Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10439682ybi; Wed, 24 Jul 2019 23:14:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqy7JrbgCXBzyVXeYNssEAgpUCXC9Ju7EhMao2F2Y0JBCEfcLr+pXlfpNSR04U3+xNWA+GYN X-Received: by 2002:a17:90a:a008:: with SMTP id q8mr92098993pjp.114.1564035289609; Wed, 24 Jul 2019 23:14:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564035289; cv=none; d=google.com; s=arc-20160816; b=xJ7TuCs3RXT8h2ZRrQ5GEOVow6q3hgQ9cknCYVvgmrq+y4ilx3KCZSI0F36t2YY96G JnatvwdVGsDrRap/s6BG8/1TrDUEzGFVMDsh/IIPskUlrcp1GWzvT0c3K3sKgDGWo8B6 rjK+Db1SpD1OlRCJBUIxW5qTcEoP4lQsj7NrYamN3SX86tia0/TQO2aRrcPi/IoRMJ/X UzqHvUHJb6BQkI6mI4I0HV4nvT2tieCcDMyd97Nj2CTQc6/f3C8jqM8mYM8Od2GdokpZ zLJHBz3m9AJwWGwvZf/rQfoJL8ofosVoFqWoV8qw244I8HS4jJqLOKXBbmJFi8OvzCdv hmeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=T196Qh9WaO7fxUekFHkYU+8GESE8NsyEHzrPRj+0kl8=; b=Ay9gK/ZWfKGMVvWiGncEEl2MaJdgJP+3ysIBsB9cuAe/1F5OC4t4uGrEqaLrUgx8j7 jwS7eEKZBPDwI/DtVyaFgZm5OWMvFNK4augR5c2sWn9jmoK4xVik8XPT/gYdlJThmkUb DuZ+eAAdrgzycvhvdnCWN5y8V3vbf7G/XrHIzgbb1QwT0vVxd7Yak2HNqYUQ0FdX7YSN Xu/G1wnvlNEVLQUaz1xf9/tZAKvbzXJfOQs3KhYslN1BwN8iSTiFDfE+3lJLpXeZH5b6 JwmlsfHzwiWuTyhVOJQ+nM7zC+k/U1FOwOsR+hUIGY3zD4GVphaDLnpCB5lGW99hq5Oj hlOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SwwzbMlY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c8si17996605pfo.42.2019.07.24.23.14.34; Wed, 24 Jul 2019 23:14:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=SwwzbMlY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404359AbfGYFkX (ORCPT + 99 others); Thu, 25 Jul 2019 01:40:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:54824 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404341AbfGYFkU (ORCPT ); Thu, 25 Jul 2019 01:40:20 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 40CBA22BEF; Thu, 25 Jul 2019 05:40:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564033219; bh=sRjNnaSbB/ercgTaCTUQ2HMIydaVS1kizeSRouQ8XS0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SwwzbMlYPq1Pu4h1/z4U8qO1tDB5kRVqcpZW526txme3n8YuBw8pAB3yUCRX80heL jN/NMFGSStHie7wtWkJnGmT79yI+kYZqoy77catfSCOEkOWRzlts/TT0EKYXrZMmHm IsotgEzqsMAdhvbKx4wTKUE8J5GVLbIe5+nlM+Ns= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrei Otcheretianski , Luca Coelho , Sasha Levin Subject: [PATCH 4.19 134/271] iwlwifi: mvm: Drop large non sta frames Date: Wed, 24 Jul 2019 21:20:03 +0200 Message-Id: <20190724191706.707848147@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191655.268628197@linuxfoundation.org> References: <20190724191655.268628197@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit ac70499ee97231a418dc1a4d6c9dc102e8f64631 ] In some buggy scenarios we could possible attempt to transmit frames larger than maximum MSDU size. Since our devices don't know how to handle this, it may result in asserts, hangs etc. This can happen, for example, when we receive a large multicast frame and try to transmit it back to the air in AP mode. Since in a legal scenario this should never happen, drop such frames and warn about it. Signed-off-by: Andrei Otcheretianski Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c index 2d21f0a1fa00..ffae299c3492 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c @@ -641,6 +641,9 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb) memcpy(&info, skb->cb, sizeof(info)); + if (WARN_ON_ONCE(skb->len > IEEE80211_MAX_DATA_LEN + hdrlen)) + return -1; + if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU)) return -1; -- 2.20.1