kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   7cd9827a1de31186648669c62a798c6a1c8fe94d
  2.   patches.suse
  3.   brcmfmac-To-fix-kernel-crash-on-out-of-boundary-acce.patch
Blob Blame History Raw 
From 698bae2e6ea139cd67debf7e8eb064056783b5bf Mon Sep 17 00:00:00 2001
From: Raveendran Somu <raveendran.somu@cypress.com>
Date: Thu, 4 Jun 2020 02:18:31 -0500
Subject: [PATCH] brcmfmac: To fix kernel crash on out of boundary access
Git-commit: 698bae2e6ea139cd67debf7e8eb064056783b5bf
Patch-mainline: v5.9-rc1
References: jsc#SLE-13430

To truncate the additional bytes, if extra bytes have been received.
Current code only have a warning and proceed without handling it.
But in one of the crash reported by DVT, these causes the
crash intermittently. So the processing is limit to the skb->len.

Signed-off-by: Raveendran Somu <raveendran.somu@cypress.com>
Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Wright Feng <wright.feng@cypress.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200604071835.3842-2-wright.feng@cypress.com
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
index 09701262330d..531fe9be4025 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -1843,6 +1843,9 @@ void brcmf_fws_hdrpull(struct brcmf_if *ifp, s16 siglen, struct sk_buff *skb)
 
 	WARN_ON(siglen > skb->len);
 
+	if (siglen > skb->len)
+		siglen = skb->len;
+
 	if (!siglen)
 		return;
 	/* if flow control disabled, skip to packet data and leave */
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.