Search Linux Wireless

Re: [PATCH] staging: rtl8712: prevent buffer overrun in recvbuf2recvframe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 20 May 2015 at 22:20, Haggai Eran <haggai.eran@xxxxxxxxx> wrote:
> On 20 May 2015 at 19:39, Larry Finger <Larry.Finger@xxxxxxxxxxxx> wrote:
>> On 05/20/2015 01:17 AM, Haggai Eran wrote:
>>>
>>> On May 19, 2015 08:47, "Haggai Eran" <haggai.eran@xxxxxxxxx
>>> <mailto:haggai.eran@xxxxxxxxx>> wrote:
>>>  >
>>>  > With an RTL8191SU USB adaptor, sometimes the hints for a fragmented
>>>  > packet are set, but the packet length is too large. Truncate the packet
>>>  > to prevent memory corruption.
>>>  >
>>>  > Signed-off-by: Haggai Eran <haggai.eran@xxxxxxxxx
>>> <mailto:haggai.eran@xxxxxxxxx>>
>>>  > ---
>>>  >
>>>  > Hi,
>>>  >
>>>  > I think this solves the issue for me. I'll test it more thoroughly
>>> later. I
>>>  > still don't know why a fragmented packet has such a large pkt_len value
>>> though.
>>>  >
>>>  > Thanks,
>>>  > Haggai
>>>  >
>>>
>>> I guess I was too quick with this patch. It prevents the kernel page
>>> faults, but
>>> with it I still see sometimes the connectivity disappear for a minute or
>>> two.
>>
>>
>> Is anything logged when that happens?
> No. I get once in a while the other corrupted entries I told you
> about, but nothing special to these freezes
>
>> I'm still trying to see where that magic number of 1658 comes from, and how
>> that affects the RX buffer size.
>
> I tried to look at the new driver (rtl8192su), but it doesn't seem to
> handle this more-fragment bit at all.
>
>> When I unconditionally set alloc_sz to tmp_len as in the attached patch (I
>> remembered to refresh it this time), nothing bad has happened here yet. What
>> happens on your box?
>
> The same freezes still occur.

I think the freezes I saw weren't related to the same issue. I was
running a debugging kernel, and I saw the same freezes also with a
different wifi adaptor. After switching to a non-debugging kernel, and
using your patch, the freezes stopped.

Thanks,
Haggai
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux