mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-28 15:14:11 +00:00
55 lines
1.5 KiB
Diff
55 lines
1.5 KiB
Diff
|
From: Wen Gong <wgong@codeaurora.org>
|
||
|
Date: Tue, 11 May 2021 20:02:55 +0200
|
||
|
Subject: [PATCH] ath10k: drop MPDU which has discard flag set by firmware
|
||
|
for SDIO
|
||
|
|
||
|
When the discard flag is set by the firmware for an MPDU, it should be
|
||
|
dropped. This allows a mitigation for CVE-2020-24588 to be implemented
|
||
|
in the firmware.
|
||
|
|
||
|
Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
|
||
|
|
||
|
Cc: stable@vger.kernel.org
|
||
|
Signed-off-by: Wen Gong <wgong@codeaurora.org>
|
||
|
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||
|
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||
|
---
|
||
|
|
||
|
--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
|
||
|
+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
|
||
|
@@ -2312,6 +2312,11 @@ static bool ath10k_htt_rx_proc_rx_ind_hl
|
||
|
fw_desc = &rx->fw_desc;
|
||
|
rx_desc_len = fw_desc->len;
|
||
|
|
||
|
+ if (fw_desc->u.bits.discard) {
|
||
|
+ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");
|
||
|
+ goto err;
|
||
|
+ }
|
||
|
+
|
||
|
/* I have not yet seen any case where num_mpdu_ranges > 1.
|
||
|
* qcacld does not seem handle that case either, so we introduce the
|
||
|
* same limitiation here as well.
|
||
|
--- a/drivers/net/wireless/ath/ath10k/rx_desc.h
|
||
|
+++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
|
||
|
@@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
|
||
|
#define FW_RX_DESC_UDP (1 << 6)
|
||
|
|
||
|
struct fw_rx_desc_hl {
|
||
|
- u8 info0;
|
||
|
+ union {
|
||
|
+ struct {
|
||
|
+ u8 discard:1,
|
||
|
+ forward:1,
|
||
|
+ any_err:1,
|
||
|
+ dup_err:1,
|
||
|
+ reserved:1,
|
||
|
+ inspect:1,
|
||
|
+ extension:2;
|
||
|
+ } bits;
|
||
|
+ u8 info0;
|
||
|
+ } u;
|
||
|
+
|
||
|
u8 version;
|
||
|
u8 len;
|
||
|
u8 flags;
|