drivers/net/wireless/realtek/rtlwifi/pci.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c > index 6087ec7a90a6..bb5144b7c64f 100644 > --- a/drivers/net/wireless/realtek/rtlwifi/pci.c > +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c > @@ -692,7 +692,10 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw *hw, > dev_kfree_skb_any(skb); > } else { > struct sk_buff *uskb = NULL; > + int len = skb->len; > > + if (unlikely(len <= FCS_LEN)) > + len = FCS_LEN + 2; > uskb = dev_alloc_skb(skb->len + 128); > if (likely(uskb)) { > memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status, >
On 10/19/19 5:23 PM, ian.schram wrote: > Hi, > > > This patch doesn't appear to do anything? The increased length is not actually > used, is a part of the patch missing? > > > ps: superficial reading, i am not hampered by any specific knowledge of this > driver. > > On 2019-10-19 21:02, Larry Finger wrote: >> In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap >> only"), buffers whose length is too short cause a WARN_ON(1) to be >> executed. This change exposed a fault in rtlwifi drivers, which is fixed >> by increasing the length of the affected buffer before it is sent to >> mac80211. >> >> Cc: Stable <stable@vger.kernel.org> # v5.0+ >> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> >> --- >> >> Kalle, >> >> Please send to v5.4. >> >> Larry >> --- >> >> drivers/net/wireless/realtek/rtlwifi/pci.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c >> b/drivers/net/wireless/realtek/rtlwifi/pci.c >> index 6087ec7a90a6..bb5144b7c64f 100644 >> --- a/drivers/net/wireless/realtek/rtlwifi/pci.c >> +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c >> @@ -692,7 +692,10 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw *hw, >> dev_kfree_skb_any(skb); >> } else { >> struct sk_buff *uskb = NULL; >> + int len = skb->len; >> + if (unlikely(len <= FCS_LEN)) >> + len = FCS_LEN + 2; >> uskb = dev_alloc_skb(skb->len + 128); >> if (likely(uskb)) { >> memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status, >> Ian, Yes, I debugged using a different tree and missed one use of the new len. V2 submitted. Thanks for noticing. Larry
diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c index 6087ec7a90a6..bb5144b7c64f 100644 --- a/drivers/net/wireless/realtek/rtlwifi/pci.c +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c @@ -692,7 +692,10 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw *hw, dev_kfree_skb_any(skb); } else { struct sk_buff *uskb = NULL; + int len = skb->len; + if (unlikely(len <= FCS_LEN)) + len = FCS_LEN + 2; uskb = dev_alloc_skb(skb->len + 128); if (likely(uskb)) { memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status,
In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap only"), buffers whose length is too short cause a WARN_ON(1) to be executed. This change exposed a fault in rtlwifi drivers, which is fixed by increasing the length of the affected buffer before it is sent to mac80211. Cc: Stable <stable@vger.kernel.org> # v5.0+ Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> --- Kalle, Please send to v5.4. Larry --- drivers/net/wireless/realtek/rtlwifi/pci.c | 3 +++ 1 file changed, 3 insertions(+)