mac80211: move WEP tailroom size check · tjh.dev/kernel@47b4e1f

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

mac80211: move WEP tailroom size check

Remove checking tailroom when adding IV as it uses only
headroom, and move the check to the ICV generation that
actually needs the tailroom.

In other case I hit such warning and datapath don't work,
when testing:
- IBSS + WEP
- ath9k with hw crypt enabled
- IPv6 data (ping6)

WARNING: CPU: 3 PID: 13301 at net/mac80211/wep.c:102 ieee80211_wep_add_iv+0x129/0x190 [mac80211]()
[...]
Call Trace:
[<ffffffff817bf491>] dump_stack+0x45/0x57
[<ffffffff8107746a>] warn_slowpath_common+0x8a/0xc0
[<ffffffff8107755a>] warn_slowpath_null+0x1a/0x20
[<ffffffffc09ae109>] ieee80211_wep_add_iv+0x129/0x190 [mac80211]
[<ffffffffc09ae7ab>] ieee80211_crypto_wep_encrypt+0x6b/0xd0 [mac80211]
[<ffffffffc09d3fb1>] invoke_tx_handlers+0xc51/0xf30 [mac80211]
[...]

Cc: stable@vger.kernel.org
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

authored by

Janusz Dziedzic and committed by

Johannes Berg 11 years ago 47b4e1fc ff419b3f

+4 -2

1 changed file

expand all

net

mac80211

wep.c

+4 -2

net/mac80211/wep.c

··· 98 98 99 99 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 100 100 101 - if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN || 102 - skb_headroom(skb) < IEEE80211_WEP_IV_LEN)) 101 + if (WARN_ON(skb_headroom(skb) < IEEE80211_WEP_IV_LEN)) 103 102 return NULL; 104 103 105 104 hdrlen = ieee80211_hdrlen(hdr->frame_control); ··· 165 166 u8 *iv; 166 167 size_t len; 167 168 u8 rc4key[3 + WLAN_KEY_LEN_WEP104]; 169 + 170 + if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN)) 171 + return -1; 168 172 169 173 iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx); 170 174 if (!iv)