[PATCH 09/20] iwlwifi: mvm: Drop large non sta frames

Linux wireless drivers development
 help / color / mirror / Atom feed

From: Luca Coelho <luca@coelho.fi>
To: kvalo@codeaurora.org
Cc: linux-wireless@vger.kernel.org,
	Andrei Otcheretianski <andrei.otcheretianski@intel.com>,
	Luca Coelho <luciano.coelho@intel.com>
Subject: [PATCH 09/20] iwlwifi: mvm: Drop large non sta frames
Date: Fri, 28 Jun 2019 12:19:57 +0300	[thread overview]
Message-ID: <20190628092008.11049-10-luca@coelho.fi> (raw)
In-Reply-To: <20190628092008.11049-1-luca@coelho.fi>

From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

In some buggy scenarios we could possible attempt to transmit frames larger
than maximum MSDU size. Since our devices don't know how to handle this,
it may result in asserts, hangs etc.
This can happen, for example, when we receive a large multicast frame
and try to transmit it back to the air in AP mode.
Since in a legal scenario this should never happen, drop such frames and
warn about it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
index 16f7458e2e81..a3e5d88f1c07 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
@@ -726,6 +726,9 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb)
 
 	memcpy(&info, skb->cb, sizeof(info));
 
+	if (WARN_ON_ONCE(skb->len > IEEE80211_MAX_DATA_LEN + hdrlen))
+		return -1;
+
 	if (WARN_ON_ONCE(info.flags & IEEE80211_TX_CTL_AMPDU))
 		return -1;
 
-- 
2.20.1

next prev parent reply	other threads:[~2019-06-28  9:20 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-28  9:19 [PATCH 00/20] iwlwifi: updates intended for v5.3 2019-06-28 Luca Coelho
2019-06-28  9:19 ` [PATCH 01/20] iwlwifi: lib: Use struct_size() helper Luca Coelho
2019-06-28  9:19 ` [PATCH 02/20] iwlwifi: d3: " Luca Coelho
2019-06-28  9:19 ` [PATCH 03/20] iwlwifi: remove some unnecessary NULL checks Luca Coelho
2019-06-28  9:19 ` [PATCH 04/20] iwlwifi: mvm: correctly fill the ac array in the iwl_mac_ctx_cmd Luca Coelho
2019-06-28  9:19 ` [PATCH 05/20] iwlwifi: mvm: convert to FW AC when configuring MU EDCA Luca Coelho
2019-06-28  9:19 ` [PATCH 06/20] iwlwifi: fix module init error paths Luca Coelho
2019-06-28  9:19 ` [PATCH 07/20] iwlwifi: Add support for SAR South Korea limitation Luca Coelho
2019-06-28  9:19 ` [PATCH 08/20] iwlwifi: mvm: Add log information about SAR status Luca Coelho
2019-09-30 12:06   ` Matteo Croce
2019-09-30 12:12     ` Luca Coelho
2019-06-28  9:19 ` Luca Coelho [this message]
2019-06-28  9:19 ` [PATCH 10/20] iwlwifi: pcie: increase the size of PCI dumps Luca Coelho
2019-06-28  9:19 ` [PATCH 11/20] iwlwifi: dbg: fix debug monitor stop and restart delays Luca Coelho
2019-06-28  9:20 ` [PATCH 12/20] iwlwifi: dbg_ini: enforce apply point early on buffer allocation tlv Luca Coelho
2019-06-28  9:20 ` [PATCH 13/20] iwlwifi: dbg_ini: remove redundant checking of ini mode Luca Coelho
2019-06-28  9:20 ` [PATCH 14/20] iwlwifi: dbg: move trans debug fields to a separate struct Luca Coelho
2019-06-28  9:20 ` [PATCH 15/20] iwlwifi: support FSEQ TLV even when FMAC is not compiled Luca Coelho
2019-06-28  9:20 ` [PATCH 16/20] iwlwifi: mvm: make the usage of TWT configurable Luca Coelho
2019-06-28  9:20 ` [PATCH 17/20] iwlwifi: dbg_ini: fix debug monitor stop and restart in ini mode Luca Coelho
2019-06-28  9:20 ` [PATCH 18/20] iwlwifi: dbg: don't stop dbg recording before entering D3 from 9000 devices Luca Coelho
2019-06-28  9:20 ` [PATCH 19/20] iwlwifi: dbg: debug recording stop and restart command remove Luca Coelho
2019-06-28  9:20 ` [PATCH 20/20] iwlwifi: mvm: remove MAC_FILTER_IN_11AX for AP mode Luca Coelho

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:16f7458e2e8 dfblob:a3e5d88f1c0 )
 OR (
bs:"[PATCH 09/20] iwlwifi: mvm: Drop large non sta frames" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190628092008.11049-10-luca@coelho.fi \
    --to=luca@coelho.fi \
    --cc=andrei.otcheretianski@intel.com \
    --cc=kvalo@codeaurora.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=luciano.coelho@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox