1. 29 5月, 2015 1 次提交
    • M
      mac80211: prevent possible crypto tx tailroom corruption · ab499db8
      Michal Kazior 提交于
      There was a possible race between
      ieee80211_reconfig() and
      ieee80211_delayed_tailroom_dec(). This could
      result in inability to transmit data if driver
      crashed during roaming or rekeying and subsequent
      skbs with insufficient tailroom appeared.
      
      This race was probably never seen in the wild
      because a device driver would have to crash AND
      recover within 0.5s which is very unlikely.
      
      I was able to prove this race exists after
      changing the delay to 10s locally and crashing
      ath10k via debugfs immediately after GTK
      rekeying. In case of ath10k the counter went below
      0. This was harmless but other drivers which
      actually require tailroom (e.g. for WEP ICV or
      MMIC) could end up with the counter at 0 instead
      of >0 and introduce insufficient skb tailroom
      failures because mac80211 would not resize skbs
      appropriately anymore.
      
      Fixes: 8d1f7ecd ("mac80211: defer tailroom counter manipulation when roaming")
      Signed-off-by: NMichal Kazior <michal.kazior@tieto.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      ab499db8
  2. 26 5月, 2015 1 次提交
  3. 20 5月, 2015 6 次提交
  4. 12 5月, 2015 1 次提交
  5. 11 5月, 2015 2 次提交
  6. 07 5月, 2015 1 次提交
  7. 06 5月, 2015 8 次提交
  8. 05 5月, 2015 7 次提交
  9. 24 4月, 2015 12 次提交
  10. 23 4月, 2015 1 次提交