Search Linux Wireless

Re: DMA debug trace pointing to rtl8187

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greg KH wrote:
> 
> The problem is in the rtl8187 driver.
> 
> They are calling usb_control_msg and passing a pointer to a buffer on
> the stack.  See drivers/net/wireless/rtl818x/rtl8187.h for where the
> problem happens in numerous places.
> 
> Also it looks like rtl8225_write_8051() is incorrect.  You are passing a
> pointer to a variable that was passed as an argument.  I don't know
> where that is supposed to be on, somewhere on the stack I guess.
> 
> Larry, care to fix this up?

Yes, I'll try to fix it. I'm currently traveling and have intermittent Internet
access.

I think there is a second problem that John's fix does not treat. Although the
buffer is removed from the stack, there is no assurance that the buffer obtained
with kmalloc() is reachable by DMA. This case will be triggered if the USB
adapter does 32-bit DMA and the system has more than 4 GB RAM.

Please let me know if my analysis is wrong. If so, then John's patch will be
fine, although the error handling should be improved. The severity should be
that of a warning rather than a bug. If I'm correct, my fix would be to allocate
a DMA-reachable buffer in the initialization and keep a pointer to it in the
private area.

I just saw John's version 2 that looks more like what I was thinking about. I
will be testing soon.

Thanks,

Larry

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux