Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:48 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:24:10 +0100
commitf78a8ac32044f3a962c8e1260f0a48065ce85334 (patch)
treea849aad82222eae89c0c3c1cdc49925fc996e957
parent36b050f5dd4d08b55f2f425d7224a1e787a50ed2 (diff)
mac80211: ensure that mgmt tx skbs have tailroom for encryption
-rw-r--r--patches.kernel.org/4.20.9-036-mac80211-ensure-that-mgmt-tx-skbs-have-tailroo.patch63
-rw-r--r--series.conf1
2 files changed, 64 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.9-036-mac80211-ensure-that-mgmt-tx-skbs-have-tailroo.patch b/patches.kernel.org/4.20.9-036-mac80211-ensure-that-mgmt-tx-skbs-have-tailroo.patch
new file mode 100644
index 0000000000..e482c4f659
--- /dev/null
+++ b/patches.kernel.org/4.20.9-036-mac80211-ensure-that-mgmt-tx-skbs-have-tailroo.patch
@@ -0,0 +1,63 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 29 Jan 2019 11:10:57 +0100
+Subject: [PATCH] mac80211: ensure that mgmt tx skbs have tailroom for
+ encryption
+References: bnc#1012628
+Patch-mainline: 4.20.9
+Git-commit: 9d0f50b80222dc273e67e4e14410fcfa4130a90c
+
+commit 9d0f50b80222dc273e67e4e14410fcfa4130a90c upstream.
+
+Some drivers use IEEE80211_KEY_FLAG_SW_MGMT_TX to indicate that management
+frames need to be software encrypted. Since normal data packets are still
+encrypted by the hardware, crypto_tx_tailroom_needed_cnt gets decremented
+after key upload to hw. This can lead to passing skbs to ccmp_encrypt_skb,
+which don't have the necessary tailroom for software encryption.
+
+Change the code to add tailroom for encrypted management packets, even if
+crypto_tx_tailroom_needed_cnt is 0.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/mac80211/tx.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
+index 1f536ba573b4..65e511756e64 100644
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1938,9 +1938,16 @@ static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
+ int head_need, bool may_encrypt)
+ {
+ struct ieee80211_local *local = sdata->local;
++ struct ieee80211_hdr *hdr;
++ bool enc_tailroom;
+ int tail_need = 0;
+
+- if (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt) {
++ hdr = (struct ieee80211_hdr *) skb->data;
++ enc_tailroom = may_encrypt &&
++ (sdata->crypto_tx_tailroom_needed_cnt ||
++ ieee80211_is_mgmt(hdr->frame_control));
++
++ if (enc_tailroom) {
+ tail_need = IEEE80211_ENCRYPT_TAILROOM;
+ tail_need -= skb_tailroom(skb);
+ tail_need = max_t(int, tail_need, 0);
+@@ -1948,8 +1955,7 @@ static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
+
+ if (skb_cloned(skb) &&
+ (!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
+- !skb_clone_writable(skb, ETH_HLEN) ||
+- (may_encrypt && sdata->crypto_tx_tailroom_needed_cnt)))
++ !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
+ I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
+ else if (head_need || tail_need)
+ I802_DEBUG_INC(local->tx_expand_skb_head);
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index 7f2ed53168..d2c4abe74e 100644
--- a/series.conf
+++ b/series.conf
@@ -1118,6 +1118,7 @@
patches.kernel.org/4.20.9-033-powerpc-papr_scm-Use-the-correct-bind-address.patch
patches.kernel.org/4.20.9-034-powerpc-radix-Fix-kernel-crash-with-mremap.patch
patches.kernel.org/4.20.9-035-mic-vop-Fix-use-after-free-on-remove.patch
+ patches.kernel.org/4.20.9-036-mac80211-ensure-that-mgmt-tx-skbs-have-tailroo.patch
########################################################
# Build fixes that apply to the vanilla kernel too.