Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3784034ybi; Mon, 29 Jul 2019 12:33:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqxyKSwrp5LJCBqfUogWjhKLMasx0Su9I2Zi7NX6MEUQsKka0FUqV4fBUrCwZzEZxAXMnaPq X-Received: by 2002:a17:902:846:: with SMTP id 64mr111821198plk.265.1564428802133; Mon, 29 Jul 2019 12:33:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564428802; cv=none; d=google.com; s=arc-20160816; b=VjgLcxzMf8weD2VeqTOiN8mNdvOfOEI3Urhizgb9WI99uCw0z+/gL2og8fxrTYfj2s 7H/6aqog81jEPI+2AFtIM89ojj9v5heWfkaNKvi3m6LvQGhhkWsgFCp2rhsc0rY/aQXW bVryO5sOAyy6xMAl9OVR1NpVENGv1X61NqjN1h3NcH70G5nDxeO1AfAX2btScymLTBT+ 5WuPlUdYwDNqPJC9fs0Wg+hNOtU4MNfNv5YqpcEtc3HaxIqvJe1vpPYArIVnHfjjBKlQ x/tH3cNC50E5F2TYZuCRGxZcud838C8WrYg9bxnydQt4Ojl75Qjkkb4vC/ntbXPdTSDl mSJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=p46xXDlHFZY34B8cstO+AcWkwBHNQF/nlNoTADjQsbU=; b=t0hqJBA5b9PQzwwix664ptmc55VtXQiTCWp2IIMoj/yn+pQAO6Uj8V2WSDbKKTjF/Y xDRV4BXC8J7pNvHqAWVWKqo1oku4BNR3eeVWH68TaBU2XHpmcQsw11C/BFUiHH3bFqJ8 If9UlIosptbQZBc9Tsm/H9xbapHyUb0JoYIUfhPYCWR63T4hUOwb4yz++RS00R7ovELO UtYnfBJtOKwLUmZVywzZW+rXbPyyo/Je55L6zcRNR3XKrdToScS4tr0JsCyKulPCrp/L LMwTHhjCnZZPW5SSRZkd/EJQMIdTVRRtTzxb/OO1/MWM5OPWydGF6O2QXC/A93LIU0ux VM2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JDYpuB5m; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l3si27081438pju.85.2019.07.29.12.33.07; Mon, 29 Jul 2019 12:33:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JDYpuB5m; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387642AbfG2T2R (ORCPT + 99 others); Mon, 29 Jul 2019 15:28:17 -0400 Received: from mail.kernel.org ([198.145.29.99]:40914 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727241AbfG2T2M (ORCPT ); Mon, 29 Jul 2019 15:28:12 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3E4E621773; Mon, 29 Jul 2019 19:28:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564428491; bh=BSZPvpOMtHf9X+S8zBNMYSxLNZ1dYPWKShwaiIJ/B50=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JDYpuB5mHzPOIBzFliGI2g7FGkYgpYmNH/HcP5d+MGdZ2kezEiByDpMgPlYRBAA/D RV0YFxVyTUPDQ08vP0LNQdBXJQO8cQ271qJWcycgoUtOhYEj41UHfyRvpykitzExo1 oEUyNHk6LOvJNHjfQhj5uYHjdmWop/jtXEgHhaj8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrei Otcheretianski , Luca Coelho , Sasha Levin Subject: [PATCH 4.14 092/293] iwlwifi: mvm: Drop large non sta frames Date: Mon, 29 Jul 2019 21:19:43 +0200 Message-Id: <20190729190831.657269062@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190729190820.321094988@linuxfoundation.org> References: <20190729190820.321094988@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit ac70499ee97231a418dc1a4d6c9dc102e8f64631 ] In some buggy scenarios we could possible attempt to transmit frames larger than maximum MSDU size. Since our devices don't know how to handle this, it may result in asserts, hangs etc. This can happen, for example, when we receive a large multicast frame and try to transmit it back to the air in AP mode. Since in a legal scenario this should never happen, drop such frames and warn about it. Signed-off-by: Andrei Otcheretianski Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c index 62a6e293cf12..f0f2be432d20 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c @@ -621,6 +621,9 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb) memcpy(&info, skb->cb, sizeof(info)); + if (WARN_ON_ONCE(skb->len > IEEE80211_MAX_DATA_LEN + hdrlen)) + return -1; + if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU)) return -1; -- 2.20.1