Re: [PATCH] usbnet.c, buf.overrun crash-bugfix, Kernel 2.6.12-rc1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 24 Mar 2005, David Brownell wrote:
On Thursday 24 March 2005 8:05 am, Jakemuksen spammiosote wrote:
Atleast versions 2.6.5 - 2.6.12-rc1 crash if an USB device using usbnet
sends oversized packet. Such packets occur most likely with broken
Care to mention what device(s) you saw this with?   And what HCD?

I can't tell about the device(NDA), and don't remember the HCD and I can check it only after holidays.

+       if (unlikely((skb->tail + urb->actual_length) > skb->end)) {
This logic looks wrong.  If that ever happens, surely the problem is
that the rx_submit() code submitted an urb with transfer_size that
mismatched the SKB.  The host controller isn't allowed to overrun the

Sounds reasonable. So, I'll go thru the HCD code instead if the responsibility is there. Am i the first one to run into such crash situation? If so, perhaps it's not ever worthy to fix in mainstream kernel, as the device causes the crash under very specific - 'abusing' one might say, situation only.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux