Return-path: Received: from mx0b-0016f401.pphosted.com ([67.231.156.173]:25660 "EHLO mx0b-0016f401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751884AbaLQIck convert rfc822-to-8bit (ORCPT ); Wed, 17 Dec 2014 03:32:40 -0500 From: Avinash Patil To: Martin Fuzzey CC: "John W. Linville" , "linux-wireless@vger.kernel.org" , Amitkumar Karwar Date: Wed, 17 Dec 2014 00:29:49 -0800 Subject: RE: [REGRESSION] mwifiex: memory corruption on WEP disassociation Message-ID: (sfid-20141217_093243_269125_24A50C42) References: <546B5E82.7000207@parkeon.com>,<20141118184241.GD13458@tuxdriver.com> ,<546C57AF.1040700@parkeon.com> ,<546CAE45.6090201@parkeon.com> In-Reply-To: <546CAE45.6090201@parkeon.com> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: Hi Martin, Issue has been tracked down and it was discovered that with key material v1 API FW, action delete is not supported. WEP encryption in such cases is disabled by resetting bit in mac_filter which happens in the same function. Patch has been posted to linux-wireless list; here is link for your reference: https://patchwork.kernel.org/patch/5505651/ I have added your "reported-by". Thanks, Avinash ________________________________________ From: Martin Fuzzey [mfuzzey@parkeon.com] Sent: Wednesday, November 19, 2014 8:20 PM To: Avinash Patil Cc: John W. Linville; linux-wireless@vger.kernel.org; Amitkumar Karwar Subject: Re: [REGRESSION] mwifiex: memory corruption on WEP disassociation Hi Avinash, On 19/11/14 09:44, Avinash Patil wrote: > Could you please check if issue is seen with this FW as well? > Here is link: > http://git.marvell.com/?p=mwifiex-firmware.git;a=commit;h=3f45b8c4cc1eb1d102bc3486b19677332dd215ab Tried that firmware (14.66.35.p52) with kernel 3.16, same issue. It still uses V1 keys. I also tried kernel 3.18-rc5 (with the original 14.66.9.p96 firmware) and, while it didn't crash, some logs I added showed that a short (10 byte) response was still being handed to mwifiex_ret_802_11_key_material_v1(). It didn't crash because I was "lucky" enough that the non initialized key length field happened to contain zero. Regards, Martin