Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp5296486rwb; Wed, 9 Aug 2023 01:38:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFnASahrul5AGFrwg+ymw/O9QSeBXmhzfSiRy1wBgasDRQ995yb5sdLSrEd3vs/iL6Dag8H X-Received: by 2002:a05:6300:8089:b0:132:ef90:1d1d with SMTP id ap9-20020a056300808900b00132ef901d1dmr2326690pzc.0.1691570326971; Wed, 09 Aug 2023 01:38:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691570326; cv=none; d=google.com; s=arc-20160816; b=vncMYpaFGKoGnI9FbxjQtEnydZq5Rjz7nox9y7d987Mi5wlQmjtEjpxDPGm+Qmbe9f CkVm4Xgd6MX1JwFNUqkscjZ/b1Xy/D5CUXD3QFhOTVm881VlIed2HKbyhW8cx2T9y5N4 8bgc9+G6+p6p2iiUS+HXCParHamiICv+kkpqhHyc9UZ3IdDoSMQB0bVQaYLBeEKz4sOC vwnqYw1AacjNlrRY0HnWtNwa38AlIpoou1SpbmHDtuly+ZzXmPWls2IOGrk/F2XHYUp3 vhGqzb65BaDFeM+cOKk0L7jcWKSrBFkN83nQtXj98GOCGwxxdAliCyGrgAKEfZRfNXsK 04nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=skbwDMDqqr5VTm8bALGCL65/3FA3cP5JeYLwlqDvKek=; fh=239N9TPK33Qn7ha+Q0sQ3fNhJmIROSC7xWfxOgJDZ+k=; b=cEngL75iS+rt5wEyW7rnRKXitEWLE0zQaa9JA66MT//IJCrUxzlHRTM2ov2W8zHB8r eLfM371P3JG1SzjmFl73fX/cI6WtockuIDFkAjeHL4fzwuArLU7TBaF+AJzVwcF0iK9D 94RRH7Silj6J5uOn1DwmsboVmvAymPc3oC+wMq5nONZuxNcG/CgHoaeepQMavFNDVBx5 esl+ip1dHK54JVHo8hrikTSHnrL9m+HBco33nCTXqCK0HFnSRsKknKYl2MAKGIgoySfT jS7VaIdzDcZZUa/gnyC69eKm3hWVyfDthuZ4ovxJ+KRdsQNS1yRt8zxTbiowUUv30awS 7YTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=UDASSuek; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s2-20020a056a0008c200b0068288aaf240si8980078pfu.212.2023.08.09.01.38.39; Wed, 09 Aug 2023 01:38:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=UDASSuek; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229984AbjHIIRX (ORCPT + 56 others); Wed, 9 Aug 2023 04:17:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229459AbjHIIRW (ORCPT ); Wed, 9 Aug 2023 04:17:22 -0400 Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7366110F6 for ; Wed, 9 Aug 2023 01:17:21 -0700 (PDT) Received: from pps.filterd (m0279870.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3795EQfS002770; Wed, 9 Aug 2023 08:17:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=skbwDMDqqr5VTm8bALGCL65/3FA3cP5JeYLwlqDvKek=; b=UDASSuekBPq1h1k3fmLJPG0YFuKDFjgpiWl0Wn8l0nq8xx1R7dzocj1ffKA2dzxBPHeF GVEIFkhRpSxAdoR4PCPUbfp1yPyPgjdINOIZsFtKaVRuAEut2+EEGtLiQx/GEuAVU0N7 saoHTYbqJ82AEg4VCRGQ510vZJAS3Zh5zS47Dz6YqIu1iSouJ9gjyMQVI6CbxDZf3eTm TWp17BnZbqteC7frB7oKcosNzhd+SVfpRJr6Mk2bSGbgzB66mRibZJBS71JJrRYkIyty dr3OFqC8d2NemQzlKEM0pnYQBLZG9L3mZFyksCqggIgx9zDlJwgK1NemvtqUfUqOXSp5 4g== Received: from nalasppmta04.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3sbp17j4w7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Aug 2023 08:17:15 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 3798HELa000654 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 9 Aug 2023 08:17:14 GMT Received: from wgong-HP3-Z230-SFF-Workstation.qca.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Wed, 9 Aug 2023 01:17:13 -0700 From: Wen Gong To: CC: , Subject: [PATCH v2] wifi: ath12k: add check max message length while scanning with extraie Date: Wed, 9 Aug 2023 04:16:57 -0400 Message-ID: <20230809081657.13858-1-quic_wgong@quicinc.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: KijvAQ0kwBQaqVmTRufge_tCGO2kwhBx X-Proofpoint-GUID: KijvAQ0kwBQaqVmTRufge_tCGO2kwhBx X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-09_06,2023-08-08_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 malwarescore=0 mlxlogscore=947 priorityscore=1501 lowpriorityscore=0 bulkscore=0 spamscore=0 mlxscore=0 adultscore=0 suspectscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2308090072 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Currently the extraie length is directly used to allocate skb buffer. When the length of skb is greater than the max message length which firmware supports, error will happen in firmware side. Hence add check for the skb length and drop extraie when overflow and print a message. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Signed-off-by: Wen Gong --- v2: seperate to another patch per johannes. drivers/net/wireless/ath/ath12k/wmi.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index 9ed33e2d6da0..e964d6003ea9 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -2240,12 +2240,6 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar, if (arg->num_bssid) len += sizeof(*bssid) * arg->num_bssid; - len += TLV_HDR_SIZE; - if (arg->extraie.len) - extraie_len_with_pad = - roundup(arg->extraie.len, sizeof(u32)); - len += extraie_len_with_pad; - if (arg->num_hint_bssid) len += TLV_HDR_SIZE + arg->num_hint_bssid * sizeof(*hint_bssid); @@ -2254,6 +2248,18 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar, len += TLV_HDR_SIZE + arg->num_hint_s_ssid * sizeof(*s_ssid); + len += TLV_HDR_SIZE; + if (arg->extraie.len) + extraie_len_with_pad = + roundup(arg->extraie.len, sizeof(u32)); + if (extraie_len_with_pad <= (wmi->wmi_ab->max_msg_len[ar->pdev_idx] - len)) { + len += extraie_len_with_pad; + } else { + ath12k_warn(ar->ab, "discard large size %d bytes extraie for scan start\n", + arg->extraie.len); + extraie_len_with_pad = 0; + } + skb = ath12k_wmi_alloc_skb(wmi->wmi_ab, len); if (!skb) return -ENOMEM; @@ -2343,7 +2349,7 @@ int ath12k_wmi_send_scan_start_cmd(struct ath12k *ar, tlv->header = ath12k_wmi_tlv_hdr(WMI_TAG_ARRAY_BYTE, len); ptr += TLV_HDR_SIZE; - if (arg->extraie.len) + if (extraie_len_with_pad) memcpy(ptr, arg->extraie.ptr, arg->extraie.len); base-commit: 3f257461ab0ab19806bae2bfde4c3cd88dbf050e -- 2.40.1