Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3577837pxb; Mon, 24 Jan 2022 12:39:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJyGv/IzG2n4lm6+gHp9kTL6KsBjhHajmnF9DeJdbRsyFmSbIdiOn08AZFRMQDT7gA+mA0Jz X-Received: by 2002:a17:903:2049:b0:14b:61:b19e with SMTP id q9-20020a170903204900b0014b0061b19emr15622918pla.20.1643056779150; Mon, 24 Jan 2022 12:39:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643056779; cv=none; d=google.com; s=arc-20160816; b=DMRds7WUtqTdTfag6P/lmdhZgsPwZ9sCqTqveMslvGplJh7Huoz/kjtQ39scy8SJ8p JxguWC7Z+zwOYMSkSF3qYGhejoVGZkzt6zYjBhFiyMj6ny051bqRftZ2uYvKTxU2PtYP wtcU+UiVEcmkgVPrP0XL9N6097o9PROBmH5HO4Bez3aw7eU7KuX+MOysL0ETsd5IulNd tKlVXMiJhSd7flo+J3iCZDQvq0FMtOrqSzb6uCc8aC3tzinKQTpTRatoAy/Z+J/xkuL7 kxLRokaktNYAfPutlD1W9XRVSQP2y0JROKEczfVKs1dBDGqPLe8XF9vtIXPb0pvWLXH2 eagg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=8Kx1GLi8DHoZfbu7lPZIxpBE01h5tHL47Rne5FyyOGA=; b=GHUaJ+cSxa/iYJhPiSrNIerfjjlzc/Ffx3IZY3C9sza+1spieu4n9vsQqc64zQOzFH rr3qWVhj6WFwuc021K08z+h1MTn/qMmMJzEnmfZ3foHkJrqitxKrwMxB/3ZNgtZ32hnn +nCj3VNdi9vKKbp1gfZOMZXxCr/mpAWDOepQ+jHSlu07REl2vcPdWByMbCd54aAMccxX Yu2/qXKJPMCRKKn3FAjv0PB05coVahThRkRWv4nGaFBBjBud8AXCwDEpdWShWJY7lKt5 +n969J47kRp12+UvmQAwmp4/M2pJDWwDrYXjJA3sdlC8iIqdVDOPVPixV4s4k/tmc0kI lzVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=A9Uj6CFT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f196si3091581pfa.266.2022.01.24.12.39.23; Mon, 24 Jan 2022 12:39:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=A9Uj6CFT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358626AbiAXTzc (ORCPT + 99 others); Mon, 24 Jan 2022 14:55:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54242 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349082AbiAXTlA (ORCPT ); Mon, 24 Jan 2022 14:41:00 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76CDAC07A96C; Mon, 24 Jan 2022 11:20:06 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 3EBA3B81215; Mon, 24 Jan 2022 19:20:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 58DDFC340E5; Mon, 24 Jan 2022 19:20:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643052004; bh=1Qg4OYv91lGRhtfStxqbwAGY3ECUEntVoppTLd+0S4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=A9Uj6CFTTfXzpr6fdOM4jkksHmxEN7CzXaaBNvuTXoq8rhbtiZJctfW/iAuWWflIz ch3ScCfMPiJoTOZqvLM451Qflm9X1Yb2eYJhFlejTXNKZNXF/mNPJI4u+Ji8GVOoAq LXUbIyRBGvGe9U/0YJmFT6IxVj7AlO/2ckjYZJqc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ilan Peer , Luca Coelho , Sasha Levin Subject: [PATCH 4.19 157/239] iwlwifi: mvm: Fix calculation of frame length Date: Mon, 24 Jan 2022 19:43:15 +0100 Message-Id: <20220124183948.089617963@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124183943.102762895@linuxfoundation.org> References: <20220124183943.102762895@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ilan Peer [ Upstream commit 40a0b38d7a7f91a6027287e0df54f5f547e8d27e ] The RADA might include in the Rx frame the MIC and CRC bytes. These bytes should be removed for non monitor interfaces and should not be passed to mac80211. Fix the Rx processing to remove the extra bytes on non monitor cases. Signed-off-by: Ilan Peer Signed-off-by: Luca Coelho Link: https://lore.kernel.org/r/iwlwifi.20211219121514.098be12c801e.I1d81733d8a75b84c3b20eb6e0d14ab3405ca6a86@changeid Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c index 77e3694536421..9a4848d69e9e1 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c @@ -151,12 +151,39 @@ static int iwl_mvm_create_skb(struct iwl_mvm *mvm, struct sk_buff *skb, struct iwl_rx_mpdu_desc *desc = (void *)pkt->data; unsigned int headlen, fraglen, pad_len = 0; unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control); + u8 mic_crc_len = u8_get_bits(desc->mac_flags1, + IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK) << 1; if (desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) { len -= 2; pad_len = 2; } + /* + * For non monitor interface strip the bytes the RADA might not have + * removed. As monitor interface cannot exist with other interfaces + * this removal is safe. + */ + if (mic_crc_len && !ieee80211_hw_check(mvm->hw, RX_INCLUDES_FCS)) { + u32 pkt_flags = le32_to_cpu(pkt->len_n_flags); + + /* + * If RADA was not enabled then decryption was not performed so + * the MIC cannot be removed. + */ + if (!(pkt_flags & FH_RSCSR_RADA_EN)) { + if (WARN_ON(crypt_len > mic_crc_len)) + return -EINVAL; + + mic_crc_len -= crypt_len; + } + + if (WARN_ON(mic_crc_len > len)) + return -EINVAL; + + len -= mic_crc_len; + } + /* If frame is small enough to fit in skb->head, pull it completely. * If not, only pull ieee80211_hdr (including crypto if present, and * an additional 8 bytes for SNAP/ethertype, see below) so that -- 2.34.1