From patchwork Mon May 28 11:29:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Loic Poulain X-Patchwork-Id: 137071 Delivered-To: patch@linaro.org Received: by 2002:a2e:9706:0:0:0:0:0 with SMTP id r6-v6csp2703121lji; Mon, 28 May 2018 04:29:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoTqZLsUspxb4UlEgOr+oX/88VQlo6uEPvkRvuKyA3rfM9Hxc1irp7zF2cIYUjZ8684Jpru X-Received: by 2002:a17:902:43a4:: with SMTP id j33-v6mr13541882pld.118.1527506974031; Mon, 28 May 2018 04:29:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527506974; cv=none; d=google.com; s=arc-20160816; b=vA5zYCmN5pZ9s9+XDN/8ypu+d23H6RZgIJox3rp/BH4+12HO1oKJjMcyeRrILvudwC i+DRhgylsZpZWMH94ADpNxaVXRSpD6axqUekqNChOuLyfvB60krwYL9QnB6Ymm1uRUyh 9dQYdHnS/amDAT5v+qyb5dPGTlQZnnZg+apvKZhGvBPp/DadHqEGoNnoi7/yBp+0mmc8 PrQEO7pGbtO9JAsXHQtn1o2QY1+LJxhehBPsaZR3rraPZQvzY8mWg5PzPbJzPVX27TWp jPecQ7jePxddTwDsj/KnUIfJoA2zsWF5Mgy8tYt1VikpVepO2Wxnivmm+MJxPB/qzjRC y1JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=5iodCd8fhjhIO+8Pv39Ot4A0OLaOvGZajjBz7TleDR8=; b=BO4k/1xxLqZGLyP2AL34Mv4ODBrMSCca/setWQUE6IStDaYl52jeQ8eNL3YPoYRiPP BVz+TSmhLCkfi7sTl09DRg9mF6B2yJfXbfac5PpmuJUO2w43HVTHV+aF1WXdptfE+u06 ZGTBcPt9IrdLxLVQVvBG1o/W6g2Jjv4I/3xddGrevSGhGYU/8qEopFRnWynYgbQAmncG 6ZUeMop1n7WZqNEeA9yZtvi+psqDWXIUsJkcwa+bOH8YulbZDu+htQNeBKGZ0qCq1d3v 2bUXkMfmgtFxOc5lAQ1h5J9Qnym/HHLAKOsmnKhpViBT7biP6A6/y9T4Axe6woOpu2ZH Ackg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZofAPc7l; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q3-v6si13505166plb.529.2018.05.28.04.29.33; Mon, 28 May 2018 04:29:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZofAPc7l; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S938303AbeE1L3c (ORCPT + 3 others); Mon, 28 May 2018 07:29:32 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:36268 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S938299AbeE1L3a (ORCPT ); Mon, 28 May 2018 07:29:30 -0400 Received: by mail-wr0-f195.google.com with SMTP id f16-v6so4409603wrm.3 for ; Mon, 28 May 2018 04:29:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=5iodCd8fhjhIO+8Pv39Ot4A0OLaOvGZajjBz7TleDR8=; b=ZofAPc7lqYkxVIc/Sv/K8jfUdA6Ll3Mepz0Y05aagi4JcwvUVsGlgZg+zViPOmVtnn GmeSUL2+r/uz0Y/iAinIAIDwiVZo2OTtVplQUmMW4fBj1DGB4FMGE75KO/k/cbn8FAJs qzKf3nIr5cUmjM698Q4DDPMpA2xirZ7W/7/TU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=5iodCd8fhjhIO+8Pv39Ot4A0OLaOvGZajjBz7TleDR8=; b=lrxD6K+GLlh4xMqab2jOI2mVjb69489iBPFYFiThEHwzy7Zw1kPco8m1IcfwquV3vC Zj4zNbgNQHoEtvmsjHmRd92CJqxNqws7BgVPr5dn//RkLktCQPY/CLK3blsfFh67fVJY T3KuSPwKim4qV1swkgLOclBlDG9dTYsmLxiMA9+OoPpTge/c1zETD3y3wQ7W0XoCmo0F G3Yd0C6ZZGZ28092yYC/R3QX/M8P9iKOT8c+eC4UTFm/PF1I5IN1NnLzo59QQZwwWAe+ 5o8cwRBcFcMERbl549wma2Lje01F/8R+m++QQzrHMwxctAmclaDbkwl6nfrDTyf7cqwn xv5Q== X-Gm-Message-State: ALKqPwdnYsiytWQ58lQiyXxBMevbyyHyb2UT78rxAm+ag0291VMrK48m dT5aKkr5/8lnwL/17cAe6n9rDA== X-Received: by 2002:adf:de08:: with SMTP id b8-v6mr3253424wrm.39.1527506968794; Mon, 28 May 2018 04:29:28 -0700 (PDT) Received: from lpoulain-ThinkPad-T470p.home (LFbn-1-10589-161.w90-89.abo.wanadoo.fr. [90.89.181.161]) by smtp.gmail.com with ESMTPSA id c18-v6sm16020324wrq.17.2018.05.28.04.29.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 28 May 2018 04:29:28 -0700 (PDT) From: Loic Poulain To: kvalo@codeaurora.org Cc: linux-wireless@vger.kernel.org, linux-arm-msm@vger.kernel.org, Loic Poulain Subject: [PATCH 3/3] wcn36xx: Fix WEP encryption Date: Mon, 28 May 2018 13:29:20 +0200 Message-Id: <1527506960-13358-3-git-send-email-loic.poulain@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1527506960-13358-1-git-send-email-loic.poulain@linaro.org> References: <1527506960-13358-1-git-send-email-loic.poulain@linaro.org> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org In case of WEP encryption, driver has to configure shared key for associated station(s). Note that sta pointer is NULL in case of non pairwise key, causing NULL pointer dereference with existing code (sta_priv->is_data_encrypted). Fix this by using associated sta list instead. Signed-off-by: Loic Poulain --- drivers/net/wireless/ath/wcn36xx/main.c | 19 +++++++++++-------- drivers/net/wireless/ath/wcn36xx/smd.c | 20 ++++++++++++++------ 2 files changed, 25 insertions(+), 14 deletions(-) -- 2.7.4 diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c index 6fd0bf6..e38443e 100644 --- a/drivers/net/wireless/ath/wcn36xx/main.c +++ b/drivers/net/wireless/ath/wcn36xx/main.c @@ -493,7 +493,7 @@ static int wcn36xx_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, { struct wcn36xx *wcn = hw->priv; struct wcn36xx_vif *vif_priv = wcn36xx_vif_to_priv(vif); - struct wcn36xx_sta *sta_priv = wcn36xx_sta_to_priv(sta); + struct wcn36xx_sta *sta_priv = sta ? wcn36xx_sta_to_priv(sta) : NULL; int ret = 0; u8 key[WLAN_MAX_KEY_LEN]; @@ -570,13 +570,16 @@ static int wcn36xx_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, if ((WLAN_CIPHER_SUITE_WEP40 == key_conf->cipher) || (WLAN_CIPHER_SUITE_WEP104 == key_conf->cipher)) { - sta_priv->is_data_encrypted = true; - wcn36xx_smd_set_stakey(wcn, - vif_priv->encrypt_type, - key_conf->keyidx, - key_conf->keylen, - key, - get_sta_index(vif, sta_priv)); + list_for_each_entry(sta_priv, + &vif_priv->sta_list, list) { + sta_priv->is_data_encrypted = true; + wcn36xx_smd_set_stakey(wcn, + vif_priv->encrypt_type, + key_conf->keyidx, + key_conf->keylen, + key, + get_sta_index(vif, sta_priv)); + } } } break; diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c index b4dadf7..304a86c 100644 --- a/drivers/net/wireless/ath/wcn36xx/smd.c +++ b/drivers/net/wireless/ath/wcn36xx/smd.c @@ -1708,12 +1708,20 @@ int wcn36xx_smd_set_stakey(struct wcn36xx *wcn, msg_body.set_sta_key_params.sta_index = sta_index; msg_body.set_sta_key_params.enc_type = enc_type; - msg_body.set_sta_key_params.key[0].id = keyidx; - msg_body.set_sta_key_params.key[0].unicast = 1; - msg_body.set_sta_key_params.key[0].direction = WCN36XX_HAL_TX_RX; - msg_body.set_sta_key_params.key[0].pae_role = 0; - msg_body.set_sta_key_params.key[0].length = keylen; - memcpy(msg_body.set_sta_key_params.key[0].key, key, keylen); + if (enc_type == WCN36XX_HAL_ED_WEP104 || + enc_type == WCN36XX_HAL_ED_WEP40) { + /* Use bss key for wep (static) */ + msg_body.set_sta_key_params.def_wep_idx = keyidx; + msg_body.set_sta_key_params.wep_type = 0; + } else { + msg_body.set_sta_key_params.key[0].id = keyidx; + msg_body.set_sta_key_params.key[0].unicast = 1; + msg_body.set_sta_key_params.key[0].direction = WCN36XX_HAL_TX_RX; + msg_body.set_sta_key_params.key[0].pae_role = 0; + msg_body.set_sta_key_params.key[0].length = keylen; + memcpy(msg_body.set_sta_key_params.key[0].key, key, keylen); + } + msg_body.set_sta_key_params.single_tid_rc = 1; PREPARE_HAL_BUF(wcn->hal_buf, msg_body);