From: Larry Finger <Larry.Finger@lwfinger.net>
To: "ian.schram" <ian.schram@telenet.be>, kvalo@codeaurora.org
Cc: linux-wireless@vger.kernel.org, pkshih@realtek.com,
Stable <stable@vger.kernel.org>
Subject: Re: [PATCH] rtlwifi: rtl_pci: Fix problem of too small skb->len
Date: Sat, 19 Oct 2019 20:13:39 -0500 [thread overview]
Message-ID: <20649f24-6412-4fac-f640-c611916aa85c@lwfinger.net> (raw)
In-Reply-To: <05f25c80-51a9-bfad-ea4a-3c17b0eecf64@telenet.be>
On 10/19/19 5:23 PM, ian.schram wrote:
> Hi,
>
>
> This patch doesn't appear to do anything? The increased length is not actually
> used, is a part of the patch missing?
>
>
> ps: superficial reading, i am not hampered by any specific knowledge of this
> driver.
>
> On 2019-10-19 21:02, Larry Finger wrote:
>> In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap
>> only"), buffers whose length is too short cause a WARN_ON(1) to be
>> executed. This change exposed a fault in rtlwifi drivers, which is fixed
>> by increasing the length of the affected buffer before it is sent to
>> mac80211.
>>
>> Cc: Stable <stable@vger.kernel.org> # v5.0+
>> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
>> ---
>>
>> Kalle,
>>
>> Please send to v5.4.
>>
>> Larry
>> ---
>>
>> drivers/net/wireless/realtek/rtlwifi/pci.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c
>> b/drivers/net/wireless/realtek/rtlwifi/pci.c
>> index 6087ec7a90a6..bb5144b7c64f 100644
>> --- a/drivers/net/wireless/realtek/rtlwifi/pci.c
>> +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
>> @@ -692,7 +692,10 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw *hw,
>> dev_kfree_skb_any(skb);
>> } else {
>> struct sk_buff *uskb = NULL;
>> + int len = skb->len;
>> + if (unlikely(len <= FCS_LEN))
>> + len = FCS_LEN + 2;
>> uskb = dev_alloc_skb(skb->len + 128);
>> if (likely(uskb)) {
>> memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status,
>>
Ian,
Yes, I debugged using a different tree and missed one use of the new len. V2
submitted.
Thanks for noticing.
Larry
prev parent reply other threads:[~2019-10-20 1:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-19 19:02 [PATCH] rtlwifi: rtl_pci: Fix problem of too small skb->len Larry Finger
2019-10-19 22:23 ` ian.schram
2019-10-20 1:13 ` Larry Finger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20649f24-6412-4fac-f640-c611916aa85c@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=ian.schram@telenet.be \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=pkshih@realtek.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).