Another data point for consideration... (I didn't think of this until late last night)
git checkout Ubuntu-3.10.0-0.6 git revert 313a58e487ab3eb80e7e1f9baddc75968288aad9 # resolve a header conflict - nothing major After building this, I was able to use the network dongle just fine (ie. second and third pegasus-related commits were ok, one of them even removed that warning when inserting the device). I had a look at the commit and it looks ok... I'm guessing from the change in code that the "pool" was not necessary, and that the extra skb buffer objects went unused most of the time. However, I believe they hid a buffer overrun. The skb buffer was previously allocated as PEGASUS_MTU + 2. The new buffer is allocated as PEGASUS_MTU (with optional padding for alignment purposes). From what I can see, this should make the usable buffer consistently smaller than the old structure allowed for (by 2 bytes). The real problem though, is that when reading into the skb buffer, the driver uses PEGASUS_MTU + 8 as the buffer size, a pretty clear buffer overrun to me. I don't know how the kernel is allocating this memory but I guess the underlying allocation pattern of the "pool" code was able to hide the effect of the overrun and this change merely exposed it by changing the allocation pattern. Indeed, the attached patch (which passes the correct buffer size to the read function) also fixes things. I suppose this is the fix that should be committed. I guess this needs to go upstream to the kernel guys though? ** Patch added: "0001-pegasus-Do-not-write-more-data-to-the-buffer-than-it.patch" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547838/+attachment/4620180/+files/0001-pegasus-Do-not-write-more-data-to-the-buffer-than-it.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547838 Title: ADMtek ADM8511 "Pegasus II" USB Ethernet causes oops To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1547838/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
