Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1091289ybg; Thu, 4 Jun 2020 00:19:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxOQGVz8t127DRsf1ABDWNPS1aBPrGpeIV9KfOcTO300eS7ckkVaNaI8owFnJTUsdWEd7hP X-Received: by 2002:aa7:d952:: with SMTP id l18mr2983619eds.151.1591255176787; Thu, 04 Jun 2020 00:19:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1591255176; cv=pass; d=google.com; s=arc-20160816; b=qQIgIvWBWuQr6pFfNfNW2/yXI442YnJmj2/qd1rnNIklc9Q/YVHjPzzlnJ8WYr9JRp 3H3Vyno5ehub+0xruqnJf44DvuUfqXbDu8FhdNaeycHUyjUTLECPF1CmblkYHiP9vmua JwNcmv+xAYji/xmiMRfej5+YRZKugXrCHK0nLcJAfdmz/Os+6RHiso6KlroIRKTsfyC4 qJpW4sYUc50/eJfU7pi6O4UvS6wf7Fp49vZykwtwfC4IdjBwxrD5YJ8WAhVcydCgU+Vi CIUuEuhrdVSUSXrwMaFWPFtLLoY+T93to/RSMiqnn84aZPiIWm6U0x5ZopvPECbhOWtS +Bpw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=aSnGP7Y8jrd9BSsjmh5ESzAhzBAl9L2a+sunRjMAUm8=; b=POi/phrI/pO30XenAXZytsQskjjEkRiWaIwdrYlpohBNQAYBNJ7PfIlSyrkHcDBb3V pYpjK4yFhUAyqOo9Tzhk+Gf+l37ZMneLby0JwXaK8jppKMfQERoSNOT9itSfcA97OOvw VuldSUk65FaVF+mWq1I+oJXbvn8cJFjQacelWMXROCLj0LSI091W8wXVG227zEleZ8di pk+FEoyCD9rGO8hUiwQiNLgwXTFvy+DptVnhVzK2QedTFA2TV3SSLbClVNPziI0WObq5 SQJ52CKl+IA5QgCQyiUdqwof39TU4TjjRH5ePXGRQe6CwVtdl+ghY74drmCPrd7WyX8h qq6w== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@cypress.com header.s=selector1 header.b=IdSMSVCM; arc=pass (i=1 spf=pass spfdomain=cypress.com dkim=pass dkdomain=cypress.com dmarc=pass fromdomain=cypress.com); spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cypress.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c16si1238640ejr.477.2020.06.04.00.19.13; Thu, 04 Jun 2020 00:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@cypress.com header.s=selector1 header.b=IdSMSVCM; arc=pass (i=1 spf=pass spfdomain=cypress.com dkim=pass dkdomain=cypress.com dmarc=pass fromdomain=cypress.com); spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cypress.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727858AbgFDHSx (ORCPT + 99 others); Thu, 4 Jun 2020 03:18:53 -0400 Received: from mail-mw2nam12on2098.outbound.protection.outlook.com ([40.107.244.98]:49249 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726411AbgFDHSw (ORCPT ); Thu, 4 Jun 2020 03:18:52 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=akIgUjhy1VH+vYSHIsEsyQZizUevbiJ+6J4dccYv49nM4J/cfq+kDjdmteD8cKgffWfSqq41o16mYwOM3lFOzOFzhe1nUX+of8xtFLH7xlnELkvFpEpE196iA9a5VjA9QCi5rjtoBSls1dbtUZjDjPWO/ptMJxfWuVeJQw6mdneGerhMjdsLFywysV8euVy9Y5hPMXeewSDyaWJ3gfgWGeJtcYkJYBz/Av0rEKuLHPaHmJMrOc9Ar+OqtiHGV6uFuIwdxj1HVoL8SXDWw12yzsopjG+czjFJaM0p8WyCV9Z8V38VYOhxXt3KJHsY2+Ao5zQUz5KKIkeaJ/pZspMY8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aSnGP7Y8jrd9BSsjmh5ESzAhzBAl9L2a+sunRjMAUm8=; b=WJrrI+UWdF3CLvdNZfuurOt1nqCwMpg+3RMwP0w3E7cguc8ITYSQmrDvKlmqONlKhspuEMfop0Z65IUb7nHdqXyCT8iLs4EuRz75aPdrT7/lrI54x4bFXBHQMZ26sCEKi4adAOEVFa21k4nMpbiLqlVu7YI2Gt12gPJFgdbZu/QAk2dLYM4pfBJWrz4NVV9aEHne5ANVINVac37zVQRwcDONS3Y8Ct4DipP2n4CBY5usT2fu2xGga7VHXxPQsYW7hMn2jKa5hMk9tv/L/dkXz18mtyZx8Bb8lSnhdmryNSF7u4Jh60j6oim1OMexZVCEp/QbBRX3g3JWpbiB9UbONQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cypress.com; dmarc=pass action=none header.from=cypress.com; dkim=pass header.d=cypress.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aSnGP7Y8jrd9BSsjmh5ESzAhzBAl9L2a+sunRjMAUm8=; b=IdSMSVCM1ecJVJ4MtPEgbWjoCwqlhoCynzRLKr2p68WJSHttyOsfmaiH/ErcrqxncbyIQSQmJufVp0CrDtzYtJjRjxyB+1lvjkUaCm7D/CWr9MasFT1WzBM0AQapi6Fib7Z0ZTZEk5s8knrHyKEUBVv2R5bVB7I0d3uUEpa3VGk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=cypress.com; Received: from DM6PR06MB4748.namprd06.prod.outlook.com (2603:10b6:5:fd::18) by DM6PR06MB5146.namprd06.prod.outlook.com (2603:10b6:5:112::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.19; Thu, 4 Jun 2020 07:18:50 +0000 Received: from DM6PR06MB4748.namprd06.prod.outlook.com ([fe80::9f0:c02f:7b54:51eb]) by DM6PR06MB4748.namprd06.prod.outlook.com ([fe80::9f0:c02f:7b54:51eb%5]) with mapi id 15.20.3066.018; Thu, 4 Jun 2020 07:18:50 +0000 From: Wright Feng To: linux-wireless@vger.kernel.org Cc: wright.feng@cypress.com, brcm80211-dev-list@broadcom.com, brcm80211-dev-list@cypress.com, Arend van Spriel , Franky Lin , Hante Meuleman , Kalle Valo , chi-hsien.lin@cypress.com, Raveendran Somu Subject: [PATCH v2 1/5] brcmfmac: To fix kernel crash on out of boundary access Date: Thu, 4 Jun 2020 02:18:31 -0500 Message-Id: <20200604071835.3842-2-wright.feng@cypress.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200604071835.3842-1-wright.feng@cypress.com> References: <20200604071835.3842-1-wright.feng@cypress.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: MN2PR01CA0049.prod.exchangelabs.com (2603:10b6:208:23f::18) To DM6PR06MB4748.namprd06.prod.outlook.com (2603:10b6:5:fd::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from iot-wlan-dev-u02.aus.cypress.com (12.110.209.245) by MN2PR01CA0049.prod.exchangelabs.com (2603:10b6:208:23f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.3066.18 via Frontend Transport; Thu, 4 Jun 2020 07:18:49 +0000 X-Mailer: git-send-email 2.25.0 X-Originating-IP: [12.110.209.245] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b578fada-3a8c-43b6-a473-08d808578742 X-MS-TrafficTypeDiagnostic: DM6PR06MB5146: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:785; X-Forefront-PRVS: 04244E0DC5 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eqLgGVyLvH7rRpPmglaHVXg2cQnF7RmMdH7+A8TXvr8rlXguSXR6ir/FyKnwQOmGe93iBGIKqzLgl87lb+3YwHXOZ+Snsnn529EoNRtbhlFjaRsvsnMj35OZZRK8jBNubUwCYSkzdsGG7vRykORukYkjBRZe0SIASKSyPlDUX4ZOPjCdseEJqj7T6fdy3C202T9uG2km/p5w1+NkxIIveS6bpI46JfFrVvenAMRlSraU3dLfrGB3Bsc+OzFKWXSwrUyKbb/0x0NgoLsloq7VrHCHK9JXX4rRYQPG4/aIzzxwjBFcjuMZ6LGFoTeNeeDXvqxcdlpselk9guu+O801AQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR06MB4748.namprd06.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(376002)(39860400002)(346002)(396003)(366004)(136003)(316002)(54906003)(6666004)(26005)(16526019)(186003)(2616005)(52116002)(36756003)(956004)(7696005)(44832011)(1076003)(8936002)(8676002)(83380400001)(107886003)(6916009)(5660300002)(2906002)(4326008)(86362001)(6486002)(478600001)(66476007)(66946007)(66556008);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData: DPzvmifythxjCwVnm/4Jy4QJENyrZJ5edMiPBJnKW3yMvXo/GSl7b7tVnPxZv277EWMUArKuA2ZvgRNhl+sSInEOrmcdKeczW2CW+0uHEuTEfFBBBnc6yuf1A9feqvO1zL0gF3x81FyP0YRMUWtFwyVZyHotlh+CWK9+coBHjs626Tm5Mc2BpxPp0E1cYI4/VFkF9/npXXUeg4Esb/SgpMUequDObJQMmvpCI34ew4wbeAk4fsfmQb8KHXZp43J5283PkFNjk8SQ8YcODalMDo8wQmkuM8fdAepr7KkZDRnC7+0G3/3qTFBvapMMXTYIycLC5MJ1k2zSzEBnovmieZcMaRgFi+U8B/VtZHJFSwO+H0S7yEM7mIkc9VHNqxHqx5fEYs7G3A3nlar8OsjkVa2dsJvS2XX94B+4psLpsI0YKNj7JFNMzJqDjgoBRrHCiv3jk2w3M0DK0gTiYst6obQ6wyAbgdBmzc9ye1IjqdW+SNfil2btIvz7sb3Vuv57 X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: b578fada-3a8c-43b6-a473-08d808578742 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jun 2020 07:18:50.1546 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IG9UH+NtSl6LVsRQ+2j/0chh1FrLhJmEsFlhcShNdpj/oLtIE+y1nIjUkIaAHa+x+7cJ5m4LsqL7FeBl9PPuYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB5146 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org From: Raveendran Somu To truncate the additional bytes, if extra bytes have been received. Current code only have a warning and proceed without handling it. But in one of the crash reported by DVT, these causes the crash intermittently. So the processing is limit to the skb->len. Signed-off-by: Raveendran Somu Signed-off-by: Chi-hsien Lin Signed-off-by: Wright Feng --- v2: - Correct all typos in commit message drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c index 09701262330d..531fe9be4025 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c @@ -1843,6 +1843,9 @@ void brcmf_fws_hdrpull(struct brcmf_if *ifp, s16 siglen, struct sk_buff *skb) WARN_ON(siglen > skb->len); + if (siglen > skb->len) + siglen = skb->len; + if (!siglen) return; /* if flow control disabled, skip to packet data and leave */ -- 2.25.0