From a5c8a191e56172e5761cf4cab6d5eda04134a023 Mon Sep 17 00:00:00 2001 From: Oliver Neukum Date: Apr 17 2023 12:19:05 +0000 Subject: ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). --- diff --git a/patches.suse/ath10k-fix-memory-overwrite-of-the-WoWLAN-wakeup-pac.patch b/patches.suse/ath10k-fix-memory-overwrite-of-the-WoWLAN-wakeup-pac.patch new file mode 100644 index 0000000..2aac80f --- /dev/null +++ b/patches.suse/ath10k-fix-memory-overwrite-of-the-WoWLAN-wakeup-pac.patch @@ -0,0 +1,56 @@ +From e3fb3d4418fce5484dfe7995fcd94c18b10a431a Mon Sep 17 00:00:00 2001 +From: Wen Gong +Date: Mon, 10 Jan 2022 16:24:13 +0200 +Subject: [PATCH] ath10k: fix memory overwrite of the WoWLAN wakeup packet + pattern +Git-commit: e3fb3d4418fce5484dfe7995fcd94c18b10a431a +References: git-fixes +Patch-mainline: v5.18-rc1 + +In function ath10k_wow_convert_8023_to_80211(), it will do memcpy for +the new->pattern, and currently the new->pattern and new->mask is same +with the old, then the memcpy of new->pattern will also overwrite the +old->pattern, because the header format of new->pattern is 802.11, +its length is larger than the old->pattern which is 802.3. Then the +operation of "Copy frame body" will copy a mistake value because the +body memory has been overwrite when memcpy the new->pattern. + +Assign another empty value to new_pattern to avoid the overwrite issue. + +Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049 + +Fixes: fa3440fa2fa1 ("ath10k: convert wow pattern from 802.3 to 802.11") +Signed-off-by: Wen Gong +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20211222031347.25463-1-quic_wgong@quicinc.com +Signed-off-by: Oliver Neukum +--- + drivers/net/wireless/ath/ath10k/wow.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath10k/wow.c b/drivers/net/wireless/ath/ath10k/wow.c +index 7d65c115669f..20b9aa8ddf7d 100644 +--- a/drivers/net/wireless/ath/ath10k/wow.c ++++ b/drivers/net/wireless/ath/ath10k/wow.c +@@ -337,14 +337,15 @@ static int ath10k_vif_wow_set_wakeups(struct ath10k_vif *arvif, + if (patterns[i].mask[j / 8] & BIT(j % 8)) + bitmask[j] = 0xff; + old_pattern.mask = bitmask; +- new_pattern = old_pattern; + + if (ar->wmi.rx_decap_mode == ATH10K_HW_TXRX_NATIVE_WIFI) { +- if (patterns[i].pkt_offset < ETH_HLEN) ++ if (patterns[i].pkt_offset < ETH_HLEN) { + ath10k_wow_convert_8023_to_80211(&new_pattern, + &old_pattern); +- else ++ } else { ++ new_pattern = old_pattern; + new_pattern.pkt_offset += WOW_HDR_LEN - ETH_HLEN; ++ } + } + + if (WARN_ON(new_pattern.pattern_len > WOW_MAX_PATTERN_SIZE)) +-- +2.40.0 + diff --git a/series.conf b/series.conf index 194baa9..5f383aa 100644 --- a/series.conf +++ b/series.conf @@ -62288,6 +62288,7 @@ patches.suse/msft-hv-2523-net-mana-Add-handling-of-CQE_RX_TRUNCATED.patch patches.suse/msft-hv-2524-net-mana-Remove-unnecessary-check-of-cqe_type-in-man.patch patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch + patches.suse/ath10k-fix-memory-overwrite-of-the-WoWLAN-wakeup-pac.patch patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch patches.suse/net-ibmvnic-Cleanup-workaround-doing-an-EOI-after-pa.patch patches.suse/ipv6-annotate-some-data-races-around-sk-sk_prot.patch