| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Jun 2020 12:52:20 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: jk@...abs.org
Cc: netdev@...r.kernel.org, allan@...x.com.tw, freddy@...x.com.tw,
pfink@...ist-es.de, linux-usb@...r.kernel.org
Subject: Re: [PATCH] net: usb: ax88179_178a: fix packet alignment padding
From: Jeremy Kerr <jk@...abs.org>
Date: Mon, 15 Jun 2020 10:54:56 +0800
> Using a AX88179 device (0b95:1790), I see two bytes of appended data on
> every RX packet. For example, this 48-byte ping, using 0xff as a
> payload byte:
>
> 04:20:22.528472 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 2447, seq 1, length 64
> 0x0000: 000a cd35 ea50 000a cd35 ea4f 0800 4500
> 0x0010: 0054 c116 4000 4001 f63e c0a8 0101 c0a8
> 0x0020: 0102 0800 b633 098f 0001 87ea cd5e 0000
> 0x0030: 0000 dcf2 0600 0000 0000 ffff ffff ffff
> 0x0040: ffff ffff ffff ffff ffff ffff ffff ffff
> 0x0050: ffff ffff ffff ffff ffff ffff ffff ffff
> 0x0060: ffff 961f
>
> Those last two bytes - 96 1f - aren't part of the original packet.
Does this happen for non-tail packets in a multi-packet cluster?
Because that code in this loop makes the same calculations:
ax_skb = skb_clone(skb, GFP_ATOMIC);
if (ax_skb) {
ax_skb->len = pkt_len;
ax_skb->data = skb->data + 2;
skb_set_tail_pointer(ax_skb, pkt_len);
ax_skb->truesize = pkt_len + sizeof(struct sk_buff);
ax88179_rx_checksum(ax_skb, pkt_hdr);
usbnet_skb_return(dev, ax_skb);
So if your change is right, it should be applied to this code block as
well.
And do we know that it's two extra tail bytes always? Or some kind of
alignment padding the chip performs for every sub-packet?
Powered by blists - more mailing lists