Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp9138648rwi; Tue, 25 Oct 2022 15:54:22 -0700 (PDT) X-Google-Smtp-Source: AMsMyM70Rk4xMEdU+jGMH33PmsR+Vp9egMLMaSfZlHgBnTh/eco5kWOrXoSbG7tMFgFcndIJ+nyM X-Received: by 2002:a65:464b:0:b0:42c:b0:9643 with SMTP id k11-20020a65464b000000b0042c00b09643mr35496022pgr.232.1666738462608; Tue, 25 Oct 2022 15:54:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666738462; cv=none; d=google.com; s=arc-20160816; b=Um8U+Lsd04AwNM31M5TNz15PO/kZKAuI4/hsCDGqZQpJrkkG75XZnjCyjbNrDDN4N0 rTSe1kxCkyKL3D8GsyEk+AOikbSF6ggwL1x73b9LszVz8TaafBIuShbOZn6bnPTbsxB+ ITIiIgdmar1qUDvSObflIoHQQ7khZpfvtogpB18z5lSBfKBS0UO112++v2uJB/rY3ZYx DuXHT/jmpwSvnSZMUlblNlxZlW2aFj5o3RoP4Vhiu/sJ7GVAfDiywOTzwXVdBZixHxgt G1CqLC6yZjfMiSlhnqano2340TYYI0wJkcc2RgtpEk7Poe7SSII86zDoHaebWyNb24s0 pnDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id; bh=+yBXnR7ltpQPCIeb62jNG1MMZjGoAhAKYey7LMrieXw=; b=n2PoTbp5YyhCPu90KrimGEbAtxtsAnIu4Y61LcW3+tYEWEmVEK3i/rPqF63SDhtLxv Fm+AmtIFL69UUgrWleSFNz2vJ+37dnM5KbtuCtlcKEqlnjV1O0WqXg4gsAXcyKVDQ/S+ qHx+CKc3YVdmQdZmWG4+waZ7jeyZZrs9Qc9HqtwXoizxGagp3bdKYzO82mgRrFHaTNk0 SN/Oc9lq/FFfyu5S2lhGQQAcDf7+gSKX8OpchXsjuTNkQ415LsKvdsEaAPHmMJI4yOzU DVxcrKc3IQsTFxev93Dcngg3muP3dHcNpCVDqU2oa563YMEU/X7LKkv+F9Woo6XjuSNJ AU4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q10-20020a170902eb8a00b00186b9b292dfsi4645544plg.71.2022.10.25.15.54.08; Tue, 25 Oct 2022 15:54:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231964AbiJYWhK convert rfc822-to-8bit (ORCPT + 99 others); Tue, 25 Oct 2022 18:37:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46282 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231351AbiJYWhI (ORCPT ); Tue, 25 Oct 2022 18:37:08 -0400 Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2065624BCD; Tue, 25 Oct 2022 15:37:06 -0700 (PDT) Received: from [IPv6:::1] (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 29PMTNiP006450; Tue, 25 Oct 2022 17:29:24 -0500 Message-ID: <49d97f97e63edb70392279845186547d73b2290e.camel@kernel.crashing.org> Subject: Re: [PATCH] usb: gadget: aspeed: fix buffer overflow From: Benjamin Herrenschmidt To: Lei Yu Cc: Felipe Balbi , Greg Kroah-Hartman , Joel Stanley , Andrew Jeffery , Henry Tian , Jakob Koschel , linux-usb@vger.kernel.org, "moderated list:ARM/ASPEED MACHINE SUPPORT" , "moderated list:ARM/ASPEED MACHINE SUPPORT" , open list Date: Wed, 26 Oct 2022 09:29:23 +1100 In-Reply-To: References: <20221024094853.2877441-1-yulei.sh@bytedance.com> <661b43881b7f8764919847f29c0daf1866441090.camel@kernel.crashing.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT User-Agent: Evolution 3.44.4-0ubuntu1 MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2022-10-25 at 14:21 +0800, Lei Yu wrote: > > This case is treated as an error and we do not care about the > following data. > Similarly, if we change the MTU in BMC and let BMC ping the OS, the > OS > kernel does not crash and it gets RX errors, and the ping fails. > >  # ifconfig usb0 >  usb0: flags=4163  mtu 1500 >          ... >          RX packets 85  bytes 15380 (15.0 KiB) >          RX errors 51  dropped 0  overruns 0  frame 51 > > With this patch, we get the similar behavior on BMC that the RX > errors > are increasing. > > > Additionally, I'm curious, why in this specific case is the device > > sending more data than > > the buffer can hold ? The MTU change should have resulted in > > buffers being re-allocated no ? > > The issue is found in a rare case during BIOS boot, we assume that > BIOS is sending unexpected data to BMC for unknown reasons. Ok thanks. Acked-by: Benjamin Herrenschmidt > > Or did you change the MTU on the remote and not on the local device > > ? > > > > Yes, the MTU is changed to 2000 in OS and kept 1500 on BMC, then the > issue is reproduced. (see detailed steps in the above email). > > The reason we made the above test is because we are trying to > reproduce the behavior as BIOS, and from the logs it looks like it's > sending a packet larger than MTU. Then we tried to adjust the MTU on > the OS side and reproduced the issue.