* [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU
@ 2019-11-07 11:51 Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 2/3] mac80211: fix ieee80211_txq_setup_flows() failure path Luca Coelho
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Luca Coelho @ 2019-11-07 11:51 UTC (permalink / raw)
To: kvalo; +Cc: linux-wireless
From: Mordechay Goodstein <mordechay.goodstein@intel.com>
From gen2 PN is totally offloaded to hardware (also the space for the
IV isn't part of the skb). As you can see in mvm/mac80211.c:3545, the
MAC for cipher types CCMP/GCMP doesn't set
IEEE80211_KEY_FLAG_PUT_IV_SPACE for gen2 NICs.
This causes all the AMSDU data to be corrupted with cipher enabled.
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
.../net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 20 +++++++------------
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
index 8894027429d6..d80f71f82a6d 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c
@@ -251,27 +251,23 @@ static int iwl_pcie_gen2_build_amsdu(struct iwl_trans *trans,
struct ieee80211_hdr *hdr = (void *)skb->data;
unsigned int snap_ip_tcp_hdrlen, ip_hdrlen, total_len, hdr_room;
unsigned int mss = skb_shinfo(skb)->gso_size;
- u16 length, iv_len, amsdu_pad;
+ u16 length, amsdu_pad;
u8 *start_hdr;
struct iwl_tso_hdr_page *hdr_page;
struct page **page_ptr;
struct tso_t tso;
- /* if the packet is protected, then it must be CCMP or GCMP */
- iv_len = ieee80211_has_protected(hdr->frame_control) ?
- IEEE80211_CCMP_HDR_LEN : 0;
-
trace_iwlwifi_dev_tx(trans->dev, skb, tfd, sizeof(*tfd),
&dev_cmd->hdr, start_len, 0);
ip_hdrlen = skb_transport_header(skb) - skb_network_header(skb);
snap_ip_tcp_hdrlen = 8 + ip_hdrlen + tcp_hdrlen(skb);
- total_len = skb->len - snap_ip_tcp_hdrlen - hdr_len - iv_len;
+ total_len = skb->len - snap_ip_tcp_hdrlen - hdr_len;
amsdu_pad = 0;
/* total amount of header we may need for this A-MSDU */
hdr_room = DIV_ROUND_UP(total_len, mss) *
- (3 + snap_ip_tcp_hdrlen + sizeof(struct ethhdr)) + iv_len;
+ (3 + snap_ip_tcp_hdrlen + sizeof(struct ethhdr));
/* Our device supports 9 segments at most, it will fit in 1 page */
hdr_page = get_page_hdr(trans, hdr_room);
@@ -282,14 +278,12 @@ static int iwl_pcie_gen2_build_amsdu(struct iwl_trans *trans,
start_hdr = hdr_page->pos;
page_ptr = (void *)((u8 *)skb->cb + trans_pcie->page_offs);
*page_ptr = hdr_page->page;
- memcpy(hdr_page->pos, skb->data + hdr_len, iv_len);
- hdr_page->pos += iv_len;
/*
- * Pull the ieee80211 header + IV to be able to use TSO core,
+ * Pull the ieee80211 header to be able to use TSO core,
* we will restore it for the tx_status flow.
*/
- skb_pull(skb, hdr_len + iv_len);
+ skb_pull(skb, hdr_len);
/*
* Remove the length of all the headers that we don't actually
@@ -364,8 +358,8 @@ static int iwl_pcie_gen2_build_amsdu(struct iwl_trans *trans,
}
}
- /* re -add the WiFi header and IV */
- skb_push(skb, hdr_len + iv_len);
+ /* re -add the WiFi header */
+ skb_push(skb, hdr_len);
return 0;
--
2.24.0.rc1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v5.4 2/3] mac80211: fix ieee80211_txq_setup_flows() failure path
2019-11-07 11:51 [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Luca Coelho
@ 2019-11-07 11:51 ` Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 3/3] iwlwifi: check kasprintf() return value Luca Coelho
2019-11-08 19:37 ` [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Kalle Valo
2 siblings, 0 replies; 5+ messages in thread
From: Luca Coelho @ 2019-11-07 11:51 UTC (permalink / raw)
To: kvalo; +Cc: linux-wireless
From: Johannes Berg <johannes.berg@intel.com>
If ieee80211_txq_setup_flows() fails, we don't clean up WEP/LED
state properly, leading to crashes later on, fix that.
Fixes: dc8b274f0952 ("mac80211: Move up init of TXQs")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
net/mac80211/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index aba094b4ccfc..2d05c4cfaf6d 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1292,8 +1292,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
ieee80211_remove_interfaces(local);
fail_rate:
rtnl_unlock();
- ieee80211_led_exit(local);
fail_flows:
+ ieee80211_led_exit(local);
destroy_workqueue(local->workqueue);
fail_workqueue:
wiphy_unregister(local->hw.wiphy);
--
2.24.0.rc1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v5.4 3/3] iwlwifi: check kasprintf() return value
2019-11-07 11:51 [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 2/3] mac80211: fix ieee80211_txq_setup_flows() failure path Luca Coelho
@ 2019-11-07 11:51 ` Luca Coelho
2019-11-07 13:27 ` Luca Coelho
2019-11-08 19:37 ` [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Kalle Valo
2 siblings, 1 reply; 5+ messages in thread
From: Luca Coelho @ 2019-11-07 11:51 UTC (permalink / raw)
To: kvalo; +Cc: linux-wireless
From: Johannes Berg <johannes.berg@intel.com>
kasprintf() can fail, we should check the return value.
Fixes: 5ed540aecc2a ("iwlwifi: use mac80211 throughput trigger")
Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
drivers/net/wireless/intel/iwlwifi/dvm/led.c | 3 +++
drivers/net/wireless/intel/iwlwifi/mvm/led.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/led.c b/drivers/net/wireless/intel/iwlwifi/dvm/led.c
index dd387aba3317..e8a4d604b910 100644
--- a/drivers/net/wireless/intel/iwlwifi/dvm/led.c
+++ b/drivers/net/wireless/intel/iwlwifi/dvm/led.c
@@ -171,6 +171,9 @@ void iwl_leds_init(struct iwl_priv *priv)
priv->led.name = kasprintf(GFP_KERNEL, "%s-led",
wiphy_name(priv->hw->wiphy));
+ if (!priv->led.name)
+ return;
+
priv->led.brightness_set = iwl_led_brightness_set;
priv->led.blink_set = iwl_led_blink_set;
priv->led.max_brightness = 1;
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/led.c b/drivers/net/wireless/intel/iwlwifi/mvm/led.c
index d104da9170ca..72c4b2b8399d 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/led.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/led.c
@@ -129,6 +129,9 @@ int iwl_mvm_leds_init(struct iwl_mvm *mvm)
mvm->led.name = kasprintf(GFP_KERNEL, "%s-led",
wiphy_name(mvm->hw->wiphy));
+ if (!mvm->led.name)
+ return -ENOMEM;
+
mvm->led.brightness_set = iwl_led_brightness_set;
mvm->led.max_brightness = 1;
--
2.24.0.rc1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v5.4 3/3] iwlwifi: check kasprintf() return value
2019-11-07 11:51 ` [PATCH v5.4 3/3] iwlwifi: check kasprintf() return value Luca Coelho
@ 2019-11-07 13:27 ` Luca Coelho
0 siblings, 0 replies; 5+ messages in thread
From: Luca Coelho @ 2019-11-07 13:27 UTC (permalink / raw)
To: kvalo; +Cc: linux-wireless
On Thu, 2019-11-07 at 13:51 +0200, Luca Coelho wrote:
> From: Johannes Berg <johannes.berg@intel.com>
>
> kasprintf() can fail, we should check the return value.
>
> Fixes: 5ed540aecc2a ("iwlwifi: use mac80211 throughput trigger")
> Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver")
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
> ---
Let's drop this one from v5.4. This is extremely unlikely to fail and
the real reason for the crash we have observed was fixed in Johannes'
mac80211 patch (2/3 in this series).
--
Luca.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU
2019-11-07 11:51 [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 2/3] mac80211: fix ieee80211_txq_setup_flows() failure path Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 3/3] iwlwifi: check kasprintf() return value Luca Coelho
@ 2019-11-08 19:37 ` Kalle Valo
2 siblings, 0 replies; 5+ messages in thread
From: Kalle Valo @ 2019-11-08 19:37 UTC (permalink / raw)
To: Luca Coelho; +Cc: linux-wireless
Luca Coelho <luca@coelho.fi> wrote:
> From: Mordechay Goodstein <mordechay.goodstein@intel.com>
>
> From gen2 PN is totally offloaded to hardware (also the space for the
> IV isn't part of the skb). As you can see in mvm/mac80211.c:3545, the
> MAC for cipher types CCMP/GCMP doesn't set
> IEEE80211_KEY_FLAG_PUT_IV_SPACE for gen2 NICs.
>
> This causes all the AMSDU data to be corrupted with cipher enabled.
>
> Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
> Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Patch applied to wireless-drivers.git, thanks.
cb1a4badf592 iwlwifi: pcie: don't consider IV len in A-MSDU
--
https://patchwork.kernel.org/patch/11232699/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-11-08 19:37 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-07 11:51 [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 2/3] mac80211: fix ieee80211_txq_setup_flows() failure path Luca Coelho
2019-11-07 11:51 ` [PATCH v5.4 3/3] iwlwifi: check kasprintf() return value Luca Coelho
2019-11-07 13:27 ` Luca Coelho
2019-11-08 19:37 ` [PATCH v5.4 1/3] iwlwifi: pcie: don't consider IV len in A-MSDU Kalle Valo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).