From: Fabio Aiuto <fabioaiuto83@gmail.com>
To: gregkh@linuxfoundation.org
Cc: linux-staging@lists.linux.dev, linux-kernel@vger.kernel.org,
kernel test robot <lkp@intel.com>
Subject: [PATCH] staging: rtl8723bs: moved contexts for arc4 encryption in struct security_priv
Date: Fri, 21 May 2021 16:41:58 +0200 [thread overview]
Message-ID: <20210521144158.2440-1-fabioaiuto83@gmail.com> (raw)
moved struct arc4_ctx in struct security_priv to avoid stack allocation
inside encryption routines.
this has been done to fix the following 0-DAY issues:
>> drivers/staging/rtl8723bs/core/rtw_security.c:89:6: warning:
stack frame size of 1120 bytes in function 'rtw_wep_encrypt'
[-Wframe-$
void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
^
>> drivers/staging/rtl8723bs/core/rtw_security.c:145:6:
warning: stack frame size of 1088 bytes in function 'rtw_wep_decrypt'
[-Wframe$
void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
^
>> drivers/staging/rtl8723bs/core/rtw_security.c:514:5:
warning: stack frame size of 1136 bytes in function 'rtw_tkip_encrypt'
[-Wfram$
u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
^
>> drivers/staging/rtl8723bs/core/rtw_security.c:586:5:
warning: stack frame size of 1104 bytes in function 'rtw_tkip_decrypt'
[-Wfram$
u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
^
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Fabio Aiuto <fabioaiuto83@gmail.com>
---
drivers/staging/rtl8723bs/core/rtw_security.c | 41 +++++++++----------
.../staging/rtl8723bs/include/rtw_security.h | 3 ++
2 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_security.c b/drivers/staging/rtl8723bs/core/rtw_security.c
index 5ff8926c1865..a99f439328f1 100644
--- a/drivers/staging/rtl8723bs/core/rtw_security.c
+++ b/drivers/staging/rtl8723bs/core/rtw_security.c
@@ -8,7 +8,6 @@
#include <drv_types.h>
#include <rtw_debug.h>
#include <crypto/aes.h>
-#include <crypto/arc4.h>
static const char * const _security_type_str[] = {
"N/A",
@@ -38,7 +37,6 @@ void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
{ /* exclude ICV */
unsigned char crc[4];
- struct arc4_ctx mycontext;
signed int curfragnum, length;
u32 keylength;
@@ -49,6 +47,7 @@ void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
struct security_priv *psecuritypriv = &padapter->securitypriv;
struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
+ struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
return;
@@ -72,16 +71,16 @@ void rtw_wep_encrypt(struct adapter *padapter, u8 *pxmitframe)
*((__le32 *)crc) = ~crc32_le(~0, payload, length);
- arc4_setkey(&mycontext, wepkey, 3 + keylength);
- arc4_crypt(&mycontext, payload, payload, length);
- arc4_crypt(&mycontext, payload + length, crc, 4);
+ arc4_setkey(ctx, wepkey, 3 + keylength);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc, 4);
} else {
length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
*((__le32 *)crc) = ~crc32_le(~0, payload, length);
- arc4_setkey(&mycontext, wepkey, 3 + keylength);
- arc4_crypt(&mycontext, payload, payload, length);
- arc4_crypt(&mycontext, payload + length, crc, 4);
+ arc4_setkey(ctx, wepkey, 3 + keylength);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc, 4);
pframe += pxmitpriv->frag_len;
pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
@@ -94,13 +93,13 @@ void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
{
/* exclude ICV */
u8 crc[4];
- struct arc4_ctx mycontext;
signed int length;
u32 keylength;
u8 *pframe, *payload, *iv, wepkey[16];
u8 keyindex;
struct rx_pkt_attrib *prxattrib = &(((union recv_frame *)precvframe)->u.hdr.attrib);
struct security_priv *psecuritypriv = &padapter->securitypriv;
+ struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
@@ -118,8 +117,8 @@ void rtw_wep_decrypt(struct adapter *padapter, u8 *precvframe)
payload = pframe+prxattrib->iv_len+prxattrib->hdrlen;
/* decrypt payload include icv */
- arc4_setkey(&mycontext, wepkey, 3 + keylength);
- arc4_crypt(&mycontext, payload, payload, length);
+ arc4_setkey(ctx, wepkey, 3 + keylength);
+ arc4_crypt(ctx, payload, payload, length);
/* calculate icv and compare the icv */
*((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4));
@@ -467,7 +466,6 @@ u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
u8 ttkey[16];
u8 crc[4];
u8 hw_hdr_offset = 0;
- struct arc4_ctx mycontext;
signed int curfragnum, length;
u8 *pframe, *payload, *iv, *prwskey;
@@ -475,6 +473,7 @@ u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
struct pkt_attrib *pattrib = &((struct xmit_frame *)pxmitframe)->attrib;
struct security_priv *psecuritypriv = &padapter->securitypriv;
struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
+ struct arc4_ctx *ctx = &psecuritypriv->xmit_arc4_ctx;
u32 res = _SUCCESS;
if (((struct xmit_frame *)pxmitframe)->buf_addr == NULL)
@@ -509,17 +508,17 @@ u32 rtw_tkip_encrypt(struct adapter *padapter, u8 *pxmitframe)
length = pattrib->last_txcmdsz-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
*((__le32 *)crc) = ~crc32_le(~0, payload, length);
- arc4_setkey(&mycontext, rc4key, 16);
- arc4_crypt(&mycontext, payload, payload, length);
- arc4_crypt(&mycontext, payload + length, crc, 4);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc, 4);
} else {
length = pxmitpriv->frag_len-pattrib->hdrlen-pattrib->iv_len-pattrib->icv_len;
*((__le32 *)crc) = ~crc32_le(~0, payload, length);
- arc4_setkey(&mycontext, rc4key, 16);
- arc4_crypt(&mycontext, payload, payload, length);
- arc4_crypt(&mycontext, payload + length, crc, 4);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
+ arc4_crypt(ctx, payload + length, crc, 4);
pframe += pxmitpriv->frag_len;
pframe = (u8 *)round_up((SIZE_PTR)(pframe), 4);
@@ -539,7 +538,6 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
u8 rc4key[16];
u8 ttkey[16];
u8 crc[4];
- struct arc4_ctx mycontext;
signed int length;
u8 *pframe, *payload, *iv, *prwskey;
@@ -547,6 +545,7 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
struct sta_info *stainfo;
struct rx_pkt_attrib *prxattrib = &((union recv_frame *)precvframe)->u.hdr.attrib;
struct security_priv *psecuritypriv = &padapter->securitypriv;
+ struct arc4_ctx *ctx = &psecuritypriv->recv_arc4_ctx;
u32 res = _SUCCESS;
pframe = (unsigned char *)((union recv_frame *)precvframe)->u.hdr.rx_data;
@@ -616,8 +615,8 @@ u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe)
/* 4 decrypt payload include icv */
- arc4_setkey(&mycontext, rc4key, 16);
- arc4_crypt(&mycontext, payload, payload, length);
+ arc4_setkey(ctx, rc4key, 16);
+ arc4_crypt(ctx, payload, payload, length);
*((u32 *)crc) = le32_to_cpu(~crc32_le(~0, payload, length - 4));
diff --git a/drivers/staging/rtl8723bs/include/rtw_security.h b/drivers/staging/rtl8723bs/include/rtw_security.h
index 83b711c5df0b..a68b73858462 100644
--- a/drivers/staging/rtl8723bs/include/rtw_security.h
+++ b/drivers/staging/rtl8723bs/include/rtw_security.h
@@ -7,6 +7,7 @@
#ifndef __RTW_SECURITY_H_
#define __RTW_SECURITY_H_
+#include <crypto/arc4.h>
#define _NO_PRIVACY_ 0x0
#define _WEP40_ 0x1
@@ -127,6 +128,8 @@ struct security_priv {
u8 wps_ie[MAX_WPS_IE_LEN];/* added in assoc req */
int wps_ie_len;
+ struct arc4_ctx xmit_arc4_ctx;
+ struct arc4_ctx recv_arc4_ctx;
u8 binstallGrpkey;
u8 binstallBIPkey;
--
2.20.1
reply other threads:[~2021-05-21 14:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210521144158.2440-1-fabioaiuto83@gmail.com \
--to=fabioaiuto83@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=lkp@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.