From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Felix Fietkau <nbd@nbd.name>,
Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.19 30/44] mac80211: ensure that mgmt tx skbs have tailroom for encryption
Date: Wed, 13 Feb 2019 19:38:31 +0100 [thread overview]
Message-ID: <20190213183654.316203382@linuxfoundation.org> (raw)
In-Reply-To: <20190213183651.648060257@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
commit 9d0f50b80222dc273e67e4e14410fcfa4130a90c upstream.
Some drivers use IEEE80211_KEY_FLAG_SW_MGMT_TX to indicate that management
frames need to be software encrypted. Since normal data packets are still
encrypted by the hardware, crypto_tx_tailroom_needed_cnt gets decremented
after key upload to hw. This can lead to passing skbs to ccmp_encrypt_skb,
which don't have the necessary tailroom for software encryption.
Change the code to add tailroom for encrypted management packets, even if
crypto_tx_tailroom_needed_cnt is 0.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/tx.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1913,9 +1913,16 @@ static int ieee80211_skb_resize(struct i
int head_need, bool may_encrypt)
{
struct ieee80211_local *local = sdata->local;
+ struct ieee80211_hdr *hdr;
+ bool enc_tailroom;
int tail_need = 0;
- if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) {
+ hdr = (struct ieee80211_hdr *) skb->data;
+ enc_tailroom = may_encrypt &&
+ (sdata->crypto_tx_tailroom_needed_cnt ||
+ ieee80211_is_mgmt(hdr->frame_control));
+
+ if (enc_tailroom) {
tail_need = IEEE80211_ENCRYPT_TAILROOM;
tail_need -= skb_tailroom(skb);
tail_need = max_t(int, tail_need, 0);
@@ -1923,8 +1930,7 @@ static int ieee80211_skb_resize(struct i
if (skb_cloned(skb) &&
(!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
- !skb_clone_writable(skb, ETH_HLEN) ||
- (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt)))
+ !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
else if (head_need || tail_need)
I802_DEBUG_INC(local->tx_expand_skb_head);
next prev parent reply other threads:[~2019-02-13 18:51 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-13 18:38 [PATCH 4.19 00/44] 4.19.22-stable review Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 01/44] mtd: Make sure mtd->erasesize is valid even if the partition is of size 0 Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 02/44] mtd: spinand: Handle the case where PROGRAM LOAD does not reset the cache Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 03/44] mtd: spinand: Fix the error/cleanup path in spinand_init() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 04/44] mtd: rawnand: gpmi: fix MX28 bus master lockup problem Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 05/44] libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 06/44] tools: iio: iio_generic_buffer: make num_loops signed Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 07/44] iio: adc: axp288: Fix TS-pin handling Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 08/44] iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 09/44] iio: ti-ads8688: Update buffer allocation for timestamps Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 10/44] signal: Always notice exiting tasks Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 11/44] signal: Better detection of synchronous signals Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 12/44] misc: vexpress: Off by one in vexpress_syscfg_exec() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 13/44] mei: me: add ice lake point device id Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 14/44] samples: mei: use /dev/mei0 instead of /dev/mei Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 15/44] debugfs: fix debugfs_rename parameter checking Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 16/44] pinctrl: sunxi: Correct number of IRQ banks on H6 main pin controller Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 17/44] pinctrl: cherryview: fix Strago DMI workaround Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 18/44] tracing: uprobes: Fix typo in pr_fmt string Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 19/44] mips: cm: reprime error cause Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 20/44] MIPS: OCTEON: dont set octeon_dma_bar_type if PCI is disabled Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 21/44] MIPS: VDSO: Use same -m%-float cflag as the kernel proper Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 22/44] mips: loongson64: remove unreachable(), fix loongson_poweroff() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 23/44] MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 24/44] ARM: iop32x/n2100: fix PCI IRQ mapping Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 25/44] ARM: tango: Improve ARCH_MULTIPLATFORM compatibility Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 26/44] ARM: dts: da850: fix interrupt numbers for clocksource Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 27/44] firmware: arm_scmi: provide the mandatory device release callback Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 28/44] powerpc/radix: Fix kernel crash with mremap() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 29/44] mic: vop: Fix use-after-free on remove Greg Kroah-Hartman
2019-02-13 18:38 ` Greg Kroah-Hartman [this message]
2019-02-13 18:38 ` [PATCH 4.19 31/44] drm/modes: Prevent division by zero htotal Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 32/44] drm/amd/powerplay: Fix missing break in switch Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 33/44] drm/i915: always return something on DDI clock selection Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 34/44] drm/vmwgfx: Fix setting of dma masks Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 35/44] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 36/44] [STABLE PATCH] SUNRPC: Always drop the XPRT_LOCK on XPRT_CLOSE_WAIT Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 37/44] xfrm: Make set-mark default behavior backward compatible Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 38/44] Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 39/44] libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 40/44] xfrm: refine validation of template and selector families Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 41/44] batman-adv: Avoid WARN on net_device without parent in netns Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 42/44] batman-adv: Force mac header to start of data on xmit Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 43/44] svcrdma: Reduce max_send_sges Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 44/44] svcrdma: Remove max_sge check at connect time Greg Kroah-Hartman
2019-02-14 16:46 ` [PATCH 4.19 00/44] 4.19.22-stable review Dan Rue
2019-02-14 19:17 ` Guenter Roeck
2019-02-14 22:23 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213183654.316203382@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nbd@nbd.name \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).