| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <649b0ba9-ff82-49d7-8dbf-f17424d9d9eb@samsung.com>
Date: Fri, 11 Jul 2025 01:33:41 +0200
From: Marek Szyprowski <m.szyprowski@...sung.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Kuniyuki Iwashima <kuniyu@...gle.com>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni
<pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Kuniyuki Iwashima
<kuni1840@...il.com>, netdev@...r.kernel.org, Jason Baron
<jbaron@...mai.com>
Subject: Re: [PATCH v1 net] netlink: Fix wraparounds of sk->sk_rmem_alloc.
On 10.07.2025 21:43, Jakub Kicinski wrote:
> On Thu, 10 Jul 2025 10:34:00 +0200 Marek Szyprowski wrote:
>>> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
>>> Reported-by: Jason Baron <jbaron@...mai.com>
>>> Closes: https://lore.kernel.org/netdev/cover.1750285100.git.jbaron@akamai.com/
>>> Signed-off-by: Kuniyuki Iwashima <kuniyu@...gle.com>
>> This patch landed recently in linux-next as commit ae8f160e7eb2
>> ("netlink: Fix wraparounds of sk->sk_rmem_alloc."). In my tests I found
>> that it breaks wifi drivers operation on my tests boards (various ARM
>> 32bit and 64bit ones). Reverting it on top of next-20250709 fixes this
>> issue. Here is the log from the failure observed on the Samsung
>> Peach-Pit Chromebook:
>>
>> # dmesg | grep wifi
>> [ 16.174311] mwifiex_sdio mmc2:0001:1: WLAN is not the winner! Skip FW
>> dnld
>> [ 16.503969] mwifiex_sdio mmc2:0001:1: WLAN FW is active
>> [ 16.574635] mwifiex_sdio mmc2:0001:1: host_mlme: disable, key_api: 2
>> [ 16.586152] mwifiex_sdio mmc2:0001:1: CMD_RESP: cmd 0x242 error,
>> result=0x2
>> [ 16.641184] mwifiex_sdio mmc2:0001:1: info: MWIFIEX VERSION: mwifiex
>> 1.0 (15.68.7.p87)
>> [ 16.649474] mwifiex_sdio mmc2:0001:1: driver_version = mwifiex 1.0
>> (15.68.7.p87)
>> [ 25.953285] mwifiex_sdio mmc2:0001:1 wlan0: renamed from mlan0
>> # ifconfig wlan0 up
>> # iw wlan0 scan
>> command failed: No buffer space available (-105)
>> #
>>
>> Let me know if You need more information to debug this issue.
> Thanks a lot for the report! I don't see any obvious bugs.
> Would you be able to test this?
>
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index 79fbaf7333ce..aeb05d99e016 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -2258,11 +2258,11 @@ static int netlink_dump(struct sock *sk, bool lock_taken)
> struct netlink_ext_ack extack = {};
> struct netlink_callback *cb;
> struct sk_buff *skb = NULL;
> + unsigned int rmem, rcvbuf;
> size_t max_recvmsg_len;
> struct module *module;
> int err = -ENOBUFS;
> int alloc_min_size;
> - unsigned int rmem;
> int alloc_size;
>
> if (!lock_taken)
> @@ -2294,8 +2294,9 @@ static int netlink_dump(struct sock *sk, bool lock_taken)
> if (!skb)
> goto errout_skb;
>
> + rcvbuf = READ_ONCE(sk->sk_rcvbuf);
> rmem = atomic_add_return(skb->truesize, &sk->sk_rmem_alloc);
> - if (rmem >= READ_ONCE(sk->sk_rcvbuf)) {
> + if (rmem != skb->truesize && rmem >= rcvbuf) {
> atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
> goto errout_skb;
> }
>
The above change fixes my issue. Thanks! Feel free to add:
Reported-by: Marek Szyprowski <m.szyprowski@...sung.com>
Tested-by: Marek Szyprowski <m.szyprowski@...sung.com>
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
Powered by blists - more mailing lists