| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250710124357.25ab8da1@kernel.org>
Date: Thu, 10 Jul 2025 12:43:57 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Marek Szyprowski <m.szyprowski@...sung.com>
Cc: Kuniyuki Iwashima <kuniyu@...gle.com>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni
<pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Kuniyuki Iwashima
<kuni1840@...il.com>, netdev@...r.kernel.org, Jason Baron
<jbaron@...mai.com>
Subject: Re: [PATCH v1 net] netlink: Fix wraparounds of sk->sk_rmem_alloc.
On Thu, 10 Jul 2025 10:34:00 +0200 Marek Szyprowski wrote:
> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > Reported-by: Jason Baron <jbaron@...mai.com>
> > Closes: https://lore.kernel.org/netdev/cover.1750285100.git.jbaron@akamai.com/
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...gle.com>
>
> This patch landed recently in linux-next as commit ae8f160e7eb2
> ("netlink: Fix wraparounds of sk->sk_rmem_alloc."). In my tests I found
> that it breaks wifi drivers operation on my tests boards (various ARM
> 32bit and 64bit ones). Reverting it on top of next-20250709 fixes this
> issue. Here is the log from the failure observed on the Samsung
> Peach-Pit Chromebook:
>
> # dmesg | grep wifi
> [ 16.174311] mwifiex_sdio mmc2:0001:1: WLAN is not the winner! Skip FW
> dnld
> [ 16.503969] mwifiex_sdio mmc2:0001:1: WLAN FW is active
> [ 16.574635] mwifiex_sdio mmc2:0001:1: host_mlme: disable, key_api: 2
> [ 16.586152] mwifiex_sdio mmc2:0001:1: CMD_RESP: cmd 0x242 error,
> result=0x2
> [ 16.641184] mwifiex_sdio mmc2:0001:1: info: MWIFIEX VERSION: mwifiex
> 1.0 (15.68.7.p87)
> [ 16.649474] mwifiex_sdio mmc2:0001:1: driver_version = mwifiex 1.0
> (15.68.7.p87)
> [ 25.953285] mwifiex_sdio mmc2:0001:1 wlan0: renamed from mlan0
> # ifconfig wlan0 up
> # iw wlan0 scan
> command failed: No buffer space available (-105)
> #
>
> Let me know if You need more information to debug this issue.
Thanks a lot for the report! I don't see any obvious bugs.
Would you be able to test this?
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 79fbaf7333ce..aeb05d99e016 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2258,11 +2258,11 @@ static int netlink_dump(struct sock *sk, bool lock_taken)
struct netlink_ext_ack extack = {};
struct netlink_callback *cb;
struct sk_buff *skb = NULL;
+ unsigned int rmem, rcvbuf;
size_t max_recvmsg_len;
struct module *module;
int err = -ENOBUFS;
int alloc_min_size;
- unsigned int rmem;
int alloc_size;
if (!lock_taken)
@@ -2294,8 +2294,9 @@ static int netlink_dump(struct sock *sk, bool lock_taken)
if (!skb)
goto errout_skb;
+ rcvbuf = READ_ONCE(sk->sk_rcvbuf);
rmem = atomic_add_return(skb->truesize, &sk->sk_rmem_alloc);
- if (rmem >= READ_ONCE(sk->sk_rcvbuf)) {
+ if (rmem != skb->truesize && rmem >= rcvbuf) {
atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
goto errout_skb;
}
Powered by blists - more mailing lists