From: Dan Williams <dcbw@redhat.com>
To: Doug Brown <doug@schmorgal.com>, Kalle Valo <kvalo@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>
Cc: libertas-dev@lists.infradead.org, linux-wireless@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH] wifi: libertas: return consistent length in lbs_add_wpa_tlv()
Date: Tue, 03 Jan 2023 11:47:09 -0600 [thread overview]
Message-ID: <657adc8e514d4486853ef90cdf97bd75f55b44fa.camel@redhat.com> (raw)
In-Reply-To: <20230102234714.169831-1-doug@schmorgal.com>
On Mon, 2023-01-02 at 15:47 -0800, Doug Brown wrote:
> The existing code only converts the first IE to a TLV, but it returns
> a
> value that takes the length of all IEs into account. When there is
> more
> than one IE (which happens with modern wpa_supplicant versions for
> example), the returned length is too long and extra junk TLVs get
> sent
> to the firmware, resulting in an association failure.
>
> Fix this by returning a length that only factors in the single IE
> that
> was converted. The firmware doesn't seem to support the additional
> IEs,
> so there is no value in trying to convert them to additional TLVs.
>
> Fixes: e86dc1ca4676 ("Libertas: cfg80211 support")
> Signed-off-by: Doug Brown <doug@schmorgal.com>
> ---
> drivers/net/wireless/marvell/libertas/cfg.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/marvell/libertas/cfg.c
> b/drivers/net/wireless/marvell/libertas/cfg.c
> index 3e065cbb0af9..fcc5420ec7ea 100644
> --- a/drivers/net/wireless/marvell/libertas/cfg.c
> +++ b/drivers/net/wireless/marvell/libertas/cfg.c
> @@ -432,10 +432,9 @@ static int lbs_add_wpa_tlv(u8 *tlv, const u8
> *ie, u8 ie_len)
> *tlv++ = 0;
> tlv_len = *tlv++ = *ie++;
> *tlv++ = 0;
> - while (tlv_len--)
> - *tlv++ = *ie++;
> - /* the TLV is two bytes larger than the IE */
> - return ie_len + 2;
> + memcpy(tlv, ie, tlv_len);
> + /* the TLV has a four-byte header */
> + return tlv_len + 4;
Since you're removing ie_len usage in the function, you might as well
remove it from the function's arguments.
Can you also update the comments to say something like "only copy the
first IE into the command buffer".
Lastly, should you check the IE to make sure you're copying the WPA or
WMM IE that the firmware expects? What other IEs does
wpa_supplicant/cfg80211 add these days?
Dan
> }
>
> /*
next prev parent reply other threads:[~2023-01-03 17:48 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-02 23:47 [PATCH] wifi: libertas: return consistent length in lbs_add_wpa_tlv() Doug Brown
2023-01-03 17:47 ` Dan Williams [this message]
2023-01-04 1:13 ` Doug Brown
2023-01-04 14:47 ` Dan Williams
2023-01-05 6:43 ` Doug Brown
2023-01-05 14:24 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=657adc8e514d4486853ef90cdf97bd75f55b44fa.camel@redhat.com \
--to=dcbw@redhat.com \
--cc=davem@davemloft.net \
--cc=doug@schmorgal.com \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=kvalo@kernel.org \
--cc=libertas-dev@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).