| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87wo7una02.fsf@miraculix.mork.no>
Date: Sun, 08 Mar 2020 16:26:21 +0100
From: Bjørn Mork <bjorn@...k.no>
To: Paul Gildea <paul.gildea@...il.com>
Cc: "davem\@davemloft.net" <davem@...emloft.net>,
"netdev\@vger.kernel.org" <netdev@...r.kernel.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: usb: qmi_wwan: Fix for packets being rejected in the ring buffer used by the xHCI controller.
Paul Gildea <paul.gildea@...il.com> writes:
> When MTU of modem is set to less than 1500 and a packet larger than MTU
> arrives in Linux from a modem, it is discarded with -EOVERFLOW error
> (Babble error). This is seen on USB3.0 and USB2.0 busses. This is
> essentially because the MRU (Max Receive Size) is not a separate entity to
> the MTU (Max Transmit Size) and the received packets can be larger than
> those transmitted. Following the babble error there were an endless supply
> of zero-length URBs which are rejected with -EPROTO (increasing the rx
> input error counter each time). This is only seen on USB3.0. These continue
> to come ad infinitum until the modem is shutdown, rendering the modem
> unusable. There is a bug in the core USB handling code in Linux that
> doesn't deal well with network MTUs smaller than 1500 bytes. By default the
> dev->hard_mtu (the "real" MTU) is in lockstep with dev->rx_urb_size
> (essentially an MRU), and it's the latter that is causing trouble. This has
> nothing to do with the modems; the issue can be reproduced by getting a
> USB-Ethernet dongle, setting the MTU to 1430, and pinging with size greater
> than 1406.
>
> Signed-off-by: Paul Gildea <Paul.Gildea@...il.com>
> ---
> drivers/net/usb/qmi_wwan.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
> index 5754bb6..545c772 100644
> --- a/drivers/net/usb/qmi_wwan.c
> +++ b/drivers/net/usb/qmi_wwan.c
> @@ -815,6 +815,13 @@ static int qmi_wwan_bind(struct usbnet *dev, struct
> usb_interface *intf)
> }
> dev->net->netdev_ops = &qmi_wwan_netdev_ops;
> dev->net->sysfs_groups[0] = &qmi_wwan_sysfs_attr_group;
> + /* LTE Networks don't always respect their own MTU on receive side;
> + * e.g. AT&T pushes 1430 MTU but still allows 1500 byte packets from
> + * far-end network. Make receive buffer large enough to accommodate
> + * them, and add four bytes so MTU does not equal MRU on network
> + * with 1500 MTU otherwise usbnet_change_mtu() will change both.
> + */
> + dev->rx_urb_size = ETH_DATA_LEN + 4;
> err:
> return status;
> }
> --
> 1.9.1
This is fine as a first step towards saner buffer handling in qmi_wwan.
If real world devices use asymmetric MTUs, then we should just deal with
that.
So I was going to add my ack. But the patch does not apply:
bjorn@...aculix:/usr/local/src/git/linux$ git am /tmp/l
Applying: net: usb: qmi_wwan: Fix for packets being rejected in the ring buffer used by the xHCI controller.
error: corrupt patch at line 10
and checkpatch says why:
bjorn@...aculix:/usr/local/src/git/linux$ scripts/checkpatch.pl /tmp/l
ERROR: patch seems to be corrupt (line wrapped?)
#34: FILE: drivers/net/usb/qmi_wwan.c:814:
usb_interface *intf)
Could you fix up and resend? You might have to use a different email
client. See
https://www.kernel.org/doc/html/latest/process/email-clients.html#email-clients
Bjørn
Powered by blists - more mailing lists