linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jeff Johnson <jjohnson@codeaurora.org>
To: Brian Norris <briannorris@chromium.org>
Cc: Johannes Berg <johannes@sipsolutions.net>,
	linux-wireless <linux-wireless@vger.kernel.org>,
	Wen Gong <wgong@codeaurora.org>, stable <stable@vger.kernel.org>
Subject: Re: [PATCH 14/18] ath10k: drop MPDU which has discard flag set by firmware for SDIO
Date: Thu, 13 May 2021 10:18:22 -0700	[thread overview]
Message-ID: <e417165a0f952b030a195dde4979058f@codeaurora.org> (raw)
In-Reply-To: <CA+ASDXPwAWEEvWBdiLpMrm-PTcSH7QQHwx_T5nxN+faQt=Wi_g@mail.gmail.com>

On 2021-05-12 11:35, Brian Norris wrote:
> On Tue, May 11, 2021 at 11:03 AM Johannes Berg
> <johannes@sipsolutions.net> wrote:
>> --- a/drivers/net/wireless/ath/ath10k/htt_rx.c
>> +++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
>> @@ -2312,6 +2312,11 @@ static bool ath10k_htt_rx_proc_rx_ind_hl(struct
>> ath10k_htt *htt,
>>         fw_desc = &rx->fw_desc;
>>         rx_desc_len = fw_desc->len;
>> 
>> +       if (fw_desc->u.bits.discard) {
>> +               ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");
>> +               goto err;
>> +       }
>> +
>>         /* I have not yet seen any case where num_mpdu_ranges > 1.
>>          * qcacld does not seem handle that case either, so we 
>> introduce
>> the
>>          * same limitiation here as well.
>> diff --git a/drivers/net/wireless/ath/ath10k/rx_desc.h
>> b/drivers/net/wireless/ath/ath10k/rx_desc.h
>> index f2b6bf8f0d60..705b6295e466 100644
>> --- a/drivers/net/wireless/ath/ath10k/rx_desc.h
>> +++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
>> @@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
>>  #define FW_RX_DESC_UDP              (1 << 6)
>> 
>>  struct fw_rx_desc_hl {
>> -       u8 info0;
>> +       union {
>> +               struct {
>> +               u8 discard:1,
>> +                  forward:1,
>> +                  any_err:1,
>> +                  dup_err:1,
>> +                  reserved:1,
>> +                  inspect:1,
>> +                  extension:2;
>> +               } bits;
>> +               u8 info0;
>> +       } u;
> 
> Am I misled here, or are you introducing endianness issues here? From 
> C99:
> 
> "The order of allocation of bit-fields within a unit (high-order to
> low-order or low-order to high-order) is implementation-defined."
> 
> Now, we're pretty well attuned to two implementations (big and little
> endian), and this should work for the most common one (little endian),
> but it's not wise to assume everyone is little endian.
> 
> Brian

This issue was identified in internal review, but due to the embargo 
expiring
we sent it out as-is since that is what had been tested. The author will 
have
a follow-up change to replace this.

-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora 
Forum,
a Linux Foundation Collaborative Project

  reply	other threads:[~2021-05-13 17:19 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-11 18:02 [PATCH 00/18] mac80211/driver security fixes Johannes Berg
2021-05-11 18:02 ` [PATCH 01/18] mac80211: assure all fragments are encrypted Johannes Berg
2021-05-11 18:02 ` [PATCH 02/18] mac80211: prevent mixed key and fragment cache attacks Johannes Berg
2021-05-11 18:02 ` [PATCH 03/18] mac80211: properly handle A-MSDUs that start with an RFC 1042 header Johannes Berg
2021-05-11 18:02 ` [PATCH 04/18] cfg80211: mitigate A-MSDU aggregation attacks Johannes Berg
2021-05-11 18:02 ` [PATCH 05/18] mac80211: drop A-MSDUs on old ciphers Johannes Berg
2021-05-11 18:02 ` [PATCH 06/18] mac80211: add fragment cache to sta_info Johannes Berg
2021-05-11 18:02 ` [PATCH 07/18] mac80211: check defrag PN against current frame Johannes Berg
2021-05-11 18:02 ` [PATCH 08/18] mac80211: prevent attacks on TKIP/WEP as well Johannes Berg
2021-05-11 18:02 ` [PATCH 09/18] mac80211: do not accept/forward invalid EAPOL frames Johannes Berg
2021-05-11 18:02 ` [PATCH 10/18] mac80211: extend protection against mixed key and fragment cache attacks Johannes Berg
2021-05-11 18:02 ` [PATCH 11/18] ath10k: add CCMP PN replay protection for fragmented frames for PCIe Johannes Berg
2021-05-14 22:23   ` Abhishek Kumar
2021-05-11 18:02 ` [PATCH 12/18] ath10k: drop fragments with multicast DA " Johannes Berg
2021-05-11 18:02 ` [PATCH 13/18] ath10k: drop fragments with multicast DA for SDIO Johannes Berg
2021-05-11 18:02 ` [PATCH 14/18] ath10k: drop MPDU which has discard flag set by firmware " Johannes Berg
2021-05-12 18:35   ` Brian Norris
2021-05-13 17:18     ` Jeff Johnson [this message]
2021-05-11 18:02 ` [PATCH 15/18] ath10k: Fix TKIP Michael MIC verification for PCIe Johannes Berg
2021-05-11 18:02 ` [PATCH 16/18] ath10k: Validate first subframe of A-MSDU before processing the list Johannes Berg
2021-05-11 18:02 ` [PATCH 17/18] ath11k: Clear the fragment cache during key install Johannes Berg
2021-05-11 18:02 ` [PATCH 18/18] ath11k: Drop multicast fragments Johannes Berg
2021-05-17 18:54 ` [PATCH 00/18] mac80211/driver security fixes Ben Greear

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e417165a0f952b030a195dde4979058f@codeaurora.org \
    --to=jjohnson@codeaurora.org \
    --cc=briannorris@chromium.org \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=wgong@codeaurora.org \
    --subject='Re: [PATCH 14/18] ath10k: drop MPDU which has discard flag set by firmware for SDIO' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
on how to clone and mirror all data and code used for this inbox