projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1510627) | patch
iwlwifi: mvm: fix security bug in PN checking
authorSara Sharon <sara.sharon@intel.com>
Tue, 29 Mar 2016 07:56:57 +0000 (10:56 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 30 May 2018 05:51:57 +0000 (07:51 +0200)
commit8c1cc43e745d86092f1c5b2d0a58d7879b119d27
treeaabfd7b5702802819d8d6526fa2b78aa6147e5e0tree | snapshot (tar.gz zip)
parent1510627c63b77210f9501c4c1c13b915883dec78commit | diff
iwlwifi: mvm: fix security bug in PN checking

[ Upstream commit 5ab2ba931255d8bf03009c06d58dce97de32797c ]

A previous patch allowed the same PN for packets originating from the
same AMSDU by copying PN only for the last packet in the series.

This however is bogus since we cannot assume the last frame will be
received on the same queue, and if it is received on a different ueue
we will end up not incrementing the PN and possibly let the next
packet to have the same PN and pass through.

Change the logic instead to driver explicitly indicate for the second
sub frame and on to be allowed to have the same PN as the first
subframe. Indicate it to mac80211 as well for the fallback queue.

Fixes: f1ae02b186d9 ("iwlwifi: mvm: allow same PN for de-aggregated AMSDU")
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c diff | blob | blame | history