lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 03 Jun 2021 12:53:48 +0300
From:   Kalle Valo <kvalo@...eaurora.org>
To:     Íñigo Huguet <ihuguet@...hat.com>
Cc:     Jes.Sorensen@...il.com, davem@...emloft.net, kuba@...nel.org,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH] rtl8xxxu: avoid parsing short RX packet

Íñigo Huguet <ihuguet@...hat.com> writes:

> On Tue, May 11, 2021 at 9:19 AM Íñigo Huguet <ihuguet@...hat.com> wrote:
>>
>> One USB data buffer can contain multiple received network
>> packets. If that's the case, they're processed this way:
>> 1. Original buffer is cloned
>> 2. Original buffer is trimmed to contain only the first
>>    network packet
>> 3. This first network packet is passed to network stack
>> 4. Cloned buffer is trimmed to eliminate the first network
>>    packet
>> 5. Repeat with the cloned buffer until there are no more
>>    network packets inside
>>
>> However, if the space remaining in original buffer after
>> the first network packet is not enough to contain at least
>> another network packet descriptor, it is not cloned.
>>
>> The loop parsing this packets ended if remaining space == 0.
>> But if the remaining space was > 0 but < packet descriptor
>> size, another iteration of the loop was done, processing again
>> the previous packet because cloning didn't happen. Moreover,
>> the ownership of this packet had been passed to network
>> stack in the previous iteration.
>>
>> This patch ensures that no extra iteration is done if the
>> remaining size is not enough for one packet, and also avoid
>> the first iteration for the same reason.
>>
>> Probably this doesn't happen in practice, but can happen
>> theoretically.
>>
>> Signed-off-by: Íñigo Huguet <ihuguet@...hat.com>
>
> About 3 weeks ago I sent this patch, but received no response. Any
> feedback would be appreciated.

Maintainers are sometimes so busy that review takes extra long, but you
can always check the state in patchwork:

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches#checking_state_of_patches_from_patchwork

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ