Message ID | 20200604071835.3842-2-wright.feng@cypress.com |
---|---|
State | New |
Headers | show |
Series | [v2,1/5] brcmfmac: To fix kernel crash on out of boundary access | expand |
Wright Feng <wright.feng@cypress.com> wrote: > From: Raveendran Somu <raveendran.somu@cypress.com> > > To truncate the additional bytes, if extra bytes have been received. > Current code only have a warning and proceed without handling it. > But in one of the crash reported by DVT, these causes the > crash intermittently. So the processing is limit to the skb->len. > > Signed-off-by: Raveendran Somu <raveendran.somu@cypress.com> > Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> > Signed-off-by: Wright Feng <wright.feng@cypress.com> 5 patches applied to wireless-drivers-next.git, thanks. 698bae2e6ea1 brcmfmac: To fix kernel crash on out of boundary access 1eb4e9f62998 brcmfmac: fix invalid permanent MAC address in wiphy eccbf46b15bb brcmfmac: keep SDIO watchdog running when console_interval is non-zero ec3428bb8915 brcmfmac: reduce maximum station interface from 2 to 1 in RSDB mode fa3266541b13 brcmfmac: To fix Bss Info flag definition Bug -- https://patchwork.kernel.org/patch/11587075/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c index 09701262330d..531fe9be4025 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c @@ -1843,6 +1843,9 @@ void brcmf_fws_hdrpull(struct brcmf_if *ifp, s16 siglen, struct sk_buff *skb) WARN_ON(siglen > skb->len); + if (siglen > skb->len) + siglen = skb->len; + if (!siglen) return; /* if flow control disabled, skip to packet data and leave */