| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Mar 2024 10:04:50 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Philipp Hortmann <philipp.g.hortmann@...il.com>,
Lee Jones <lee@...nel.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
Larry.Finger@...inger.net, johannes@...solutions.net,
kvalo@...nel.org, arnd@...db.de
Subject: Re: [RFC] staging: wlan-ng: Driver broken since kernel 5.15
On Sat, Mar 09, 2024 at 11:09:24PM +0100, Philipp Hortmann wrote:
> Hi,
>
> I would remove the driver from the mainline kernel. What are your thoughts?
>
> I bought two WLAN devices (DUT: D-Link DWL-122 and T-Sinus 111 data) that
> are supported by wlan-ng driver. Issue is that the driver is not working
> anymore.
>
> The error picture is that the device does not receive any packets.
> The dmesg says:
> [ 123.695917] prism2_usb 2-1.6:1.0 wlan0: Unknown mgmt request message
> 0x0e4f9800
> [ 127.508211] prism2_usb 2-1.6:1.0 wlan0: Unknown mgmt request message
> 0x04f0d000
> ...
>
> A working commit 8fc4fb1728855a22f9149079ba51877f5ee61fc9 (HEAD) Date: Mon
> Jul 5 11:16:28 2021 -0700
> A failing commit d980cc0620ae77ab2572235a1300bf22519f2e86 (HEAD) Date: Fri
> Jul 16 19:08:09 2021 -0700
Those dates are 11 days apart during the v5.14 merge window. You're
saying 5.15 is broken but the broken commit is in 5.14-rc2 so it really
was broken earlier.
There were only 3 patches to wlan-ng between v5.13 and v5.14.
$ git log --oneline v5.13..v5.14 drivers/staging/wlan-ng/
b1e9109aeff3 staging: wlan-ng: silence incorrect type in argument 1 (different address spaces)
ad843f392035 staging: wlan-ng: remove redundant initialization of variable txresult
ea82ff749587 staging: wlan-ng: cfg80211: Move large struct onto the heap
Obviously I'm going to suspect the largest patch. Reviewing that patch
now, I see we removed a memset() from the loop. That seems like a bug.
- memset(&msg2, 0, sizeof(msg2));
- msg2.msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
- msg2.bssindex.data = i;
+ msg2->msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
+ msg2->bssindex.data = i;
That's the only interesting change so I suspect it's the issue...
Could you test this patch? I feel like if you're the first person to
complain since Aug 29 2021 then probably we should just remove the
driver. Greg is on vacation so lets hold off on removing it until he
comes back.
regards,
dan carpenter
diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
index 471bb310176f..0c270ed8ce67 100644
--- a/drivers/staging/wlan-ng/cfg80211.c
+++ b/drivers/staging/wlan-ng/cfg80211.c
@@ -347,6 +347,7 @@ static int prism2_scan(struct wiphy *wiphy,
for (i = 0; i < numbss; i++) {
int freq;
+ memset(msg2, 0, sizeof(*msg2));
msg2->msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
msg2->bssindex.data = i;
Powered by blists - more mailing lists