From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Felix Fietkau <nbd@nbd.name>,
Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.14 15/35] mac80211: ensure that mgmt tx skbs have tailroom for encryption
Date: Wed, 13 Feb 2019 19:38:10 +0100 [thread overview]
Message-ID: <20190213183706.873434419@linuxfoundation.org> (raw)
In-Reply-To: <20190213183706.176685027@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
commit 9d0f50b80222dc273e67e4e14410fcfa4130a90c upstream.
Some drivers use IEEE80211_KEY_FLAG_SW_MGMT_TX to indicate that management
frames need to be software encrypted. Since normal data packets are still
encrypted by the hardware, crypto_tx_tailroom_needed_cnt gets decremented
after key upload to hw. This can lead to passing skbs to ccmp_encrypt_skb,
which don't have the necessary tailroom for software encryption.
Change the code to add tailroom for encrypted management packets, even if
crypto_tx_tailroom_needed_cnt is 0.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/tx.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1856,9 +1856,16 @@ static int ieee80211_skb_resize(struct i
int head_need, bool may_encrypt)
{
struct ieee80211_local *local = sdata->local;
+ struct ieee80211_hdr *hdr;
+ bool enc_tailroom;
int tail_need = 0;
- if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) {
+ hdr = (struct ieee80211_hdr *) skb->data;
+ enc_tailroom = may_encrypt &&
+ (sdata->crypto_tx_tailroom_needed_cnt ||
+ ieee80211_is_mgmt(hdr->frame_control));
+
+ if (enc_tailroom) {
tail_need = IEEE80211_ENCRYPT_TAILROOM;
tail_need -= skb_tailroom(skb);
tail_need = max_t(int, tail_need, 0);
@@ -1866,8 +1873,7 @@ static int ieee80211_skb_resize(struct i
if (skb_cloned(skb) &&
(!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
- !skb_clone_writable(skb, ETH_HLEN) ||
- (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt)))
+ !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
else if (head_need || tail_need)
I802_DEBUG_INC(local->tx_expand_skb_head);
next prev parent reply other threads:[~2019-02-13 18:55 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-13 18:37 [PATCH 4.14 00/35] 4.14.100-stable review Greg Kroah-Hartman
2019-02-13 18:37 ` [PATCH 4.14 01/35] mtd: rawnand: gpmi: fix MX28 bus master lockup problem Greg Kroah-Hartman
2019-02-13 18:37 ` [PATCH 4.14 02/35] iio: adc: axp288: Fix TS-pin handling Greg Kroah-Hartman
2019-02-13 18:37 ` [PATCH 4.14 03/35] iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius Greg Kroah-Hartman
2019-02-13 18:37 ` [PATCH 4.14 04/35] signal: Always notice exiting tasks Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 05/35] signal: Better detection of synchronous signals Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 06/35] misc: vexpress: Off by one in vexpress_syscfg_exec() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 07/35] samples: mei: use /dev/mei0 instead of /dev/mei Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 08/35] debugfs: fix debugfs_rename parameter checking Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 09/35] tracing: uprobes: Fix typo in pr_fmt string Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 10/35] mips: cm: reprime error cause Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 11/35] MIPS: OCTEON: dont set octeon_dma_bar_type if PCI is disabled Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 12/35] MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 13/35] ARM: iop32x/n2100: fix PCI IRQ mapping Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 14/35] ARM: tango: Improve ARCH_MULTIPLATFORM compatibility Greg Kroah-Hartman
2019-02-13 18:38 ` Greg Kroah-Hartman [this message]
2019-02-13 18:38 ` [PATCH 4.14 16/35] drm/modes: Prevent division by zero htotal Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 17/35] drm/vmwgfx: Fix setting of dma masks Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 18/35] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 19/35] HID: debug: fix the ring buffer implementation Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 20/35] Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 21/35] libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 22/35] xfrm: refine validation of template and selector families Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 23/35] batman-adv: Avoid WARN on net_device without parent in netns Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 24/35] batman-adv: Force mac header to start of data on xmit Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 25/35] perf tests attr: Fix task term values Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 26/35] perf tests attr: Fix group stat tests Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 27/35] perf tests attr: Make hw events optional Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 28/35] uio: Reduce return paths from uio_write() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 29/35] uio: Prevent device destruction while fds are open Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 30/35] uio: use request_threaded_irq instead Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 31/35] uio: change to use the mutex lock instead of the spin lock Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 32/35] uio: fix crash after the device is unregistered Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 33/35] uio: fix wrong return value from uio_mmap() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 34/35] uio: fix possible circular locking dependency Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.14 35/35] Revert "uio: use request_threaded_irq instead" Greg Kroah-Hartman
2019-02-14 10:06 ` [PATCH 4.14 00/35] 4.14.100-stable review Jon Hunter
2019-02-14 10:11 ` Greg Kroah-Hartman
2019-02-14 16:42 ` Dan Rue
2019-02-14 19:17 ` Guenter Roeck
2019-02-14 22:21 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213183706.873434419@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nbd@nbd.name \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).