lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20eec98e-960c-cece-21e4-01e26b44233e@freenet.de>
Date:   Thu, 16 Jul 2020 10:15:30 +0200
From:   Viktor Jägersküpper 
        <viktor_jaegerskuepper@...enet.de>
To:     Kalle Valo <kvalo@...eaurora.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Gabriel C <nix.or.die@...glemail.com>,
        Jiri Slaby <jirislaby@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        stable <stable@...r.kernel.org>, lwn@....net,
        angrypenguinpoland@...il.com, Qiujun Huang <hqjagain@...il.com>,
        ath9k-devel <ath9k-devel@....qualcomm.com>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        Roman Mamedov <rm@...anrm.net>
Subject: Re: ath9k broken [was: Linux 5.7.3]

[CC'ed Roman]

Kalle Valo:
> Viktor Jägersküpper <viktor_jaegerskuepper@...enet.de> writes:
> 
>> Greg Kroah-Hartman wrote:
>>> On Fri, Jun 26, 2020 at 04:40:18PM +0200, Gabriel C wrote:
>>>> Am Fr., 26. Juni 2020 um 15:51 Uhr schrieb Gabriel C
>>>> <nix.or.die@...glemail.com>:
>>>>>
>>>>> Am Fr., 26. Juni 2020 um 15:40 Uhr schrieb Greg Kroah-Hartman
>>>>> <gregkh@...uxfoundation.org>:
>>>>>>
>>>>>> On Fri, Jun 26, 2020 at 01:48:59PM +0200, Gabriel C wrote:
>>>>>>> Am Do., 25. Juni 2020 um 12:52 Uhr schrieb Gabriel C
>>>>>>> <nix.or.die@...glemail.com>:
>>>>>>>>
>>>>>>>> Am Do., 25. Juni 2020 um 12:48 Uhr schrieb Gabriel C
>>>>>>>> <nix.or.die@...glemail.com>:
>>>>>>>>>
>>>>>>>>> Am Do., 25. Juni 2020 um 06:57 Uhr schrieb Jiri Slaby <jirislaby@...nel.org>:
>>>>>>>>>>
>>>>>>>>>> On 25. 06. 20, 0:05, Gabriel C wrote:
>>>>>>>>>>> Am Mi., 17. Juni 2020 um 18:13 Uhr schrieb Greg Kroah-Hartman
>>>>>>>>>>> <gregkh@...uxfoundation.org>:
>>>>>>>>>>>>
>>>>>>>>>>>> I'm announcing the release of the 5.7.3 kernel.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Hello Greg,
>>>>>>>>>>>
>>>>>>>>>>>> Qiujun Huang (5):
>>>>>>>>>>>>       ath9k: Fix use-after-free Read in htc_connect_service
>>>>>>>>>>>>       ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
>>>>>>>>>>>>       ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
>>>>>>>>>>>>       ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
>>>>>>>>>>>>       ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> We got a report on IRC about 5.7.3+ breaking a USB ath9k Wifi Dongle,
>>>>>>>>>>> while working fine on <5.7.3.
>>>>>>>>>>>
>>>>>>>>>>> I don't have myself such HW, and the reported doesn't have any experience
>>>>>>>>>>> in bisecting the kernel, so we build kernels, each with one of the
>>>>>>>>>>> above commits reverted,
>>>>>>>>>>> to find the bad commit.
>>>>>>>>>>>
>>>>>>>>>>> The winner is:
>>>>>>>>>>>
>>>>>>>>>>> commit 6602f080cb28745259e2fab1a4cf55eeb5894f93
>>>>>>>>>>> Author: Qiujun Huang <hqjagain@...il.com>
>>>>>>>>>>> Date:   Sat Apr 4 12:18:38 2020 +0800
>>>>>>>>>>>
>>>>>>>>>>>     ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
>>>>>>>>>>>
>>>>>>>>>>>     commit 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05 upstream.
>>>>>>>>>>> ...
>>>>>>>>>>>
>>>>>>>>>>> Reverting this one fixed his problem.
>>>>>>>>>>
>>>>>>>>>> Obvious question: is 5.8-rc1 (containing the commit) broken too?
>>>>>>>>>
>>>>>>>>> Yes, it does, just checked.
>>>>>>>>>
>>>>>>>>> git tag --contains 2bbcaaee1fcbd83272e29f31e2bb7e70d8c49e05
>>>>>>>>> v5.8-rc1
>>>>>>>>> v5.8-rc2
>>>>>>>>>
>>>>>>>>
>>>>>>>> Sorry, I read the wrong, I just woke up.
>>>>>>>>
>>>>>>>> We didn't test 5.8-rc{1,2} yet but we will today and let you know.
>>>>>>>>
>>>>>>>
>>>>>>> We tested 5.8-rc2 and it is broken too.
>>>>>>>
>>>>>>> The exact HW name is:
>>>>>>>
>>>>>>> TP-link tl-wn722n (Atheros AR9271 chip)
>>>>>>
>>>>>> Great!
>>>>>>
>>>>>> Can you work with the developers to fix this in Linus's tree first?
>>>>>
>>>>> I'm the man in the middle, but sure we will try patches or any suggestions
>>>>> from developers to identify and fix the problem.
>>>>>
>>>>>>
>>>>>> I bet they want to see the output of 'lsusb -v' for this device to see
>>>>>> if the endpoint calculations are correct...
>>>>>>
>>>>>
>>>>> Working on it. As soon the reporter gives me the output, I will post it here.
>>>>> I've told him to run it on a broken and one working kernel.
>>>>
>>>> That is from a good kernel with reverted commit
>>>> https://gist.github.com/AngryPenguinPL/07c8e2abd3b103eaf8978a39ad8577d1
>>>>
>>>> That is from the broken kernel without the commit reverted
>>>> https://gist.github.com/AngryPenguinPL/5cdc0dd16ce5e59ff3c32c048e2f5111
>>>>
>>>> This is from 5.7.5 kernel, I don't have yet a 5.8-rc2 package with the
>>>> reverted commit.
>>>
>>> Did this ever get resolved?
>>>
>>> thanks,
>>>
>>> greg k-h
>>>
>>
>> This bug was also reported on the thread where it had been posted originally:
>> https://lore.kernel.org/linux-wireless/20200621020428.6417d6fb@natsu/
>>
>> I am waiting for Kalle Valo to accept my patch (v2) which reverts the above
>> mentioned commit and which looks correct according to him. He wrote that he
>> would take a closer look at this as soon as he could.
> 
> Mark posted a patch which I'm hoping to fix the issue:
> 
> [1/1] ath9k: Fix regression with Atheros 9271
> 
> https://patchwork.kernel.org/patch/11657669/
> 
> Can someone confirm this, please? I would rather take Mark's fix than
> the revert.
> 

12345678901234567890123456789012345678901234567890123456789012345678901234567890
This fixes the issue for me. Unfortunately the revert landed in 5.7.9 (it was
also queued for the older releases, but I didn't check them) because Hans de
Goede requested it since he didn't know about Mark's patch. So if you want to
fix the stable and longterm kernels properly, we need another patch which
includes a re-revert and Mark's patch. But Mark's patch should definitely land
in the mainline kernel first.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ