| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jun 2014 15:45:03 +0200 (CEST)
From: Enrico Mioso <mrkiko.rs@...il.com>
To: Bjørn Mork <bjorn@...k.no>
cc: netdev@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: [PATCH net,stable] net: huawei_cdc_ncm: increase command buffer
size
Oh - I forgot to say: I can provide a tested-by in some hours. I have my E3131
at something like 2.1 KM going by feets, from here at University.
On Wed, 18 Jun 2014, Bjørn Mork wrote:
==Date: Wed, 18 Jun 2014 14:21:24
==From: Bjørn Mork <bjorn@...k.no>
==To: netdev@...r.kernel.org
==Cc: linux-usb@...r.kernel.org, Bjørn Mork <bjorn@...k.no>,
== Enrico Mioso <mrkiko.rs@...il.com>
==Subject: [PATCH net,stable] net: huawei_cdc_ncm: increase command buffer size
==
==Messages from the modem exceeding 256 bytes cause communication
==failure.
==
==The WDM protocol is strictly "read on demand", meaning that we only
==poll for unread data after receiving a notification from the modem.
==Since we have no way to know how much data the modem has to send,
==we must make sure that the buffer we provide is "big enough".
==Message truncation does not work. Truncated messages are left unread
==until the modem has another message to send. Which often won't
==happen until the userspace application has given up waiting for the
==final part of the last message, and therefore sends another command.
==
==With a proper CDC WDM function there is a descriptor telling us
==which buffer size the modem uses. But with this vendor specific
==implementation there is no known way to calculate the exact "big
==enough" number. It is an unknown property of the modem firmware.
==Experience has shown that 256 is too small. The discussion of
==this failure ended up concluding that 512 might be too small as
==well. So 1024 seems like a reasonable value for now.
==
==Fixes: 41c47d8cfd68 ("net: huawei_cdc_ncm: Introduce the huawei_cdc_ncm driver")
==Cc: Enrico Mioso <mrkiko.rs@...il.com>
==Reported-by: Dan Williams <dcbw@...hat.com>
==Signed-off-by: Bjørn Mork <bjorn@...k.no>
==---
==
==The problem is a showstopper for anyone hitting it, so I believe this
==fix should go into all maintained stable kernels with this driver.
==That is anything based on v3.13 or newer.
==
==Thanks,
==Bjørn
==
==
== drivers/net/usb/huawei_cdc_ncm.c | 7 ++++---
== 1 file changed, 4 insertions(+), 3 deletions(-)
==
==diff --git a/drivers/net/usb/huawei_cdc_ncm.c b/drivers/net/usb/huawei_cdc_ncm.c
==index f9822bc75425..5d95a13dbe2a 100644
==--- a/drivers/net/usb/huawei_cdc_ncm.c
==+++ b/drivers/net/usb/huawei_cdc_ncm.c
==@@ -84,12 +84,13 @@ static int huawei_cdc_ncm_bind(struct usbnet *usbnet_dev,
== ctx = drvstate->ctx;
==
== if (usbnet_dev->status)
==- /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256
==- * decimal (0x100)"
==+ /* The wMaxCommand buffer must be big enough to hold
==+ * any message from the modem. Experience has shown
==+ * that some replies are more than 256 bytes long
== */
== subdriver = usb_cdc_wdm_register(ctx->control,
== &usbnet_dev->status->desc,
==- 256, /* wMaxCommand */
==+ 1024, /* wMaxCommand */
== huawei_cdc_ncm_wdm_manage_power);
== if (IS_ERR(subdriver)) {
== ret = PTR_ERR(subdriver);
==--
==2.0.0
==
==
Powered by blists - more mailing lists