lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 08 Mar 2020 16:26:21 +0100
From:   Bjørn Mork <bjorn@...k.no>
To:     Paul Gildea <paul.gildea@...il.com>
Cc:     "davem\@davemloft.net" <davem@...emloft.net>,
        "netdev\@vger.kernel.org" <netdev@...r.kernel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: usb: qmi_wwan: Fix for packets being rejected in the ring buffer used by the xHCI controller.

Paul Gildea <paul.gildea@...il.com> writes:

> When MTU of modem is set to less than 1500 and a packet larger than MTU
> arrives in Linux from a modem, it is discarded with -EOVERFLOW error
> (Babble error). This is seen on USB3.0 and USB2.0 busses. This is
> essentially because the MRU (Max Receive Size) is not a separate entity to
> the MTU (Max Transmit Size) and the received packets can be larger than
> those transmitted. Following the babble error there were an endless supply
> of zero-length URBs which are rejected with -EPROTO (increasing the rx
> input error counter each time). This is only seen on USB3.0. These continue
> to come ad infinitum until the modem is shutdown, rendering the modem
> unusable. There is a bug in the core USB handling code in Linux that
> doesn't deal well with network MTUs smaller than 1500 bytes. By default the
> dev->hard_mtu (the "real" MTU) is in lockstep with dev->rx_urb_size
> (essentially an MRU), and it's the latter that is causing trouble. This has
> nothing to do with the modems; the issue can be reproduced by getting a
> USB-Ethernet dongle, setting the MTU to 1430, and pinging with size greater
> than 1406.
>
> Signed-off-by: Paul Gildea <Paul.Gildea@...il.com>
> ---
> drivers/net/usb/qmi_wwan.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
> index 5754bb6..545c772 100644
> --- a/drivers/net/usb/qmi_wwan.c
> +++ b/drivers/net/usb/qmi_wwan.c
> @@ -815,6 +815,13 @@ static int qmi_wwan_bind(struct usbnet *dev, struct
> usb_interface *intf)
>     }
>     dev->net->netdev_ops = &qmi_wwan_netdev_ops;
>     dev->net->sysfs_groups[0] = &qmi_wwan_sysfs_attr_group;
> +    /* LTE Networks don't always respect their own MTU on receive side;
> +    * e.g. AT&T pushes 1430 MTU but still allows 1500 byte packets from
> +    * far-end network. Make receive buffer large enough to accommodate
> +    * them, and add four bytes so MTU does not equal MRU on network
> +    * with 1500 MTU otherwise usbnet_change_mtu() will change both.
> +    */
> +   dev->rx_urb_size = ETH_DATA_LEN + 4;
>  err:
>     return status;
>  }
> --
> 1.9.1


This is fine as a first step towards saner buffer handling in qmi_wwan.
If real world devices use asymmetric MTUs, then we should just deal with
that.

So I was going to add my ack.  But the patch does not apply:


 bjorn@...aculix:/usr/local/src/git/linux$ git am /tmp/l
 Applying: net: usb: qmi_wwan: Fix for packets being rejected in the ring buffer used by the xHCI controller.
 error: corrupt patch at line 10

and checkpatch says why:

 bjorn@...aculix:/usr/local/src/git/linux$ scripts/checkpatch.pl /tmp/l
 ERROR: patch seems to be corrupt (line wrapped?)
 #34: FILE: drivers/net/usb/qmi_wwan.c:814:
 usb_interface *intf)


Could you fix up and resend? You might have to use a different email
client.  See
https://www.kernel.org/doc/html/latest/process/email-clients.html#email-clients


Bjørn

Powered by blists - more mailing lists