Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2908151pxb; Sat, 6 Feb 2021 11:54:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJz2cSe781xUtmJLkmuUM6dMzL6+0CYnNu2duV7Znsf3EjgLbOhSyJopOzLX+IdYE/eZaO+h X-Received: by 2002:a17:907:2058:: with SMTP id pg24mr10050108ejb.441.1612641242829; Sat, 06 Feb 2021 11:54:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612641242; cv=none; d=google.com; s=arc-20160816; b=L8vI5wQbHW1etwpVFylDaR/0NdGW59GrWP71gdvvGqit2v7fqvojOti+0UqhbWLgRd w/IZEuFszj8eGsvtr9d09z772CQsF9FE8YV3Z5y+Ndn3kDkujwSsfWMK1oOSvv2d58sF h4LoPJ946T1wqBqxF0NjWfHfiuT7NZFF6seMJJ+QVaOIRbqa0sipDSR6bARqd0ZdknAZ mGjeLu7eEoxc5/nSV/xGctUSN/s4v/OuBrmjnPxUQilBEmG5/ctdh/yLTmnV5R6qQGcA S8HO9x0cvWCx5pLTOmbm8CRRxEgKn1Lmp9eA5eJQwWRIKlb30lJ/Oa8fvlu4q7y0Zb9e hgZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=iTDntCCi9YNThicQW5ids+fVIuhbnnGAP3x/FZNppS4=; b=C96TqJCxAY7G+ze6wCk87pWIXSTNBP6QtnRRD/7GpLXkxfq9vLJ2qw0oZLGZhCP7td RjUvkoIgNN83J/pcIIGQPTySsPukDAiMCnW/aVYAOHMlqJa1OzxVFiJxmPvfviWhfoKW rwqrMB7i9b0698rikhySX4V1F+xGmtVMkZEf1TGBcqlVTaTv8uVS9rV/nMUkxXw4hCxD J7ggjjXJ/iDsA2Ttq+F+YxaTiPsbgYU3Orf59thXl79tEKJMR9pkTEKWAaeY1ohYVisT iisNkzkkTwZOyZH04krXXLPc40cOXr05hri5oZYlHU1cgf+u0U+hMI8T2Ot+ucVDLGCA 9DLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZlDvuOsD; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lu13si7250061ejb.351.2021.02.06.11.53.39; Sat, 06 Feb 2021 11:54:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZlDvuOsD; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229558AbhBFTvX (ORCPT + 99 others); Sat, 6 Feb 2021 14:51:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:60244 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229522AbhBFTvW (ORCPT ); Sat, 6 Feb 2021 14:51:22 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1273A64E0D; Sat, 6 Feb 2021 19:50:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1612641041; bh=m8WrAh681nUwKPtjq8duKCxuFDDTH9VjLnNFHpxjTV8=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=ZlDvuOsDdkHpT7X1GgC4TC1NzFoz1NLeOh2/XHk633At58Qa/U/Iua67joweaiz50 7NxFepL08c25rajM9Cg4XQZwKi4VlCKQ6eyP8eNlS9eewcH9auVuO4gIsRe9A+1T78 5q2toB2dBlc0nR7/KZbbM301J1mBlzaeUbt6WixdGjByGl5M2xY8YOqxT4rAEBSPJL QyZiM90rpHsOs9gGN6c4NhEiLkcJKBYLbNKKPd5b81EE3jf+SJa2K5+2nidgP0CAp7 zpteTNG/SMN1flMbXDfjs08NJqZ7L8pyyThAuG20GqQPQg5izPgBRFvbXQd9n3S/G4 obLi0KXx+DlRQ== Date: Sat, 6 Feb 2021 11:50:40 -0800 From: Jakub Kicinski To: Lorenzo Bianconi Cc: Kalle Valo , Lorenzo Bianconi , netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Felix Fietkau Subject: Re: pull-request: wireless-drivers-2021-02-05 Message-ID: <20210206115040.0d887565@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> In-Reply-To: <20210206194325.GA134674@lore-desk> References: <20210205163434.14D94C433ED@smtp.codeaurora.org> <20210206093537.0bfaf0db@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> <20210206194325.GA134674@lore-desk> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Sat, 6 Feb 2021 20:43:25 +0100 Lorenzo Bianconi wrote: > > Lorenzo, I'm just guessing what this code does, but you're dropping a > > frag without invalidating the rest of the SKB, which I presume is now > > truncated? Shouldn't the skb be dropped? > > =20 >=20 > Hi Jakub, >=20 > I agree. We can do something like: >=20 > diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wirel= ess/mediatek/mt76/dma.c > index e81dfaf99bcb..6d84533d1df2 100644 > --- a/drivers/net/wireless/mediatek/mt76/dma.c > +++ b/drivers/net/wireless/mediatek/mt76/dma.c > @@ -511,8 +511,9 @@ mt76_add_fragment(struct mt76_dev *dev, struct mt76_q= ueue *q, void *data, > { > struct sk_buff *skb =3D q->rx_head; > struct skb_shared_info *shinfo =3D skb_shinfo(skb); > + int nr_frags =3D shinfo->nr_frags; > =20 > - if (shinfo->nr_frags < ARRAY_SIZE(shinfo->frags)) { > + if (nr_frags < ARRAY_SIZE(shinfo->frags)) { > struct page *page =3D virt_to_head_page(data); > int offset =3D data - page_address(page) + q->buf_offset; > =20 > @@ -526,7 +527,10 @@ mt76_add_fragment(struct mt76_dev *dev, struct mt76_= queue *q, void *data, > return; > =20 > q->rx_head =3D NULL; > - dev->drv->rx_skb(dev, q - dev->q_rx, skb); > + if (nr_frags < ARRAY_SIZE(shinfo->frags)) > + dev->drv->rx_skb(dev, q - dev->q_rx, skb); > + else > + dev_kfree_skb(skb); > } > =20 >=20 > I do not know if it can occur, but I guess we should even check q->rx_head > pointer before overwriting it because if the hw does not report more set = to > false for last fragment we will get a memory leak as well. Something like: >=20 > @@ -578,6 +582,8 @@ mt76_dma_rx_process(struct mt76_dev *dev, struct mt76= _queue *q, int budget) > done++; > =20 > if (more) { > + if (q->rx_head) > + dev_kfree_skb(q->rx_head); > q->rx_head =3D skb; > continue; > } =F0=9F=91=8D