Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3579220pxb; Mon, 24 Jan 2022 12:41:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJzzTpEu6vEAh2ZoF26s82suJK91Hi8WyqeL7I24nPYyZzFZR+c1ra1WzgnANlgOZTBw8rUW X-Received: by 2002:a17:902:8498:b0:14a:1b37:9f2b with SMTP id c24-20020a170902849800b0014a1b379f2bmr16558594plo.85.1643056902005; Mon, 24 Jan 2022 12:41:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643056902; cv=none; d=google.com; s=arc-20160816; b=puieCXuWXWWu2FIxM0KlAxM7kojhcM+G9gwqj695AOpTb7Q6nvRxonReTAnLNR14vZ wem54vIQAItWJ398MpsXJxt0df5+Jt/1hO2pyrWVnWdBiiOj2YA5bSz3ffFn59dYkAzo aU/i8W76L9fJMygXt0tYup5Mkv2mCTkb6mVnJgWe+2RWEAnymeu0M5p/KPxaSMzHI/fH blEnJz/kdMAqJdip2x7xn4sBv59+e09X+1s6SDl1tzlByFvbvQAiXnGTY0fv8ByXHirq y+7z+nQh2ksAydT3Eo/GF6WKSH153F5E95121rflezYhJkBPwBswK6Oy7LWjh4HiDWlh Iz4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=yKJoMFtE9qu4g+H2z2E6kS2W3xb5Gi41r1DPY9aUek0=; b=aOwwjga38VqA9MgAqRelvT9pekuZo6mq47QMFiUYYruyJsTWECyQqnyf4ecy0yTPn0 Xnh9a0bYQOCa13p19Zw+No1Rv6WoEbpjNDRtiCsCR0hUSchrOx9cP06tHf6Fy8y2j62g vHKuc9NxNHSupdine57adEKWUvHlUnDsrREm32YGJJut4RSmpwue10hr6JmjKY4XTR7u Y23VwVOBWdvT40NgmLcL8rqlH/H1HeEhChhq7rTBeHw4JMmjCDVNpzgGsO26MzpTB3Tt BfN5BsXYfFGKpbDBrspSnSrGbHoHtZwQRYxHeGBEoTjhxmWHTxZZnFYAA2yTfmNV0cd4 IvAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aJfdZet5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o16si17895728pgu.129.2022.01.24.12.41.22; Mon, 24 Jan 2022 12:41:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aJfdZet5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348412AbiAXT45 (ORCPT + 99 others); Mon, 24 Jan 2022 14:56:57 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:34480 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354545AbiAXTgp (ORCPT ); Mon, 24 Jan 2022 14:36:45 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 333F1614BB; Mon, 24 Jan 2022 19:36:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18618C340E5; Mon, 24 Jan 2022 19:36:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643053004; bh=Wbkwr54W1ZE6NvANhIYMVi477GP/ssZByIQOh6Dkhg4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aJfdZet5sHr+sw9ivVm1NjheeRgxfkR3q+dcspb06QImEkIPYMWT4GnVlnUGlYt+6 isLFE7sa+GrdBdVbFC6KZTmTEW/OAeiIXY+k+eRfmMdA+FUblVe06JfzhJsoYcq3PI TfQ4V2Do/pinxaCbKYQVPfG9CZpESr3H3AGGbF7g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ilan Peer , Luca Coelho , Sasha Levin Subject: [PATCH 5.4 201/320] iwlwifi: mvm: Fix calculation of frame length Date: Mon, 24 Jan 2022 19:43:05 +0100 Message-Id: <20220124184000.477352922@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124183953.750177707@linuxfoundation.org> References: <20220124183953.750177707@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ilan Peer [ Upstream commit 40a0b38d7a7f91a6027287e0df54f5f547e8d27e ] The RADA might include in the Rx frame the MIC and CRC bytes. These bytes should be removed for non monitor interfaces and should not be passed to mac80211. Fix the Rx processing to remove the extra bytes on non monitor cases. Signed-off-by: Ilan Peer Signed-off-by: Luca Coelho Link: https://lore.kernel.org/r/iwlwifi.20211219121514.098be12c801e.I1d81733d8a75b84c3b20eb6e0d14ab3405ca6a86@changeid Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c index a6e2a30eb3109..52c6edc621ced 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c @@ -177,12 +177,39 @@ static int iwl_mvm_create_skb(struct iwl_mvm *mvm, struct sk_buff *skb, struct iwl_rx_mpdu_desc *desc = (void *)pkt->data; unsigned int headlen, fraglen, pad_len = 0; unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control); + u8 mic_crc_len = u8_get_bits(desc->mac_flags1, + IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK) << 1; if (desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) { len -= 2; pad_len = 2; } + /* + * For non monitor interface strip the bytes the RADA might not have + * removed. As monitor interface cannot exist with other interfaces + * this removal is safe. + */ + if (mic_crc_len && !ieee80211_hw_check(mvm->hw, RX_INCLUDES_FCS)) { + u32 pkt_flags = le32_to_cpu(pkt->len_n_flags); + + /* + * If RADA was not enabled then decryption was not performed so + * the MIC cannot be removed. + */ + if (!(pkt_flags & FH_RSCSR_RADA_EN)) { + if (WARN_ON(crypt_len > mic_crc_len)) + return -EINVAL; + + mic_crc_len -= crypt_len; + } + + if (WARN_ON(mic_crc_len > len)) + return -EINVAL; + + len -= mic_crc_len; + } + /* If frame is small enough to fit in skb->head, pull it completely. * If not, only pull ieee80211_hdr (including crypto if present, and * an additional 8 bytes for SNAP/ethertype, see below) so that -- 2.34.1