linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Brian Norris <briannorris@chromium.org>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
	Wen Gong <wgong@codeaurora.org>, stable <stable@vger.kernel.org>
Subject: Re: [PATCH 14/18] ath10k: drop MPDU which has discard flag set by firmware for SDIO
Date: Wed, 12 May 2021 11:35:23 -0700	[thread overview]
Message-ID: <CA+ASDXPwAWEEvWBdiLpMrm-PTcSH7QQHwx_T5nxN+faQt=Wi_g@mail.gmail.com> (raw)
In-Reply-To: <20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid>

On Tue, May 11, 2021 at 11:03 AM Johannes Berg
<johannes@sipsolutions.net> wrote:
> --- a/drivers/net/wireless/ath/ath10k/htt_rx.c
> +++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
> @@ -2312,6 +2312,11 @@ static bool ath10k_htt_rx_proc_rx_ind_hl(struct ath10k_htt *htt,
>         fw_desc = &rx->fw_desc;
>         rx_desc_len = fw_desc->len;
>
> +       if (fw_desc->u.bits.discard) {
> +               ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");
> +               goto err;
> +       }
> +
>         /* I have not yet seen any case where num_mpdu_ranges > 1.
>          * qcacld does not seem handle that case either, so we introduce the
>          * same limitiation here as well.
> diff --git a/drivers/net/wireless/ath/ath10k/rx_desc.h b/drivers/net/wireless/ath/ath10k/rx_desc.h
> index f2b6bf8f0d60..705b6295e466 100644
> --- a/drivers/net/wireless/ath/ath10k/rx_desc.h
> +++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
> @@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
>  #define FW_RX_DESC_UDP              (1 << 6)
>
>  struct fw_rx_desc_hl {
> -       u8 info0;
> +       union {
> +               struct {
> +               u8 discard:1,
> +                  forward:1,
> +                  any_err:1,
> +                  dup_err:1,
> +                  reserved:1,
> +                  inspect:1,
> +                  extension:2;
> +               } bits;
> +               u8 info0;
> +       } u;

Am I misled here, or are you introducing endianness issues here? From C99:

"The order of allocation of bit-fields within a unit (high-order to
low-order or low-order to high-order) is implementation-defined."

Now, we're pretty well attuned to two implementations (big and little
endian), and this should work for the most common one (little endian),
but it's not wise to assume everyone is little endian.

Brian

  reply	other threads:[~2021-05-12 20:57 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-11 18:02 [PATCH 00/18] mac80211/driver security fixes Johannes Berg
2021-05-11 18:02 ` [PATCH 01/18] mac80211: assure all fragments are encrypted Johannes Berg
2021-05-11 18:02 ` [PATCH 02/18] mac80211: prevent mixed key and fragment cache attacks Johannes Berg
2021-05-11 18:02 ` [PATCH 03/18] mac80211: properly handle A-MSDUs that start with an RFC 1042 header Johannes Berg
2021-05-11 18:02 ` [PATCH 04/18] cfg80211: mitigate A-MSDU aggregation attacks Johannes Berg
2021-05-11 18:02 ` [PATCH 05/18] mac80211: drop A-MSDUs on old ciphers Johannes Berg
2021-05-11 18:02 ` [PATCH 06/18] mac80211: add fragment cache to sta_info Johannes Berg
2021-05-11 18:02 ` [PATCH 07/18] mac80211: check defrag PN against current frame Johannes Berg
2021-05-11 18:02 ` [PATCH 08/18] mac80211: prevent attacks on TKIP/WEP as well Johannes Berg
2021-05-11 18:02 ` [PATCH 09/18] mac80211: do not accept/forward invalid EAPOL frames Johannes Berg
2021-05-11 18:02 ` [PATCH 10/18] mac80211: extend protection against mixed key and fragment cache attacks Johannes Berg
2021-05-11 18:02 ` [PATCH 11/18] ath10k: add CCMP PN replay protection for fragmented frames for PCIe Johannes Berg
2021-05-14 22:23   ` Abhishek Kumar
2021-05-11 18:02 ` [PATCH 12/18] ath10k: drop fragments with multicast DA " Johannes Berg
2021-05-11 18:02 ` [PATCH 13/18] ath10k: drop fragments with multicast DA for SDIO Johannes Berg
2021-05-11 18:02 ` [PATCH 14/18] ath10k: drop MPDU which has discard flag set by firmware " Johannes Berg
2021-05-12 18:35   ` Brian Norris [this message]
2021-05-13 17:18     ` Jeff Johnson
2021-05-11 18:02 ` [PATCH 15/18] ath10k: Fix TKIP Michael MIC verification for PCIe Johannes Berg
2021-05-11 18:02 ` [PATCH 16/18] ath10k: Validate first subframe of A-MSDU before processing the list Johannes Berg
2021-05-11 18:02 ` [PATCH 17/18] ath11k: Clear the fragment cache during key install Johannes Berg
2021-05-11 18:02 ` [PATCH 18/18] ath11k: Drop multicast fragments Johannes Berg
2021-05-17 18:54 ` [PATCH 00/18] mac80211/driver security fixes Ben Greear

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+ASDXPwAWEEvWBdiLpMrm-PTcSH7QQHwx_T5nxN+faQt=Wi_g@mail.gmail.com' \
    --to=briannorris@chromium.org \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=wgong@codeaurora.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).