Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3623730pxb;
        Mon, 24 Jan 2022 13:46:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzpGYF7h2ZObYKQZ4eyWKc/A/3HVWQNlhDYRLaAVXuuKOJc8asc+sEEHt8OUBd3FoztEhEX
X-Received: by 2002:a17:90a:178f:: with SMTP id q15mr290062pja.129.1643060785151;
        Mon, 24 Jan 2022 13:46:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643060785; cv=none;
        d=google.com; s=arc-20160816;
        b=mWVpiEVWAe1IXMnMhI43bt9RvJPASeHKgbeK9SFNNb654eju24EaSLrpGVXxWoyJBs
         6iye56yImJCVrum8G1xsUVe3dIfsvY/xr91NWcJe3A2LMn73esf3PMlmG1FQZZoJINuA
         BLUmqbU5PENHA+4tkOPUQj7CKa70zcWpPFo5IOtaYDT9Iwoqlqd839T97LS8hUjKpsmJ
         MwVFrkrqCA6QTeyNLxLzimd9WGEwWmqr0TUuoRV/8Ge5v6HhqgLnuOGTbPudh63E9Oij
         ln2lE/P1YRyo/1io0llufIaqLaqVPV5PAprqmdwXjK7IuVfBN1g6XcHmznAw+PdraaRE
         dJVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=5db5bYZ+gcD6nOchcDDZgp3u4i4r2EIz4AvktRXPc80=;
        b=iwTap4DKRFhp0B/665Mao5mbfoGsM/jOKw1Td7Mrl+9DN7cwfWgT2pIyqJOKMePPHM
         AWnsxKqpgl4+W8cSdBBArL2mSRL4TVm4ibdMr0nMBB4brFdElBZOKqRTRvdAVVhKeTG2
         trifm37V+C6Z1MRg0i6M5fePIepVHR7Ljf5azMVlZ2A+UhjM45IlzqbEczIGmFwwmAPl
         zn/MdDwQ4ybzv+3nRjZAN+i02YqhujowbHnaG1Zgr0oNPrVEuvGpiMSKTjFLsEPG36Jb
         pflzgQHD0qyh/ueMzqReqpAIedPEAXeBiGCW33yYCiEsHoQnRUjpOAc0lAE4nBwILohM
         vyLA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=A5CcKB8h;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f23si10605393pfn.377.2022.01.24.13.46.13;
        Mon, 24 Jan 2022 13:46:25 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=A5CcKB8h;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1451396AbiAXVWu (ORCPT <rfc822;troverman@gmail.com> + 99 others);
        Mon, 24 Jan 2022 16:22:50 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45168 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1442670AbiAXUzE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jan 2022 15:55:04 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0240AC047CE5;
        Mon, 24 Jan 2022 12:00:02 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 9ECC6B81218;
        Mon, 24 Jan 2022 20:00:01 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B44C9C340E5;
        Mon, 24 Jan 2022 19:59:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1643054400;
        bh=sDAo1XnIxCI4a6omn15xDtLahALW8/Pua+mmxRBmHWo=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=A5CcKB8hTvaBfwx4Xo4Qk+4E+Z6SurcG42hoPzA6WS18o39zqv96Klwdr/iUa66Hj
         bc/9y7wRrCElb1QEwTKpsNDF/eKp02pTcAA9i4bzFdLi5twCOl9oJdtnBbmeyMt5e1
         G3B0nq6HpYbWOw0p/Uw+Ruw7F+ishBm0hO4Wl94U=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Ilan Peer <ilan.peer@intel.com>,
        Luca Coelho <luciano.coelho@intel.com>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 377/563] iwlwifi: mvm: Fix calculation of frame length
Date:   Mon, 24 Jan 2022 19:42:22 +0100
Message-Id: <20220124184037.466685641@linuxfoundation.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220124184024.407936072@linuxfoundation.org>
References: <20220124184024.407936072@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ilan Peer <ilan.peer@intel.com>

[ Upstream commit 40a0b38d7a7f91a6027287e0df54f5f547e8d27e ]

The RADA might include in the Rx frame the MIC and CRC bytes.
These bytes should be removed for non monitor interfaces and
should not be passed to mac80211.

Fix the Rx processing to remove the extra bytes on non monitor
cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219121514.098be12c801e.I1d81733d8a75b84c3b20eb6e0d14ab3405ca6a86@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
index 838734fec5023..86b3fb321dfdd 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c
@@ -177,12 +177,39 @@ static int iwl_mvm_create_skb(struct iwl_mvm *mvm, struct sk_buff *skb,
 	struct iwl_rx_mpdu_desc *desc = (void *)pkt->data;
 	unsigned int headlen, fraglen, pad_len = 0;
 	unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control);
+	u8 mic_crc_len = u8_get_bits(desc->mac_flags1,
+				     IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK) << 1;
 
 	if (desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) {
 		len -= 2;
 		pad_len = 2;
 	}
 
+	/*
+	 * For non monitor interface strip the bytes the RADA might not have
+	 * removed. As monitor interface cannot exist with other interfaces
+	 * this removal is safe.
+	 */
+	if (mic_crc_len && !ieee80211_hw_check(mvm->hw, RX_INCLUDES_FCS)) {
+		u32 pkt_flags = le32_to_cpu(pkt->len_n_flags);
+
+		/*
+		 * If RADA was not enabled then decryption was not performed so
+		 * the MIC cannot be removed.
+		 */
+		if (!(pkt_flags & FH_RSCSR_RADA_EN)) {
+			if (WARN_ON(crypt_len > mic_crc_len))
+				return -EINVAL;
+
+			mic_crc_len -= crypt_len;
+		}
+
+		if (WARN_ON(mic_crc_len > len))
+			return -EINVAL;
+
+		len -= mic_crc_len;
+	}
+
 	/* If frame is small enough to fit in skb->head, pull it completely.
 	 * If not, only pull ieee80211_hdr (including crypto if present, and
 	 * an additional 8 bytes for SNAP/ethertype, see below) so that
-- 
2.34.1