From: Haggai Eran <haggai.eran@gmail.com>
To: Larry Finger <Larry.Finger@lwfinger.net>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH] staging: rtl8712: prevent buffer overrun in recvbuf2recvframe
Date: Wed, 20 May 2015 22:20:02 +0300 [thread overview]
Message-ID: <CAJ=9CzYr2rFxZprM0Ap+x+Vu3LDXJUtxqtHqH-YER-ABscRb0w@mail.gmail.com> (raw)
In-Reply-To: <555CB8C1.1040007@lwfinger.net>
On 20 May 2015 at 19:39, Larry Finger <Larry.Finger@lwfinger.net> wrote:
> On 05/20/2015 01:17 AM, Haggai Eran wrote:
>>
>> On May 19, 2015 08:47, "Haggai Eran" <haggai.eran@gmail.com
>> <mailto:haggai.eran@gmail.com>> wrote:
>> >
>> > With an RTL8191SU USB adaptor, sometimes the hints for a fragmented
>> > packet are set, but the packet length is too large. Truncate the packet
>> > to prevent memory corruption.
>> >
>> > Signed-off-by: Haggai Eran <haggai.eran@gmail.com
>> <mailto:haggai.eran@gmail.com>>
>> > ---
>> >
>> > Hi,
>> >
>> > I think this solves the issue for me. I'll test it more thoroughly
>> later. I
>> > still don't know why a fragmented packet has such a large pkt_len value
>> though.
>> >
>> > Thanks,
>> > Haggai
>> >
>>
>> I guess I was too quick with this patch. It prevents the kernel page
>> faults, but
>> with it I still see sometimes the connectivity disappear for a minute or
>> two.
>
>
> Is anything logged when that happens?
No. I get once in a while the other corrupted entries I told you
about, but nothing special to these freezes
> I'm still trying to see where that magic number of 1658 comes from, and how
> that affects the RX buffer size.
I tried to look at the new driver (rtl8192su), but it doesn't seem to
handle this more-fragment bit at all.
> When I unconditionally set alloc_sz to tmp_len as in the attached patch (I
> remembered to refresh it this time), nothing bad has happened here yet. What
> happens on your box?
The same freezes still occur.
Thanks,
Haggai
next prev parent reply other threads:[~2015-05-20 19:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-19 5:47 [PATCH] staging: rtl8712: prevent buffer overrun in recvbuf2recvframe Haggai Eran
2015-05-19 15:51 ` Larry Finger
2015-05-19 17:23 ` Haggai Eran
[not found] ` <CAJ=9Czay5pbi6p+n8SxXaJsWG4JR2p_vteKYbLxvoxLVtPQPaQ@mail.gmail.com>
2015-05-20 16:39 ` Larry Finger
2015-05-20 19:20 ` Haggai Eran [this message]
2015-05-23 17:24 ` Haggai Eran
2015-05-23 17:48 ` Larry Finger
2015-05-23 18:09 ` Haggai Eran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJ=9CzYr2rFxZprM0Ap+x+Vu3LDXJUtxqtHqH-YER-ABscRb0w@mail.gmail.com' \
--to=haggai.eran@gmail.com \
--cc=Larry.Finger@lwfinger.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.