| Message ID | 20210603150947.4627-1-linyyuan@codeaurora.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | usb: gadget: eem: fix wrong eem header operation | expand |
On Thu, Jun 03, 2021 at 11:09:47PM +0800, Linyu Yuan wrote: > From: Linyu Yuan <linyyuan@codeaurora.com> > > when skb_clone() or skb_copy_expand() fail, How can these calls fail? If they do, what is the overall system health? > it should pull skb with lengh indicated by header, > or not it will read network data and check it as header. > > Signed-off-by: Linyu Yuan <linyyuan@codeaurora.com> > --- > drivers/usb/gadget/function/f_eem.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) What commit does this fix? Should it go to stable kernels? If so, how far back? And any reason you didn't use scripts/get_maintainer.pl for who to send your patch to? thanks, greg k-h
On 2021-06-04 18:50, Greg KH wrote: > On Thu, Jun 03, 2021 at 11:09:47PM +0800, Linyu Yuan wrote: >> From: Linyu Yuan <linyyuan@codeaurora.com> >> >> when skb_clone() or skb_copy_expand() fail, > > How can these calls fail? If they do, what is the overall system > health? indeed skb_copy_expand() fail on system when it have low continuous memory region when using bigger MTU. > >> it should pull skb with lengh indicated by header, >> or not it will read network data and check it as header. >> >> Signed-off-by: Linyu Yuan <linyyuan@codeaurora.com> >> --- >> drivers/usb/gadget/function/f_eem.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > What commit does this fix? Should it go to stable kernels? If so, how > far back? this change can't avoid all system memory issue which cause skb failure, but i help reduce driver parse wrong network data which may consume too much CPU time. i will cc stable@vger.kernel.org on V2. i think it can apply to all active stable branch, from 4.4 to 5.10. > > And any reason you didn't use scripts/get_maintainer.pl for who to send > your patch to? thanks very much, i will follow your suggestion and provide a V2. > > thanks, > > greg k-h
diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c index cfcc4e81fb77..28dd5f1fd106 100644 --- a/drivers/usb/gadget/function/f_eem.c +++ b/drivers/usb/gadget/function/f_eem.c @@ -495,7 +495,7 @@ static int eem_unwrap(struct gether *port, skb2 = skb_clone(skb, GFP_ATOMIC); if (unlikely(!skb2)) { DBG(cdev, "unable to unframe EEM packet\n"); - continue; + goto next; } skb_trim(skb2, len - ETH_FCS_LEN); @@ -505,7 +505,7 @@ static int eem_unwrap(struct gether *port, GFP_ATOMIC); if (unlikely(!skb3)) { dev_kfree_skb_any(skb2); - continue; + goto next; } dev_kfree_skb_any(skb2); skb_queue_tail(list, skb3);