Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3579220pxb;
        Mon, 24 Jan 2022 12:41:42 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzzTpEu6vEAh2ZoF26s82suJK91Hi8WyqeL7I24nPYyZzFZR+c1ra1WzgnANlgOZTBw8rUW
X-Received: by 2002:a17:902:8498:b0:14a:1b37:9f2b with SMTP id c24-20020a170902849800b0014a1b379f2bmr16558594plo.85.1643056902005;
        Mon, 24 Jan 2022 12:41:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643056902; cv=none;
        d=google.com; s=arc-20160816;
        b=puieCXuWXWWu2FIxM0KlAxM7kojhcM+G9gwqj695AOpTb7Q6nvRxonReTAnLNR14vZ
         wem54vIQAItWJ398MpsXJxt0df5+Jt/1hO2pyrWVnWdBiiOj2YA5bSz3ffFn59dYkAzo
         aU/i8W76L9fJMygXt0tYup5Mkv2mCTkb6mVnJgWe+2RWEAnymeu0M5p/KPxaSMzHI/fH
         blEnJz/kdMAqJdip2x7xn4sBv59+e09X+1s6SDl1tzlByFvbvQAiXnGTY0fv8ByXHirq
         y+7z+nQh2ksAydT3Eo/GF6WKSH153F5E95121rflezYhJkBPwBswK6Oy7LWjh4HiDWlh
         Iz4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=yKJoMFtE9qu4g+H2z2E6kS2W3xb5Gi41r1DPY9aUek0=;
        b=aOwwjga38VqA9MgAqRelvT9pekuZo6mq47QMFiUYYruyJsTWECyQqnyf4ecy0yTPn0
         Xnh9a0bYQOCa13p19Zw+No1Rv6WoEbpjNDRtiCsCR0hUSchrOx9cP06tHf6Fy8y2j62g
         vHKuc9NxNHSupdine57adEKWUvHlUnDsrREm32YGJJut4RSmpwue10hr6JmjKY4XTR7u
         Y23VwVOBWdvT40NgmLcL8rqlH/H1HeEhChhq7rTBeHw4JMmjCDVNpzgGsO26MzpTB3Tt
         BfN5BsXYfFGKpbDBrspSnSrGbHoHtZwQRYxHeGBEoTjhxmWHTxZZnFYAA2yTfmNV0cd4
         IvAw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aJfdZet5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id o16si17895728pgu.129.2022.01.24.12.41.22;
        Mon, 24 Jan 2022 12:41:41 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aJfdZet5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1348412AbiAXT45 (ORCPT <rfc822;troverman@gmail.com> + 99 others);
        Mon, 24 Jan 2022 14:56:57 -0500
Received: from dfw.source.kernel.org ([139.178.84.217]:34480 "EHLO
        dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1354545AbiAXTgp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jan 2022 14:36:45 -0500
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 333F1614BB;
        Mon, 24 Jan 2022 19:36:45 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18618C340E5;
        Mon, 24 Jan 2022 19:36:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1643053004;
        bh=Wbkwr54W1ZE6NvANhIYMVi477GP/ssZByIQOh6Dkhg4=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=aJfdZet5sHr+sw9ivVm1NjheeRgxfkR3q+dcspb06QImEkIPYMWT4GnVlnUGlYt+6
         isLFE7sa+GrdBdVbFC6KZTmTEW/OAeiIXY+k+eRfmMdA+FUblVe06JfzhJsoYcq3PI
         TfQ4V2Do/pinxaCbKYQVPfG9CZpESr3H3AGGbF7g=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ilan Peer <ilan.peer@intel.com>,
        Luca Coelho <luciano.coelho@intel.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 201/320] iwlwifi: mvm: Fix calculation of frame length
Date:   Mon, 24 Jan 2022 19:43:05 +0100
Message-Id: <20220124184000.477352922@linuxfoundation.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220124183953.750177707@linuxfoundation.org>
References: <20220124183953.750177707@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ilan Peer <ilan.peer@intel.com>

[ Upstream commit 40a0b38d7a7f91a6027287e0df54f5f547e8d27e ]

The RADA might include in the Rx frame the MIC and CRC bytes.
These bytes should be removed for non monitor interfaces and
should not be passed to mac80211.

Fix the Rx processing to remove the extra bytes on non monitor
cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219121514.098be12c801e.I1d81733d8a75b84c3b20eb6e0d14ab3405ca6a86@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
index a6e2a30eb3109..52c6edc621ced 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -177,12 +177,39 @@ static int iwl_mvm_create_skb(struct iwl_mvm *mvm, struct sk_buff *skb,
 	struct iwl_rx_mpdu_desc *desc = (void *)pkt->data;
 	unsigned int headlen, fraglen, pad_len = 0;
 	unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
+	u8 mic_crc_len = u8_get_bits(desc->mac_flags1,
+				     IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK) << 1;
 
 	if (desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) {
 		len -= 2;
 		pad_len = 2;
 	}
 
+	/*
+	 * For non monitor interface strip the bytes the RADA might not have
+	 * removed. As monitor interface cannot exist with other interfaces
+	 * this removal is safe.
+	 */
+	if (mic_crc_len && !ieee80211_hw_check(mvm->hw, RX_INCLUDES_FCS)) {
+		u32 pkt_flags = le32_to_cpu(pkt->len_n_flags);
+
+		/*
+		 * If RADA was not enabled then decryption was not performed so
+		 * the MIC cannot be removed.
+		 */
+		if (!(pkt_flags & FH_RSCSR_RADA_EN)) {
+			if (WARN_ON(crypt_len > mic_crc_len))
+				return -EINVAL;
+
+			mic_crc_len -= crypt_len;
+		}
+
+		if (WARN_ON(mic_crc_len > len))
+			return -EINVAL;
+
+		len -= mic_crc_len;
+	}
+
 	/* If frame is small enough to fit in skb->head, pull it completely.
 	 * If not, only pull ieee80211_hdr (including crypto if present, and
 	 * an additional 8 bytes for SNAP/ethertype, see below) so that
-- 
2.34.1