Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp2847756ybg; Sun, 20 Oct 2019 01:32:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqzKBdrZimZJrN+K8t6XrSiZjLp9yTp82Ngrars9ItrKIrqun9MqpbbE5IZz1m3/6aI0DsaK X-Received: by 2002:a05:6402:88d:: with SMTP id e13mr18304403edy.246.1571560363605; Sun, 20 Oct 2019 01:32:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571560363; cv=none; d=google.com; s=arc-20160816; b=NALiam3Cz1kzW9YLdJK/ZJe79KwZhJ5d45oaEbIneEhtoh9M4aviEEbmW99ZF3v09N u0LyHVrhBsqkvikhd5XrlSUhqaaNVgwav/8KOVS8a7CW1Lo+7xDRwsBmVNO9N7vSVWJl 3yjl+kXSop7mW9E7yNNQr0rykzh9SZWg/XNiytaZl8uy96LhwZYpy+X3Hg0yTwYJRca6 SEll9+lcUSQXmvhz7duDQ7SsGc1CKu+yKKAuOTkP7PL2Jt7xBL2fN9IbGQJL8TsCk/HT NOb5xoagMydXCZ+3Fk+Y5IJs18zADpDSEYf+AhV+C1UNPx4iUiuVXqlYdILVKiBZuoJ5 O5aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:dmarc-filter :dkim-signature:dkim-signature; bh=VAyNOkPCBrvK/FDZEvu8kouUS2oTw2slouRTzrFUZGg=; b=YH5DzO7M4DMZcRIB9ZsmmuBYab8uDd6lY/MTKOunscnHJtsidNnu86tj9/my2d1R7N S6LL217Gf71jwGkeOexdL+UgcQq39XIGGIOjW/2X8OFkkxsDWnDrLvhb+0b7cMYAFsJZ c5p/mERybXZ5aJI0B5fI950gPOBN0sEWNnevvMiguWc9t1VUZE1o/NKrraqTNRwF0q66 l/+5FfRknilIQ4UCc3ZIxEfk749CgTFN0emzcCP7lGHhL9kWiAbxD4G3PSuoDiEuak67 LL7+S2eDIOUmhkxp0vbJLtV4uE0eXDZ/V7C4KcYi6lk4H035BEoDuO5mTk9Jxhtuz7De UGug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b="Js3qyiV/"; dkim=pass header.i=@codeaurora.org header.s=default header.b=ikHQi7c3; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y54si7960799edb.217.2019.10.20.01.32.01; Sun, 20 Oct 2019 01:32:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b="Js3qyiV/"; dkim=pass header.i=@codeaurora.org header.s=default header.b=ikHQi7c3; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726063AbfJTI2U (ORCPT + 99 others); Sun, 20 Oct 2019 04:28:20 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:48226 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725893AbfJTI2T (ORCPT ); Sun, 20 Oct 2019 04:28:19 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 5432960D4C; Sun, 20 Oct 2019 08:28:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1571560099; bh=VJ+3BY4N5uiFdl5h5/baueL661bRnGGWhze5C9VXYI4=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=Js3qyiV/CqwSecWlDAfnFllxDIcnZmfbfUOb4lF9e6/1nL+PyNrM/4JpuEANIAo7c jqMwQOrj+Cxl0DS8JqF1CpEE4R+XoUPRGHKvBT4fQnAxDtB2DSAbNiy12dZwd+GgCG hs8ay3sCYy0z+KIUqn8ziSKf+82nQUntuGIJD20o= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_INVALID,DKIM_SIGNED,SPF_NONE autolearn=no autolearn_force=no version=3.4.0 Received: from x230.qca.qualcomm.com (88-114-240-156.elisa-laajakaista.fi [88.114.240.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: kvalo@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 841B360CA5; Sun, 20 Oct 2019 08:28:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1571560098; bh=VJ+3BY4N5uiFdl5h5/baueL661bRnGGWhze5C9VXYI4=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=ikHQi7c3iFcWj1as1ykx1A1u76MB1bOgTtJZ/RSZc1FqE+345Lu5MYHUt6WIe/320 XOy4kBpuCWRz5KsogqLRXZ8a77TLE+b9a5/MTc7bctjt9FNhxGkSQ5a8WA2mu/tZCd 51kbkSzw4krYSN2XtPr3BVjDgeiMyV5gRgTf9GK0= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 841B360CA5 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=kvalo@codeaurora.org From: Kalle Valo To: Larry Finger Cc: linux-wireless@vger.kernel.org, pkshih@realtek.com, Stable Subject: Re: [PATCH V2] rtlwifi: rtl_pci: Fix problem of too small skb->len References: <20191020011153.29383-1-Larry.Finger@lwfinger.net> Date: Sun, 20 Oct 2019 11:28:14 +0300 In-Reply-To: <20191020011153.29383-1-Larry.Finger@lwfinger.net> (Larry Finger's message of "Sat, 19 Oct 2019 20:11:53 -0500") Message-ID: <874l03lt29.fsf@codeaurora.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Larry Finger writes: > In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap > only"), buffers whose length is too short cause a WARN_ON(1) to be > executed. This change exposed a fault in rtlwifi drivers, which is fixed > by increasing the length of the affected buffer before it is sent to > mac80211. With what frames, or in what scenarios, do you get these warnings? > Cc: Stable # v5.0+ > Signed-off-by: Larry Finger > --- > V2 - added missing usage of new len > --- > Please Apply to 5.4 > --- > drivers/net/wireless/realtek/rtlwifi/pci.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c > index 6087ec7a90a6..3e9185162e51 100644 > --- a/drivers/net/wireless/realtek/rtlwifi/pci.c > +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c > @@ -692,12 +692,15 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw *hw, > dev_kfree_skb_any(skb); > } else { > struct sk_buff *uskb = NULL; > + int len = skb->len; > > + if (unlikely(len <= FCS_LEN)) > + len = FCS_LEN + 2; I don't understand this change, I think this needs a comment in the code, or better yet a proper define documenting the meaning of the value. What does these two bytes contain? Or are you just working around the mac80211 warning by increasing the length with a random value you chose? -- Kalle Valo