Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp2844801rdh; Wed, 27 Sep 2023 14:49:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFafbAk6Hk206IYmsWHOonAVSjU2OGgdNtSFLzaCGns7T0TqQBjZCXY8blbcVbVUvT5ox7W X-Received: by 2002:a17:902:d4d2:b0:1c7:24fa:64c7 with SMTP id o18-20020a170902d4d200b001c724fa64c7mr5122647plg.26.1695851384991; Wed, 27 Sep 2023 14:49:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695851384; cv=none; d=google.com; s=arc-20160816; b=YfMcp6bLyNxuxP+oQ7W3nH2vMG6VRQv9rwvKPhqcm28RXsAfyE7mEniHvEiTzenKaQ ZU8yfsWXNWNVpd7oKGj614pxNIzvs6TSvpnm51RReir/ULdZdY+8W4Hyr4AJG6s3ykiO smZGQqfhRYCU8mhYseCiMQMnTAiIo/AtGx65Kgem1ESM6E9ks+8bMDYW1lQNIo8NrkS3 oYEmhOYgjXdQmp4jKdZ29yI9WLF30EVzkvbYV6G1t0d2axGPzK6hZRlbxHH/oCoBNTDn TUd+unoghOfzhNseWgCbGDATq30SGgmnGVbwBIJmR/EcjsWctqHqvmaU6f8GnZUSUhaJ 2Zbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Q3T0uZM81nh3MMMeHJ0x5DLvTiX2DwUPL7g6/tO7DRc=; fh=bCMxesnuSdZmnvMVRXshiYTYYSZSFBg6fqOQdjg8cFo=; b=Te89yjrpFL4C1b58s/hxXzPwt4QCfCnZBnggCghkYUBHUeOSkv7eJO6Xh3qn3ZVoki nDMx9gb4ErdSEq0vGu+EI2Y7ZKYfHNE9C4iHHFt3/Ep4oYTnp5tN+VP75U7M5j+uy3dI LvtH1ZJp/wrVxVnxv+se5CWrXaRCD5v70F1kvsG3zsy7Ysg426YrX3r3ujEnC/mj9Rbe KT1Aj9uRPTpbrkPSad2S5ZWmDeZKzD/hSHGJImr7rc9Y/FD4v0E4FK79+DnZIzvVXKA2 RUna2BFQBs3dJbhc0F/nofSKNon/1x4L+CS+Vy/wCINp0XzoHVKn8mssZPdsEeFYDG0U P6hA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=P2TCvwta; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id u6-20020a17090341c600b001b9e3a18270si17596600ple.420.2023.09.27.14.49.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 14:49:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=P2TCvwta; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 0781680F9BCA; Wed, 27 Sep 2023 04:13:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231325AbjI0LNQ (ORCPT + 99 others); Wed, 27 Sep 2023 07:13:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231318AbjI0LNO (ORCPT ); Wed, 27 Sep 2023 07:13:14 -0400 Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53B1B13A for ; Wed, 27 Sep 2023 04:13:13 -0700 (PDT) Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-41958410e5cso550151cf.0 for ; Wed, 27 Sep 2023 04:13:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1695813192; x=1696417992; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Q3T0uZM81nh3MMMeHJ0x5DLvTiX2DwUPL7g6/tO7DRc=; b=P2TCvwtaihwVYoXCO/s5A+oQmNqWiAJYQ7bIcJS9ylkXHxLfhQNQFqtM9fwB8f5LiB gsFGX4Msi8YNfpkgxTbGuQKWzRWFT+kJmJdZdjomKd5Z0oamGymZHxTKfkLs+5t06Zjt n4J/15j/Wqwcns9QYBSclWrVb3f8Aa2F10OekCqD73wrk0O+YNVaNtViHJkE8/5x9gHn SxC+/4zh9bvsMvqUl7EORzLHG5C1C/ocVgj4bqQxtrb45FMKA6JguhKyCl3ebpIv+R4y Cpsw9n+LYpxkIeWXk0iiR29JXpS9B16vpA/a41piyyJUXxWco/5McAcQjNS35YUAqs5v L07A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695813192; x=1696417992; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Q3T0uZM81nh3MMMeHJ0x5DLvTiX2DwUPL7g6/tO7DRc=; b=glX7Dq5YRcb/DmDH9dHEbXYLN84zIVSsgghVxVGfZd4rK3kijbdWjYLxC0qXCSlKuS bky/VWMPP+PJhctMj48Pjo6JsxuLgU/Xkm2gzXbewg2vB7PthUqlIO11iunfUMI7sv2i EtXYJJj3WSQwHX/jFgqrR/aPnBhLxah8Uztpz0GomMV5JpLCYCN+p7BD171wVn6SNdXa 9f+a5GT0dTEwjrjo9il/Us/NG7aP8eMndlbtujslZLcVNDz381yzArpGcjLGwfj6bc/D zH72rVXk+v6r/yU6Ei5050L2/get2aHWfC2r0KxtGJI3gyQhk4asHQwwlebTshBJ/xKR U4dA== X-Gm-Message-State: AOJu0YyYxqvvt7tlfKfZPXEdSJdHq+p5eNzNkDZVfokBmPW3H3J8O4Cc 7WxIlteSDsvUml9418o8PvQk5zOvW9SS/S7Mwp5m9g== X-Received: by 2002:ac8:7d0b:0:b0:410:653f:90e8 with SMTP id g11-20020ac87d0b000000b00410653f90e8mr535228qtb.11.1695813192307; Wed, 27 Sep 2023 04:13:12 -0700 (PDT) MIME-Version: 1.0 References: <20230927105858.12950-1-quic_kriskura@quicinc.com> In-Reply-To: <20230927105858.12950-1-quic_kriskura@quicinc.com> From: =?UTF-8?Q?Maciej_=C5=BBenczykowski?= Date: Wed, 27 Sep 2023 04:13:00 -0700 Message-ID: Subject: Re: [PATCH v4] usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call To: Krishna Kurapati Cc: Greg Kroah-Hartman , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, quic_ppratap@quicinc.com, quic_wcheng@quicinc.com, quic_jackp@quicinc.com, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 27 Sep 2023 04:13:39 -0700 (PDT) On Wed, Sep 27, 2023 at 3:59=E2=80=AFAM Krishna Kurapati wrote: > > When NCM is used with hosts like Windows PC, it is observed that there ar= e > multiple NTB's contained in one usb request giveback. Since the driver > unwraps the obtained request data assuming only one NTB is present, we > loose the subsequent NTB's present resulting in data loss. > > Fix this by checking the parsed block length with the obtained data > length in usb request and continue parsing after the last byte of current > NTB. > > Cc: stable@vger.kernel.org > Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") > Signed-off-by: Krishna Kurapati > --- > Changes in v4: Replaced void* with __le16* typecast for tmp variable > Changes in v3: Removed explicit void* typecast for ntb_ptr variable > > drivers/usb/gadget/function/f_ncm.c | 26 +++++++++++++++++++------- > 1 file changed, 19 insertions(+), 7 deletions(-) > > diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/fun= ction/f_ncm.c > index 424bb3b666db..faf90a217419 100644 > --- a/drivers/usb/gadget/function/f_ncm.c > +++ b/drivers/usb/gadget/function/f_ncm.c > @@ -1171,7 +1171,8 @@ static int ncm_unwrap_ntb(struct gether *port, > struct sk_buff_head *list) > { > struct f_ncm *ncm =3D func_to_ncm(&port->func); > - __le16 *tmp =3D (void *) skb->data; > + unsigned char *ntb_ptr =3D skb->data; > + __le16 *tmp; > unsigned index, index2; > int ndp_index; > unsigned dg_len, dg_len2; > @@ -1184,6 +1185,10 @@ static int ncm_unwrap_ntb(struct gether *port, > const struct ndp_parser_opts *opts =3D ncm->parser_opts; > unsigned crc_len =3D ncm->is_crc ? sizeof(uint32_t) : 0; > int dgram_counter; > + int to_process =3D skb->len; > + > +parse_ntb: > + tmp =3D (__le16 *)ntb_ptr; > > /* dwSignature */ > if (get_unaligned_le32(tmp) !=3D opts->nth_sign) { > @@ -1230,7 +1235,7 @@ static int ncm_unwrap_ntb(struct gether *port, > * walk through NDP > * dwSignature > */ > - tmp =3D (void *)(skb->data + ndp_index); > + tmp =3D (__le16 *)(ntb_ptr + ndp_index); > if (get_unaligned_le32(tmp) !=3D ncm->ndp_sign) { > INFO(port->func.config->cdev, "Wrong NDP SIGN\n")= ; > goto err; > @@ -1287,11 +1292,11 @@ static int ncm_unwrap_ntb(struct gether *port, > if (ncm->is_crc) { > uint32_t crc, crc2; > > - crc =3D get_unaligned_le32(skb->data + > + crc =3D get_unaligned_le32(ntb_ptr + > index + dg_len - > crc_len); > crc2 =3D ~crc32_le(~0, > - skb->data + index, > + ntb_ptr + index, > dg_len - crc_len); > if (crc !=3D crc2) { > INFO(port->func.config->cdev, > @@ -1318,7 +1323,7 @@ static int ncm_unwrap_ntb(struct gether *port, > dg_len - crc_len= ); > if (skb2 =3D=3D NULL) > goto err; > - skb_put_data(skb2, skb->data + index, > + skb_put_data(skb2, ntb_ptr + index, > dg_len - crc_len); > > skb_queue_tail(list, skb2); > @@ -1331,10 +1336,17 @@ static int ncm_unwrap_ntb(struct gether *port, > } while (ndp_len > 2 * (opts->dgram_item_len * 2)); > } while (ndp_index); > > - dev_consume_skb_any(skb); > - > VDBG(port->func.config->cdev, > "Parsed NTB with %d frames\n", dgram_counter); > + > + to_process -=3D block_len; > + if (to_process !=3D 0) { > + ntb_ptr =3D (unsigned char *)(ntb_ptr + block_len); > + goto parse_ntb; > + } > + > + dev_consume_skb_any(skb); > + > return 0; > err: > skb_queue_purge(list); > -- > 2.42.0 Reviewed-by: Maciej =C5=BBenczykowski