Re: [PATCH] usb: gadget: aspeed: fix buffer overflow

From: Greg Kroah-Hartman
Date: Fri Oct 28 2022 - 05:17:14 EST


On Fri, Oct 28, 2022 at 09:04:52AM +0000, Neal Liu wrote:
> > > Thanks for your feedback.
> > > I tried to reproduce it on my side, and it cannot be reproduce it.
> > > Here are my test sequences:
> > > 1. emulate one of the vhub port to usb ethernet through Linux gadget
> > > (ncm)
> >
> > We are using rndis instead of ncm.
> >
> > > 2. connect BMC vhub to Host
> > > 3. BMC & Host can ping each other (both usb eth dev default mtu is
> > > 1500) 4. Set BMC mtu to 1000 (Host OS cannot set usb eth dev mtu to
> > > 2000, it's maxmtu is 1500)
> >
> > Not sure if it's related, but in my case (USB rndis, Debian 10 OS) it should be
> > able to set MTU to 2000.
>
> Using rndis is able to set MTU to 2000, and the issue can be reproduced.

Please NEVER use rndis anymore. I need to go just delete that driver
from the tree.

It is insecure-by-design and will cause any system that runs it to be
instantly compromised and it can not be fixed. Never trust it.

Even for data throughput tests, I wouldn't trust it as it does odd
things with packet sizes as you show here.

thanks,

greg k-h