lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 17 Feb 2014 14:36:06 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	emilgoode@...il.com
Cc:	steve.glendinning@...well.net, oneukum@...e.de, bjorn@...k.no,
	freddy@...x.com.tw, edumazet@...gle.com, ming.lei@...onical.com,
	paul.gortmaker@...driver.com, jeffrey.t.kirsher@...el.com,
	liujunliang_ljl@....com, octavian.purdila@...el.com,
	linux-usb@...r.kernel.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] usbnet: remove generic hard_header_len check

From: Emil Goode <emilgoode@...il.com>
Date: Thu, 13 Feb 2014 17:50:19 +0100

> This patch removes a generic hard_header_len check from the usbnet
> module that is causing dropped packages under certain circumstances
> for devices that send rx packets that cross urb boundaries.
> 
> One example is the AX88772B which occasionally send rx packets that
> cross urb boundaries where the remaining partial packet is sent with
> no hardware header. When the buffer with a partial packet is of less
> number of octets than the value of hard_header_len the buffer is
> discarded by the usbnet module.
> 
> With AX88772B this can be reproduced by using ping with a packet
> size between 1965-1976.
> 
> The bug has been reported here:
> 
> https://bugzilla.kernel.org/show_bug.cgi?id=29082
> 
> This patch introduces the following changes:
> - Removes the generic hard_header_len check in the rx_complete
>   function in the usbnet module.
> - Introduces a ETH_HLEN check for skbs that are not cloned from
>   within a rx_fixup callback.
> - For safety a hard_header_len check is added to each rx_fixup
>   callback function that could be affected by this change.
>   These extra checks could possibly be removed by someone
>   who has the hardware to test.
> - Removes a call to dev_kfree_skb_any() and instead utilizes the
>   dev->done list to queue skbs for cleanup.
> 
> The changes place full responsibility on the rx_fixup callback
> functions that clone skbs to only pass valid skbs to the
> usbnet_skb_return function.
> 
> Signed-off-by: Emil Goode <emilgoode@...il.com>
> Reported-by: Igor Gnatenko <i.gnatenko.brain@...il.com>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ