leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
410e302ea5
linux/drivers/net/wireless/ath/ath10k
History
Sriram R 62a8ff67eb ath10k: Validate first subframe of A-MSDU before processing the list 
In certain scenarios a normal MSDU can be received as an A-MSDU when
the A-MSDU present bit of a QoS header gets flipped during reception.
Since this bit is unauthenticated, the hardware crypto engine can pass
the frame to the driver without any error indication.

This could result in processing unintended subframes collected in the
A-MSDU list. Hence, validate A-MSDU list by checking if the first frame
has a valid subframe header.

Comparing the non-aggregated MSDU and an A-MSDU, the fields of the first
subframe DA matches the LLC/SNAP header fields of a normal MSDU.
In order to avoid processing such frames, add a validation to
filter such A-MSDU frames where the first subframe header DA matches
with the LLC/SNAP header pattern.

Tested-on: QCA9984 hw1.0 PCI 10.4-3.10-00047

Cc: stable@vger.kernel.org
Signed-off-by: Sriram R <srirrama@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20210511200110.e6f5eb7b9847.I38a77ae26096862527a5eab73caebd7346af8b66@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-05-11 20:16:09 +02:00
..
ahb.c ath10k: prevent deinitializing NAPI twice 2020-12-17 08:52:31 +02:00
ahb.h
bmi.c ath10k: sdio: add firmware coredump support 2020-08-19 20:36:19 +03:00
bmi.h ath10k: add large size for BMI download data for SDIO 2019-11-25 13:53:46 +02:00
ce.c ath10k: Keep track of which interrupts fired, don't poll them 2020-09-01 15:04:13 +03:00
ce.h ath10k: Keep track of which interrupts fired, don't poll them 2020-09-01 15:04:13 +03:00
core.c ath10k: allow dynamic SAR power limits via common API 2021-01-28 09:18:17 +02:00
core.h ath10k: allow dynamic SAR power limits via common API 2021-01-28 09:18:17 +02:00
coredump.c ath10k: sdio: add firmware coredump support 2020-08-19 20:36:19 +03:00
coredump.h ath10k: add bus type for each layout of coredump 2020-08-19 20:36:15 +03:00
debug.c ath10k: add atomic protection for device recovery 2020-12-12 06:38:12 +02:00
debug.h ath10k: Add new debug level for sta related logs 2021-02-09 09:25:10 +02:00
debugfs_sta.c
hif.h ath10k: hif: make send_complete_check op optional 2020-04-21 15:04:02 +03:00
htc.c ath10k: Fix a use after free in ath10k_htc_send_bundle 2021-04-22 16:53:35 +03:00
htc.h ath10k: enable alt data of TX path for sdio 2020-04-22 09:43:32 +03:00
htt_rx.c ath10k: Validate first subframe of A-MSDU before processing the list 2021-05-11 20:16:09 +02:00
htt_tx.c ath10k: restore tx sk_buff of htt header for SDIO 2021-02-11 08:47:53 +02:00
htt.c ath10k: add htt TX bundle for sdio 2020-04-22 09:43:29 +03:00
htt.h ath10k: add CCMP PN replay protection for fragmented frames for PCIe 2021-05-11 20:15:05 +02:00
hw.c ath10k: allow qca988x family to support ack rssi of tx data packets. 2020-03-12 10:20:02 +02:00
hw.h ath10k: allow dynamic SAR power limits via common API 2021-01-28 09:18:17 +02:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mac.c ath10k: Detect conf_mutex held ath10k_drain_tx() calls 2021-03-06 12:51:15 +01:00
mac.h
Makefile
p2p.c ath10k: Don't iterate over not-sdata-in-driver interfaces. 2020-11-07 09:57:07 +02:00
p2p.h
pci.c ath10k: prevent deinitializing NAPI twice 2020-12-17 08:52:31 +02:00
pci.h ath10k: fix ath10k_pci struct layout 2020-05-12 10:33:13 +03:00
qmi_wlfw_v01.c
qmi_wlfw_v01.h
qmi.c ath10k: Constify static qmi structs 2020-12-02 20:32:38 +02:00
qmi.h ath10k: Remove ath10k_qmi_register_service_notifier() declaration 2020-05-30 17:18:29 +03:00
rx_desc.h ath10k: drop MPDU which has discard flag set by firmware for SDIO 2021-05-11 20:15:36 +02:00
sdio.c ath10k: prevent deinitializing NAPI twice 2020-12-17 08:52:31 +02:00
sdio.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
snoc.c ath10k: skip the wait for completion to recovery in shutdown path 2021-03-09 12:48:47 +02:00
snoc.h ath10k: Keep track of which interrupts fired, don't poll them 2020-09-01 15:04:13 +03:00
spectral.c ath10k: make relay callbacks const 2020-12-15 22:46:18 -08:00
spectral.h
swap.c
swap.h
targaddrs.h ath10k: sdio: add firmware coredump support 2020-08-19 20:36:19 +03:00
testmode_i.h
testmode.c ath10k: Fix some typo in some warning messages 2019-12-17 16:24:17 +02:00
testmode.h
thermal.c
thermal.h
trace.c
trace.h ath10k: remove h from printk format specifier 2021-02-04 09:37:58 +02:00
txrx.c ath10k: remove h from printk format specifier 2021-02-04 09:37:58 +02:00
txrx.h
usb.c ath10k: Release some resources in an error handling path 2020-12-02 20:31:54 +02:00
usb.h
wmi-ops.h ath10k: Add wmi command support for station specific TID config 2020-08-26 17:52:46 +03:00
wmi-tlv.c ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock 2021-04-22 16:59:56 +03:00
wmi-tlv.h ath10k: add wmi service peer stat info for wmi tlv 2020-08-15 10:05:12 +03:00
wmi.c ath10k: Add new debug level for sta related logs 2021-02-09 09:25:10 +02:00
wmi.h ath10k: Fix the parsing error in service available event 2020-12-02 20:28:02 +02:00
wow.c ath10k: Use fallthrough pseudo-keyword 2020-08-17 13:24:41 +03:00
wow.h