From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg KH <gregkh@linuxfoundation.org>,
Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>,
"John W. Linville" <linville@tuxdriver.com>
Subject: [ 25/46] ath9k: fix decrypt_error initialization in ath_rx_tasklet()
Date: Wed, 12 Sep 2012 16:39:15 -0700 [thread overview]
Message-ID: <20120912233820.294509042@linuxfoundation.org> (raw)
In-Reply-To: <20120912233817.662663809@linuxfoundation.org>
From: Greg KH <gregkh@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
commit e1352fde5682ab1bdd2a9e5d75c22d1fe210ef77 upstream.
ath_rx_tasklet() calls ath9k_rx_skb_preprocess() and ath9k_rx_skb_postprocess()
in a loop over the received frames. The decrypt_error flag is
initialized to false
just outside ath_rx_tasklet() loop. ath9k_rx_accept(), called by
ath9k_rx_skb_preprocess(),
only sets decrypt_error to true and never to false.
Then ath_rx_tasklet() calls ath9k_rx_skb_postprocess() and passes
decrypt_error to it.
So, after a decryption error, in ath9k_rx_skb_postprocess(), we can
have a leftover value
from another processed frame. In that case, the frame will not be marked with
RX_FLAG_DECRYPTED even if it is decrypted correctly.
When using CCMP encryption this issue can lead to connection stuck
because of CCMP
PN corruption and a waste of CPU time since mac80211 tries to decrypt an already
deciphered frame with ieee80211_aes_ccm_decrypt.
Fix the issue initializing decrypt_error flag at the begging of the
ath_rx_tasklet() loop.
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/recv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -1697,7 +1697,6 @@ int ath_rx_tasklet(struct ath_softc *sc,
struct ieee80211_hw *hw = sc->hw;
struct ieee80211_hdr *hdr;
int retval;
- bool decrypt_error = false;
struct ath_rx_status rs;
enum ath9k_rx_qtype qtype;
bool edma = !!(ah->caps.hw_caps & ATH9K_HW_CAP_EDMA);
@@ -1719,6 +1718,7 @@ int ath_rx_tasklet(struct ath_softc *sc,
tsf_lower = tsf & 0xffffffff;
do {
+ bool decrypt_error = false;
/* If handling rx interrupt and flush is in progress => exit */
if ((sc->sc_flags & SC_OP_RXFLUSH) && (flush == 0))
break;
next prev parent reply other threads:[~2012-09-12 23:53 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 23:38 [ 00/46] 3.0.43-stable review Greg Kroah-Hartman
2012-09-12 23:38 ` [ 01/46] USB: vt6656: remove __devinit* from the struct usb_device_id table Greg Kroah-Hartman
2012-09-12 23:38 ` [ 02/46] USB: emi62: " Greg Kroah-Hartman
2012-09-12 23:38 ` [ 03/46] ALSA: hda - fix Copyright debug message Greg Kroah-Hartman
2012-09-12 23:38 ` [ 04/46] ARM: 7487/1: mm: avoid setting nG bit for user mappings that arent present Greg Kroah-Hartman
2012-09-12 23:38 ` [ 05/46] ARM: 7488/1: mm: use 5 bits for swapfile type encoding Greg Kroah-Hartman
2012-09-12 23:38 ` [ 06/46] ARM: 7489/1: errata: fix workaround for erratum #720789 on UP systems Greg Kroah-Hartman
2012-09-12 23:38 ` [ 07/46] ARM: S3C24XX: Fix s3c2410_dma_enqueue parameters Greg Kroah-Hartman
2012-09-12 23:38 ` [ 08/46] ARM: imx: select CPU_FREQ_TABLE when needed Greg Kroah-Hartman
2012-09-12 23:38 ` [ 09/46] ASoC: wm9712: Fix microphone source selection Greg Kroah-Hartman
2012-09-12 23:39 ` [ 10/46] vfs: missed source of ->f_pos races Greg Kroah-Hartman
2012-09-12 23:39 ` [ 11/46] vfs: canonicalize create mode in build_open_flags() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 12/46] alpha: Dont export SOCK_NONBLOCK to user space Greg Kroah-Hartman
2012-09-12 23:39 ` [ 13/46] USB: winbond: remove __devinit* from the struct usb_device_id table Greg Kroah-Hartman
2012-09-12 23:39 ` [ 14/46] mm: hugetlbfs: correctly populate shared pmd Greg Kroah-Hartman
2012-09-12 23:39 ` [ 15/46] NFSv3: Ensure that do_proc_get_root() reports errors correctly Greg Kroah-Hartman
2012-09-12 23:39 ` [ 16/46] NFSv4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done Greg Kroah-Hartman
2012-09-16 16:33 ` Ben Hutchings
2012-09-16 16:37 ` Greg Kroah-Hartman
2012-09-17 13:05 ` Myklebust, Trond
2012-09-19 9:49 ` Boaz Harrosh
2012-09-12 23:39 ` [ 17/46] NFS: Alias the nfs module to nfs4 Greg Kroah-Hartman
2012-09-12 23:39 ` [ 18/46] audit: dont free_chunk() after fsnotify_add_mark() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 19/46] audit: fix refcounting in audit-tree Greg Kroah-Hartman
2012-09-12 23:39 ` [ 20/46] svcrpc: fix BUG() in svc_tcp_clear_pages Greg Kroah-Hartman
2012-09-12 23:39 ` [ 21/46] svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping Greg Kroah-Hartman
2012-09-12 23:39 ` [ 22/46] svcrpc: sends on closed socket should stop immediately Greg Kroah-Hartman
2012-09-12 23:39 ` [ 23/46] cciss: fix incorrect scsi status reporting Greg Kroah-Hartman
2012-09-12 23:39 ` [ 24/46] ACPI: export symbol acpi_get_table_with_size Greg Kroah-Hartman
2012-09-15 0:22 ` Ben Hutchings
2012-09-15 3:13 ` Greg Kroah-Hartman
2012-09-12 23:39 ` Greg Kroah-Hartman [this message]
2012-09-12 23:39 ` [ 26/46] PCI: EHCI: Fix crash during hibernation on ASUS computers Greg Kroah-Hartman
2012-09-12 23:39 ` [ 27/46] block: replace __getblk_slow misfix by grow_dev_page fix Greg Kroah-Hartman
2012-09-12 23:39 ` [ 28/46] USB: spca506: remove __devinit* from the struct usb_device_id table Greg Kroah-Hartman
2012-09-12 23:39 ` [ 29/46] USB: p54usb: " Greg Kroah-Hartman
2012-09-12 23:39 ` [ 30/46] USB: rtl8187: " Greg Kroah-Hartman
2012-09-12 23:39 ` [ 31/46] USB: smsusb: " Greg Kroah-Hartman
2012-09-12 23:39 ` [ 32/46] USB: CDC ACM: Fix NULL pointer dereference Greg Kroah-Hartman
2012-09-12 23:39 ` [ 33/46] powerpc: Fix DSCR inheritance in copy_thread() Greg Kroah-Hartman
2012-09-12 23:39 ` [ 34/46] powerpc: Restore correct DSCR in context switch Greg Kroah-Hartman
2012-09-12 23:39 ` [ 35/46] Remove user-triggerable BUG from mpol_to_str Greg Kroah-Hartman
2012-09-12 23:39 ` [ 36/46] SCSI: megaraid_sas: Move poll_aen_lock initializer Greg Kroah-Hartman
2012-09-12 23:39 ` [ 37/46] SCSI: mpt2sas: Fix for Driver oops, when loading driver with max_queue_depth command line option to a very small value Greg Kroah-Hartman
2012-09-12 23:39 ` [ 38/46] SCSI: Fix Device not ready issue on mpt2sas Greg Kroah-Hartman
2012-09-12 23:39 ` [ 39/46] udf: Fix data corruption for files in ICB Greg Kroah-Hartman
2012-09-12 23:39 ` [ 40/46] ext3: Fix fdatasync() for files with only i_size changes Greg Kroah-Hartman
2012-09-12 23:39 ` [ 41/46] fuse: fix retrieve length Greg Kroah-Hartman
2012-09-12 23:39 ` [ 42/46] Input: i8042 - add Gigabyte T1005 series netbooks to noloop table Greg Kroah-Hartman
2012-09-12 23:39 ` [ 43/46] drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot Greg Kroah-Hartman
2012-09-12 23:39 ` [ 44/46] PARISC: Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts Greg Kroah-Hartman
2012-09-12 23:39 ` [ 45/46] dccp: check ccid before dereferencing Greg Kroah-Hartman
2012-09-12 23:39 ` [ 46/46] hwmon: (asus_atk0110) Add quirk for Asus M5A78L Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120912233820.294509042@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=lorenzo.bianconi83@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.