From patchwork Wed Sep 27 10:58:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Krishna Kurapati X-Patchwork-Id: 145414 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:cae8:0:b0:403:3b70:6f57 with SMTP id r8csp2688638vqu; Wed, 27 Sep 2023 08:01:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEurLmFRKfTyOmaFHTx+QV8k/BqHZTd6Oku+RKRCzWzF8KNC7YT/w/uF9zhR8Ljv5pCXe8A X-Received: by 2002:a05:6a20:9707:b0:153:81a6:b171 with SMTP id hr7-20020a056a20970700b0015381a6b171mr2013578pzc.38.1695826864543; Wed, 27 Sep 2023 08:01:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695826864; cv=none; d=google.com; s=arc-20160816; b=l/ga7JdmYwHxg/8ykW2I9YlpyKnabsRRt+m00JGiOw1SyLnAvageRZ3BwltDEuXTGD +YC/ADFMFL90BEWzAT40gm4YuxnLK80KS1Hxtnjrg0fUZEP64dM6qwfzFCsZGOyY0gr4 xR5SOLA35goYybyATeWquTJ4WtX/K5yExCtMx1zScDXfHAbFIFXETQcsi35Bx6/aGNF1 WdONxoLQn39B2cekuysLrssDHtG55N3iNNw0Bo561NkDoE0UDgmYyV04dbe/AfqcwwQ5 YSGu1PDGcul99oneLHB1f2jZjj3zSI9KkbIYaoqUHrbYgWmqpK5hF/1OaiUPt+/AY1Jj 7P3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=rOuf5MtDCQLRUngQ4awgcDV/nMQsPByOw/Aas90rjfw=; fh=9wUwERTIPV6Pq/kGZbROlqDw7mqDQqKlfQaJ7sOIt70=; b=xHPuvNwAg+/mK4M4zFqpfXCqmQK/r3zlptXNDIXW7dlxGrhspNHqhKlewHoN6e0LEs NOUEVVggNkEuPfBQcTEFuBDJvvP09vNBNi+tV0EawmB+MxT3qmOlN2hddhsiZR1PLkUu wbf/9Tce5Pz8MYAKGRmX/O7OZsyY/R+u9lgh6YPbqZA7eeae2cVEb7ycAfDjoCdNd2tQ X5lH10obugPK7jZ/W3OUy8epx4UeujS4pkJaIHfGhafX/fZwy+sjIAzZlhV2w9d6Bngd bkGroxpug05mp0axO1aJORI4+tEJVOVHNgogZ9tVMcfvhCg9aPat1m0gOlREbBFPxuvC //WA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=m4tfZO5g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id ei37-20020a056a0080e500b0068e243a72basi15097745pfb.330.2023.09.27.08.01.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 08:01:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=m4tfZO5g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 5A6EF81444C0; Wed, 27 Sep 2023 03:59:47 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231199AbjI0K7c (ORCPT + 22 others); Wed, 27 Sep 2023 06:59:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36358 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230164AbjI0K73 (ORCPT ); Wed, 27 Sep 2023 06:59:29 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7296813A; Wed, 27 Sep 2023 03:59:27 -0700 (PDT) Received: from pps.filterd (m0279862.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38RAZ7mc010443; Wed, 27 Sep 2023 10:59:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=rOuf5MtDCQLRUngQ4awgcDV/nMQsPByOw/Aas90rjfw=; b=m4tfZO5gw3QrvzniLLjwfqhOX6kts1VAlYwHbzMXdNORWR1tWQGsPWNbS5hdYNlTb1N5 LG0ybPasFLzA1B4ciMwi8I4+mIdDajG6DaX1EmVXH9vRJQP0FxAhoJ3zJ3chTW71CumI x+acZneAWxRxvTjSYqG/4C3rUJBn2Pu/+9XfXibzHbu3N6NPQPLIwJqlB0odGjgFnWiK cHRuPbavI1ODSEQhHwp6anvMRIqlIbub9nhUVlVE0JegEImVErkAC6aO/o6jCz8g40At lZ1qe20eBGOWoTW8afA2coA4bOSW1VKlb4OOuF4FTpaMqdR22gVbHbcwjqyGBsznoHGs Cw== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3tc4rxhk0y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Sep 2023 10:59:18 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 38RAxBZ7009250 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Sep 2023 10:59:11 GMT Received: from hu-kriskura-hyd.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.36; Wed, 27 Sep 2023 03:59:08 -0700 From: Krishna Kurapati To: Greg Kroah-Hartman , =?utf-8?q?Maciej_=C5=BB?= =?utf-8?q?enczykowski?= CC: , , , , , Krishna Kurapati , Subject: [PATCH v4] usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call Date: Wed, 27 Sep 2023 16:28:58 +0530 Message-ID: <20230927105858.12950-1-quic_kriskura@quicinc.com> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: 9no8INfMF3GZqaPbkRh4wKLkb_pHmU4H X-Proofpoint-ORIG-GUID: 9no8INfMF3GZqaPbkRh4wKLkb_pHmU4H X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-09-27_06,2023-09-27_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 suspectscore=0 mlxlogscore=958 adultscore=0 lowpriorityscore=0 mlxscore=0 priorityscore=1501 phishscore=0 bulkscore=0 clxscore=1015 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2309270091 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 27 Sep 2023 03:59:47 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778203349301335759 X-GMAIL-MSGID: 1778203349301335759 When NCM is used with hosts like Windows PC, it is observed that there are multiple NTB's contained in one usb request giveback. Since the driver unwraps the obtained request data assuming only one NTB is present, we loose the subsequent NTB's present resulting in data loss. Fix this by checking the parsed block length with the obtained data length in usb request and continue parsing after the last byte of current NTB. Cc: stable@vger.kernel.org Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") Signed-off-by: Krishna Kurapati Reviewed-by: Maciej Żenczykowski --- Changes in v4: Replaced void* with __le16* typecast for tmp variable Changes in v3: Removed explicit void* typecast for ntb_ptr variable drivers/usb/gadget/function/f_ncm.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index 424bb3b666db..faf90a217419 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -1171,7 +1171,8 @@ static int ncm_unwrap_ntb(struct gether *port, struct sk_buff_head *list) { struct f_ncm *ncm = func_to_ncm(&port->func); - __le16 *tmp = (void *) skb->data; + unsigned char *ntb_ptr = skb->data; + __le16 *tmp; unsigned index, index2; int ndp_index; unsigned dg_len, dg_len2; @@ -1184,6 +1185,10 @@ static int ncm_unwrap_ntb(struct gether *port, const struct ndp_parser_opts *opts = ncm->parser_opts; unsigned crc_len = ncm->is_crc ? sizeof(uint32_t) : 0; int dgram_counter; + int to_process = skb->len; + +parse_ntb: + tmp = (__le16 *)ntb_ptr; /* dwSignature */ if (get_unaligned_le32(tmp) != opts->nth_sign) { @@ -1230,7 +1235,7 @@ static int ncm_unwrap_ntb(struct gether *port, * walk through NDP * dwSignature */ - tmp = (void *)(skb->data + ndp_index); + tmp = (__le16 *)(ntb_ptr + ndp_index); if (get_unaligned_le32(tmp) != ncm->ndp_sign) { INFO(port->func.config->cdev, "Wrong NDP SIGN\n"); goto err; @@ -1287,11 +1292,11 @@ static int ncm_unwrap_ntb(struct gether *port, if (ncm->is_crc) { uint32_t crc, crc2; - crc = get_unaligned_le32(skb->data + + crc = get_unaligned_le32(ntb_ptr + index + dg_len - crc_len); crc2 = ~crc32_le(~0, - skb->data + index, + ntb_ptr + index, dg_len - crc_len); if (crc != crc2) { INFO(port->func.config->cdev, @@ -1318,7 +1323,7 @@ static int ncm_unwrap_ntb(struct gether *port, dg_len - crc_len); if (skb2 == NULL) goto err; - skb_put_data(skb2, skb->data + index, + skb_put_data(skb2, ntb_ptr + index, dg_len - crc_len); skb_queue_tail(list, skb2); @@ -1331,10 +1336,17 @@ static int ncm_unwrap_ntb(struct gether *port, } while (ndp_len > 2 * (opts->dgram_item_len * 2)); } while (ndp_index); - dev_consume_skb_any(skb); - VDBG(port->func.config->cdev, "Parsed NTB with %d frames\n", dgram_counter); + + to_process -= block_len; + if (to_process != 0) { + ntb_ptr = (unsigned char *)(ntb_ptr + block_len); + goto parse_ntb; + } + + dev_consume_skb_any(skb); + return 0; err: skb_queue_purge(list);