[PATCH 4.0 098/148] mac80211: move WEP tailroom size check

From: Greg Kroah-Hartman
Date: Wed Jun 03 2015 - 08:45:14 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.0 097/148] crypto: s390/ghash - Fix incorrect ghash icv buffer handling."
Previous message: Greg Kroah-Hartman: "[PATCH 4.0 099/148] mac80211: dont use napi_gro_receive() outside NAPI context"
In reply to: Greg Kroah-Hartman: "[PATCH 4.0 099/148] mac80211: dont use napi_gro_receive() outside NAPI context"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.0 097/148] crypto: s390/ghash - Fix incorrect ghash icv buffer handling."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.0-stable review patch. If anyone has any objections, please let me know.

------------------

From: Janusz Dziedzic <janusz.dziedzic@xxxxxxxxx>

commit 47b4e1fc4972cc43a19121bc2608a60aef3bf216 upstream.

Remove checking tailroom when adding IV as it uses only
headroom, and move the check to the ICV generation that
actually needs the tailroom.

In other case I hit such warning and datapath don't work,
when testing:
- IBSS + WEP
- ath9k with hw crypt enabled
- IPv6 data (ping6)

WARNING: CPU: 3 PID: 13301 at net/mac80211/wep.c:102 ieee80211_wep_add_iv+0x129/0x190 [mac80211]()
[...]
Call Trace:
[<ffffffff817bf491>] dump_stack+0x45/0x57
[<ffffffff8107746a>] warn_slowpath_common+0x8a/0xc0
[<ffffffff8107755a>] warn_slowpath_null+0x1a/0x20
[<ffffffffc09ae109>] ieee80211_wep_add_iv+0x129/0x190 [mac80211]
[<ffffffffc09ae7ab>] ieee80211_crypto_wep_encrypt+0x6b/0xd0 [mac80211]
[<ffffffffc09d3fb1>] invoke_tx_handlers+0xc51/0xf30 [mac80211]
[...]

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@xxxxxxxxx>
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
net/mac80211/wep.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -98,8 +98,7 @@ static u8 *ieee80211_wep_add_iv(struct i

hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);

- if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN ||
- skb_headroom(skb) < IEEE80211_WEP_IV_LEN))
+ if (WARN_ON(skb_headroom(skb) < IEEE80211_WEP_IV_LEN))
return NULL;

hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -167,6 +166,9 @@ int ieee80211_wep_encrypt(struct ieee802
size_t len;
u8 rc4key[3 + WLAN_KEY_LEN_WEP104];

+ if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN))
+ return -1;
+
iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx);
if (!iv)
return -1;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[PATCH 4.0 097/148] crypto: s390/ghash - Fix incorrect ghash icv buffer handling."
Previous message: Greg Kroah-Hartman: "[PATCH 4.0 099/148] mac80211: dont use napi_gro_receive() outside NAPI context"
In reply to: Greg Kroah-Hartman: "[PATCH 4.0 099/148] mac80211: dont use napi_gro_receive() outside NAPI context"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.0 097/148] crypto: s390/ghash - Fix incorrect ghash icv buffer handling."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]