Thread (10 messages) 10 messages, 3 authors, 2021-02-26

Re: [PATCH wireless-drivers] mt76: dma: do not report truncated frames to mac80211

From: Lorenzo Bianconi <lorenzo@kernel.org>
Date: 2021-02-08 13:33:42 

Lorenzo Bianconi [off-list ref] writes:
quoted
quoted
Lorenzo Bianconi [off-list ref] writes:
quoted
quoted
Lorenzo Bianconi [off-list ref] writes:
quoted
If the fragment is discarded in mt76_add_fragment() since shared_info
frag array is full, discard truncated frames and do not forward them to
mac80211.

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Should there be a Fixes line? I can add it.
I am not sure it needs a Fixes tag.
I think the commit log should have some kind of description about the
background of the issue, for example if this is a recent regression or
has been there forever etc.
Agree. Can you please check the commit log below?

"
Commit 'b102f0c522cf6 ("mt76: fix array overflow on receiving too many
fragments for a packet")' fixes a possible OOB access but it introduces a
memory leak since the pending frame is not released to page_frag_cache if
the frag array of skb_shared_info is full.
Commit '93a1d4791c10 ("mt76: dma: fix a possible memory leak in
mt76_add_fragment()")' fixes the issue but does not free the truncated skb that
is forwarded to mac80211 layer. Fix the leftover issue discarding even truncated
skbs.
"
Looks good, but I think the recommended style for commit ids is not to
use ' chararacter. So I would change it to this:

----------------------------------------------------------------------
Commit b102f0c522cf6 ("mt76: fix array overflow on receiving too many
fragments for a packet") fixes a possible OOB access but it introduces a
memory leak since the pending frame is not released to page_frag_cache
if the frag array of skb_shared_info is full. Commit 93a1d4791c10
("mt76: dma: fix a possible memory leak in mt76_add_fragment()") fixes
the issue but does not free the truncated skb that is forwarded to
mac80211 layer. Fix the leftover issue discarding even truncated skbs.
----------------------------------------------------------------------

Should I add that to the commit log and queue the patch to be applied
after the merge window opens?
ack, fine to me, thx.

Regards,
Lorenzo

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Attachments

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help