| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6c772d15-d249-4175-93f4-ca523006129b@gmail.com>
Date: Sun, 17 Mar 2024 21:07:34 +0100
From: Philipp Hortmann <philipp.g.hortmann@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>, Lee Jones <lee@...nel.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
Larry.Finger@...inger.net, johannes@...solutions.net, kvalo@...nel.org,
arnd@...db.de
Subject: Re: [RFC] staging: wlan-ng: Driver broken since kernel 5.15
On 3/11/24 08:04, Dan Carpenter wrote:
> On Sat, Mar 09, 2024 at 11:09:24PM +0100, Philipp Hortmann wrote:
>> Hi,
>>
>> I would remove the driver from the mainline kernel. What are your thoughts?
>>
>> I bought two WLAN devices (DUT: D-Link DWL-122 and T-Sinus 111 data) that
>> are supported by wlan-ng driver. Issue is that the driver is not working
>> anymore.
>>
>> The error picture is that the device does not receive any packets.
>> The dmesg says:
>> [ 123.695917] prism2_usb 2-1.6:1.0 wlan0: Unknown mgmt request message
>> 0x0e4f9800
>> [ 127.508211] prism2_usb 2-1.6:1.0 wlan0: Unknown mgmt request message
>> 0x04f0d000
>> ...
>>
>> A working commit 8fc4fb1728855a22f9149079ba51877f5ee61fc9 (HEAD) Date: Mon
>> Jul 5 11:16:28 2021 -0700
>> A failing commit d980cc0620ae77ab2572235a1300bf22519f2e86 (HEAD) Date: Fri
>> Jul 16 19:08:09 2021 -0700
>
> Those dates are 11 days apart during the v5.14 merge window. You're
> saying 5.15 is broken but the broken commit is in 5.14-rc2 so it really
> was broken earlier.
>
> There were only 3 patches to wlan-ng between v5.13 and v5.14.
>
> $ git log --oneline v5.13..v5.14 drivers/staging/wlan-ng/
> b1e9109aeff3 staging: wlan-ng: silence incorrect type in argument 1 (different address spaces)
> ad843f392035 staging: wlan-ng: remove redundant initialization of variable txresult
> ea82ff749587 staging: wlan-ng: cfg80211: Move large struct onto the heap
>
> Obviously I'm going to suspect the largest patch. Reviewing that patch
> now, I see we removed a memset() from the loop. That seems like a bug.
>
> - memset(&msg2, 0, sizeof(msg2));
> - msg2.msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
> - msg2.bssindex.data = i;
> + msg2->msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
> + msg2->bssindex.data = i;
>
> That's the only interesting change so I suspect it's the issue...
> Could you test this patch? I feel like if you're the first person to
> complain since Aug 29 2021 then probably we should just remove the
> driver. Greg is on vacation so lets hold off on removing it until he
> comes back.
>
> regards,
> dan carpenter
>
>
> diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
> index 471bb310176f..0c270ed8ce67 100644
> --- a/drivers/staging/wlan-ng/cfg80211.c
> +++ b/drivers/staging/wlan-ng/cfg80211.c
> @@ -347,6 +347,7 @@ static int prism2_scan(struct wiphy *wiphy,
> for (i = 0; i < numbss; i++) {
> int freq;
>
> + memset(msg2, 0, sizeof(*msg2));
> msg2->msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
> msg2->bssindex.data = i;
>
Hi Dan,
sorry it is so crowded here.
You are right with the statement that it is this commit.
commit ea82ff749587807fa48e3277c977ff3cec266f25 (HEAD)
Author: Lee Jones <lee.jones@...aro.org>
Date: Wed Apr 14 19:10:39 2021 +0100
staging: wlan-ng: cfg80211: Move large struct onto the heap
Fixes the following W=1 kernel build warning(s):
drivers/staging/wlan-ng/cfg80211.c: In function ‘prism2_scan’:
drivers/staging/wlan-ng/cfg80211.c:388:1: warning: the frame size
of 1296 bytes is larger than 1024 bytes [-Wframe-larger-than=]
But It is not depending on the line you pointed to.
I need another week to look into this.
Thanks for your support.
Bye Philipp
Powered by blists - more mailing lists