Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9932959ybi; Wed, 24 Jul 2019 12:34:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqwnx0ZhakX3OhnZJbxKxzhjPl7M3LZNwDJfFrYxEB0zpxc8TzXx+RKV09zUd6U1P4HhrgvY X-Received: by 2002:a65:404d:: with SMTP id h13mr81110577pgp.71.1563996881088; Wed, 24 Jul 2019 12:34:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563996881; cv=none; d=google.com; s=arc-20160816; b=Z2BUtGq+fN/+DhxzvxPmz8EUvhTOZaMjwfkFbKV9roHKrIiRaKOZsJalKDGekGc9/+ 79139ECb2ul7/1NjhsVtL32VJHG8KFI+0GCtcBQq7oLdVNB8QA+ien/RZoIiAs1wb6Ru 7LuBVabyCwJaYSW6cPNR1+zNkzJs35AaqSfq1dSvZ6DMTtlbxulXp5pEOEfNvRA7Hpgq eQSMaAFmCRMJTtXrLxFPsyiauBS+XNE/mRGFrrGl+7GNC+NQcSmtflrsRXs5/U4u4Vrv YVsyizPWbwvTICKYPBkXShukhKxVJ9c4gKWdypQZbVUlOs2IDgLZeCYFKl/9pyaYTata Q44g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Tiwj3txD/LxZwHx7qoxRw8C0YkwpGfdKzfn0Vmxa1EU=; b=iui4WVeFDp13VGyeBF0UnDp1dMzh5UhEBXcwE5vl1jeWVpPU2iehPgXFiNJ5EsGoOR W1wOzmcbQf8YtzBMrI0H+p3aSylGu+0LcvhU3A6WGhs/493lF1TPc2n0zhDV8tdp1Ky9 57qKvvqblLUoQyNGAU9thJ1mHSRx4YSJ3phCrFkJnt8/d9F/duXGODinFEggCZ0xQlkN bXwhum54uwLxaWZ2yBErEX48tkOHTphtYNUUv3IgLTtdoNlakQ0Atw9A7yqVJC/+v8t8 Yl21GKp1JY07cV5oBLwY/ZbySOoO9HwH5ZrJn66vWieRXndOvx0sMLWjb7opj9mJHeWs MXnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VwO65DhV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w4si13131717ply.247.2019.07.24.12.34.26; Wed, 24 Jul 2019 12:34:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VwO65DhV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388665AbfGXTcb (ORCPT + 99 others); Wed, 24 Jul 2019 15:32:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:53876 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388370AbfGXTca (ORCPT ); Wed, 24 Jul 2019 15:32:30 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2445C22BE9; Wed, 24 Jul 2019 19:32:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563996749; bh=NkOFcZC2PgZUR4KhHo7KyRrdAihdcVMOUfRME/GuUuQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VwO65DhVIXh874ObWPlvZ7O+zK0HVNtMaF9SOXErwxBRtb7zje6k5ZgdRYfvscHAj asH5q3Ub+tBZXABcpK6i0qTGJ1zdb1Kcsb2P0n4aoWdm+oBQYEYAfjpRYZYe1BPY60 +fzGtnunZBMFYnl23DN6lA+fYQmYk6ax9+QskRRU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrei Otcheretianski , Luca Coelho , Sasha Levin Subject: [PATCH 5.2 202/413] iwlwifi: mvm: Drop large non sta frames Date: Wed, 24 Jul 2019 21:18:13 +0200 Message-Id: <20190724191748.998253290@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191735.096702571@linuxfoundation.org> References: <20190724191735.096702571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit ac70499ee97231a418dc1a4d6c9dc102e8f64631 ] In some buggy scenarios we could possible attempt to transmit frames larger than maximum MSDU size. Since our devices don't know how to handle this, it may result in asserts, hangs etc. This can happen, for example, when we receive a large multicast frame and try to transmit it back to the air in AP mode. Since in a legal scenario this should never happen, drop such frames and warn about it. Signed-off-by: Andrei Otcheretianski Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c index 0c2aabc842f9..96f8d38ea321 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c @@ -726,6 +726,9 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb) memcpy(&info, skb->cb, sizeof(info)); + if (WARN_ON_ONCE(skb->len > IEEE80211_MAX_DATA_LEN + hdrlen)) + return -1; + if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU)) return -1; -- 2.20.1