From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Janusz Dziedzic <janusz.dziedzic@tieto.com>,
Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 3.14 46/64] mac80211: move WEP tailroom size check
Date: Wed, 3 Jun 2015 20:43:14 +0900 [thread overview]
Message-ID: <20150603063930.460437230@linuxfoundation.org> (raw)
In-Reply-To: <20150603063928.472620468@linuxfoundation.org>
3.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Janusz Dziedzic <janusz.dziedzic@tieto.com>
commit 47b4e1fc4972cc43a19121bc2608a60aef3bf216 upstream.
Remove checking tailroom when adding IV as it uses only
headroom, and move the check to the ICV generation that
actually needs the tailroom.
In other case I hit such warning and datapath don't work,
when testing:
- IBSS + WEP
- ath9k with hw crypt enabled
- IPv6 data (ping6)
WARNING: CPU: 3 PID: 13301 at net/mac80211/wep.c:102 ieee80211_wep_add_iv+0x129/0x190 [mac80211]()
[...]
Call Trace:
[<ffffffff817bf491>] dump_stack+0x45/0x57
[<ffffffff8107746a>] warn_slowpath_common+0x8a/0xc0
[<ffffffff8107755a>] warn_slowpath_null+0x1a/0x20
[<ffffffffc09ae109>] ieee80211_wep_add_iv+0x129/0x190 [mac80211]
[<ffffffffc09ae7ab>] ieee80211_crypto_wep_encrypt+0x6b/0xd0 [mac80211]
[<ffffffffc09d3fb1>] invoke_tx_handlers+0xc51/0xf30 [mac80211]
[...]
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/wep.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -98,8 +98,7 @@ static u8 *ieee80211_wep_add_iv(struct i
hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
- if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN ||
- skb_headroom(skb) < IEEE80211_WEP_IV_LEN))
+ if (WARN_ON(skb_headroom(skb) < IEEE80211_WEP_IV_LEN))
return NULL;
hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -169,6 +168,9 @@ int ieee80211_wep_encrypt(struct ieee802
size_t len;
u8 rc4key[3 + WLAN_KEY_LEN_WEP104];
+ if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN))
+ return -1;
+
iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx);
if (!iv)
return -1;
next prev parent reply other threads:[~2015-06-03 12:11 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-03 11:42 [PATCH 3.14 00/64] 3.14.44-stable review Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 01/64] staging: wlags49_h2: fix extern inline functions Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 02/64] staging, rtl8192e, LLVMLinux: Change extern inline to static inline Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 03/64] staging: rtl8712, rtl8712: avoid lots of build warnings Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 04/64] staging, rtl8192e, LLVMLinux: Remove unused inline prototype Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 05/64] kernel: use the gnu89 standard explicitly Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 06/64] qla2xxx: remove redundant declaration in qla_gbl.h Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 07/64] KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 08/64] net: socket: Fix the wrong returns for recvmsg and sendmsg Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 09/64] fs, omfs: add NULL terminator in the end up the token list Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 10/64] xfs: xfs_iozero can return positive errno Greg Kroah-Hartman
2015-06-03 13:15 ` Luis Henriques
2015-06-03 11:42 ` [PATCH 3.14 11/64] lguest: fix out-by-one error in address checking Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 12/64] libceph: request a new osdmap if lingering request maps to no osd Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 13/64] xen/events: dont bind non-percpu VIRQs with percpu chip Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 14/64] hwmon: (ntc_thermistor) Ensure iio channel is of type IIO_VOLTAGE Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 15/64] hwmon: (nct6775) Add missing sysfs attribute initialization Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 16/64] lib: Fix strnlen_user() to not touch memory after specified maximum Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 17/64] d_walk() might skip too much Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 18/64] ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724 Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 19/64] ALSA: hda - Add headphone quirk for Lifebook E752 Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 21/64] ASoC: mc13783: Fix wrong mask value used in mc13xxx_reg_rmw() calls Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 22/64] ASoC: uda1380: Avoid accessing i2c bus when codec is disabled Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 23/64] ASoC: wm8960: fix "RINPUT3" audio route error Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 24/64] ASoC: wm8994: correct BCLK DIV 348 to 384 Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 26/64] target/pscsi: Dont leak scsi_host if hba is VIRTUAL_HOST Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 27/64] xhci: fix isoc endpoint dequeue from advancing too far on transaction error Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 28/64] xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 29/64] xhci: gracefully handle xhci_irq dead device Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 30/64] USB: visor: Match I330 phone more precisely Greg Kroah-Hartman
2015-06-03 11:42 ` [PATCH 3.14 31/64] USB: pl2303: Remove support for Samsung I330 Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 32/64] USB: cp210x: add ID for KCF Technologies PRN device Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 33/64] usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 34/64] usb: gadget: configfs: Fix interfaces array NULL-termination Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 35/64] powerpc: Align TOC to 256 bytes Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 36/64] mmc: atmel-mci: fix bad variable type for clkdiv Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 37/64] tty/n_gsm.c: fix a memory leak when gsmtty is removed Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 38/64] ext4: fix NULL pointer dereference when journal restart fails Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 39/64] ext4: check for zero length extent explicitly Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 40/64] jbd2: fix r_count overflows leading to buffer overflow in journal recovery Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 41/64] libata: Add helper to determine when PHY events should be ignored Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 42/64] libata: Ignore spurious PHY event on LPM policy change Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 43/64] rt2x00: add new rt2800usb device DWA 130 Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 44/64] gpio: gpio-kempld: Fix get_direction return value Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 45/64] crypto: s390/ghash - Fix incorrect ghash icv buffer handling Greg Kroah-Hartman
2015-06-03 11:43 ` Greg Kroah-Hartman [this message]
2015-06-03 11:43 ` [PATCH 3.14 48/64] ARM: fix missing syscall trace exit Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 49/64] tools/vm: fix page-flags build Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 50/64] mm, numa: really disable NUMA balancing by default on single node machines Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 51/64] svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 52/64] thermal: step_wise: Revert optimization Greg Kroah-Hartman
2015-06-12 11:58 ` Luis Henriques
2015-06-03 11:43 ` [PATCH 3.14 53/64] md/raid5: dont record new size if resize_stripes fails Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 54/64] md/raid0: fix restore to sector variable in raid0_make_request Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 55/64] rtlwifi: rtl8192cu: Fix kernel deadlock Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 56/64] Input: elantech - fix semi-mt protocol for v3 HW Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 57/64] storvsc: Set the SRB flags correctly when no data transfer is needed Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 58/64] sd: Disable support for 256 byte/sector disks Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 59/64] ACPI / init: Fix the ordering of acpi_reserve_resources() Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 60/64] drm/radeon: add new bonaire pci id Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 63/64] vfs: read file_handle only once in handle_to_path Greg Kroah-Hartman
2015-06-03 11:43 ` [PATCH 3.14 64/64] fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings Greg Kroah-Hartman
2015-06-03 16:52 ` [PATCH 3.14 00/64] 3.14.44-stable review Shuah Khan
2015-06-03 18:15 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150603063930.460437230@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=janusz.dziedzic@tieto.com \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).