lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Mar 2024 21:07:34 +0100
From: Philipp Hortmann <philipp.g.hortmann@...il.com>
To: Dan Carpenter <dan.carpenter@...aro.org>, Lee Jones <lee@...nel.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org,
 Larry.Finger@...inger.net, johannes@...solutions.net, kvalo@...nel.org,
 arnd@...db.de
Subject: Re: [RFC] staging: wlan-ng: Driver broken since kernel 5.15

On 3/11/24 08:04, Dan Carpenter wrote:
> On Sat, Mar 09, 2024 at 11:09:24PM +0100, Philipp Hortmann wrote:
>> Hi,
>>
>> I would remove the driver from the mainline kernel. What are your thoughts?
>>
>> I bought two WLAN devices (DUT: D-Link DWL-122 and T-Sinus 111 data) that
>> are supported by wlan-ng driver. Issue is that the driver is not working
>> anymore.
>>
>> The error picture is that the device does not receive any packets.
>> The dmesg says:
>> [  123.695917] prism2_usb 2-1.6:1.0 wlan0: Unknown mgmt request message
>> 0x0e4f9800
>> [  127.508211] prism2_usb 2-1.6:1.0 wlan0: Unknown mgmt request message
>> 0x04f0d000
>> ...
>>
>> A working commit 8fc4fb1728855a22f9149079ba51877f5ee61fc9 (HEAD) Date: Mon
>> Jul 5 11:16:28 2021 -0700
>> A failing commit  d980cc0620ae77ab2572235a1300bf22519f2e86 (HEAD) Date:  Fri
>> Jul 16 19:08:09 2021 -0700
> 
> Those dates are 11 days apart during the v5.14 merge window.  You're
> saying 5.15 is broken but the broken commit is in 5.14-rc2 so it really
> was broken earlier.
> 
> There were only 3 patches to wlan-ng between v5.13 and v5.14.
> 
> $ git log --oneline v5.13..v5.14 drivers/staging/wlan-ng/
> b1e9109aeff3 staging: wlan-ng: silence incorrect type in argument 1 (different address spaces)
> ad843f392035 staging: wlan-ng: remove redundant initialization of variable txresult
> ea82ff749587 staging: wlan-ng: cfg80211: Move large struct onto the heap
> 
> Obviously I'm going to suspect the largest patch.  Reviewing that patch
> now, I see we removed a memset() from the loop.  That seems like a bug.
> 
> -               memset(&msg2, 0, sizeof(msg2));
> -               msg2.msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
> -               msg2.bssindex.data = i;
> +               msg2->msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
> +               msg2->bssindex.data = i;
> 
> That's the only interesting change so I suspect it's the issue...
> Could you test this patch?  I feel like if you're the first person to
> complain since Aug 29 2021 then probably we should just remove the
> driver.  Greg is on vacation so lets hold off on removing it until he
> comes back.
> 
> regards,
> dan carpenter
> 
> 
> diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
> index 471bb310176f..0c270ed8ce67 100644
> --- a/drivers/staging/wlan-ng/cfg80211.c
> +++ b/drivers/staging/wlan-ng/cfg80211.c
> @@ -347,6 +347,7 @@ static int prism2_scan(struct wiphy *wiphy,
>   	for (i = 0; i < numbss; i++) {
>   		int freq;
>   
> +		memset(msg2, 0, sizeof(*msg2));
>   		msg2->msgcode = DIDMSG_DOT11REQ_SCAN_RESULTS;
>   		msg2->bssindex.data = i;
>   


Hi Dan,

sorry it is so crowded here.

You are right with the statement that it is this commit.
commit ea82ff749587807fa48e3277c977ff3cec266f25 (HEAD)
Author: Lee Jones <lee.jones@...aro.org>
Date:   Wed Apr 14 19:10:39 2021 +0100

     staging: wlan-ng: cfg80211: Move large struct onto the heap

     Fixes the following W=1 kernel build warning(s):

      drivers/staging/wlan-ng/cfg80211.c: In function ‘prism2_scan’:
      drivers/staging/wlan-ng/cfg80211.c:388:1: warning: the frame size 
of 1296 bytes is larger than 1024 bytes [-Wframe-larger-than=]

But It is not depending on the line you pointed to.

I need another week to look into this.

Thanks for your support.

Bye Philipp


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ