On Mon, Aug 10, 2009 at 11:48 AM, Steve Calfee<stevecalfee@xxxxxxxxx> wrote: > On Mon, Aug 10, 2009 at 8:21 AM, Brian Niebuhr<bniebuhr3@xxxxxxxxx> wrote: >> CDC EEM allows using a 'sentinel' ethernet frame CRC of 0xdeadbeef in place of a real CRC. In this driver the ethernet frame CRC is read as a little-endian value, but the 'sentinel' CRC value is actually big-endian. Therefore, if the 'sentinel' CRC option is being used, the CRC value read from the frame must be compared against a byte-reversed 0xdeadbeef. >> >> Signed-off-by: Brian Niebuhr <bniebuhr@xxxxxxxxxxxxx> >> --- >> drivers/net/usb/cdc_eem.c | 2 +- >> 1 files changed, 1 insertions(+), 1 deletions(-) >> >> diff --git a/drivers/net/usb/cdc_eem.c b/drivers/net/usb/cdc_eem.c >> index 45cebfb..9917b60 100644 >> --- a/drivers/net/usb/cdc_eem.c >> +++ b/drivers/net/usb/cdc_eem.c >> @@ -313,7 +313,7 @@ static int eem_rx_fixup(struct usbnet *dev, struct sk_buff *skb) >> if (header & BIT(14)) >> crc2 = ~crc32_le(~0, skb2->data, skb2->len); >> else >> - crc2 = 0xdeadbeef; >> + crc2 = 0xefbeadde; /* 0xdeadbeef */ >> >> if (is_last) >> return crc == crc2; > Hi Brian, > > This will not work correctly on big-endian cpus like a MIPS or PPC. I > suggest something like: > > crc2 = cpu_to_be32(0xdeadbeef); > > Regards, Steve > Steve - I may be mistaken, but I believe my fix is correct. The issue is that the CRC is read from the ethernet frame a few lines before this patch with get_unaligned_le32(). The reason for this is that if the CRC is a real CRC, and not the sentinel value, then the CRC is calculated using crc32_le and compared to the received value. However if the received frame contained the 0xdeadbeef sentinel value, then get_unaligned_le32() should have read in 0xefbeadde on little- or big-endian platforms. My guess is that this never got caught because the device used for initial testing of the driver used real CRCs and not sentinel values. I am submitting this patch because while writing an EEM gadget driver, I copied this code. When testing with a vendor's EEM host driver, I found that this code did indeed cause the CRC validation to fail. Regards, Brian -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
