From patchwork Thu Apr 8 03:36:09 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhu Yi X-Patchwork-Id: 91217 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o383ZgFu003442 for ; Thu, 8 Apr 2010 03:35:42 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755545Ab0DHDfl (ORCPT ); Wed, 7 Apr 2010 23:35:41 -0400 Received: from mga02.intel.com ([134.134.136.20]:33683 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755297Ab0DHDfk (ORCPT ); Wed, 7 Apr 2010 23:35:40 -0400 Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP; 07 Apr 2010 20:35:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.52,167,1270450800"; d="scan'208";a="507313178" Received: from debian.sh.intel.com (HELO [10.239.13.178]) ([10.239.13.178]) by orsmga002.jf.intel.com with ESMTP; 07 Apr 2010 20:35:32 -0700 Subject: Re: [PATCH] mac80211: fix paged RX crypto From: Zhu Yi To: Johannes Berg Cc: John Linville , linux-wireless In-Reply-To: <1270696951.10745.11.camel@debian> References: <1270632416.3858.6.camel@jlt3.sipsolutions.net> <1270696951.10745.11.camel@debian> Date: Thu, 08 Apr 2010 11:36:09 +0800 Message-ID: <1270697769.10745.12.camel@debian> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]); Thu, 08 Apr 2010 03:35:50 +0000 (UTC) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 14366d4..23312dd 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -894,6 +894,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) rx->key = key; return RX_CONTINUE; } else { + u8 keyid; /* * The device doesn't give us the IV so we won't be * able to look up the key. That's ok though, we @@ -916,7 +917,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) * no need to call ieee80211_wep_get_keyidx, * it verifies a bunch of things we've done already */ - keyidx = rx->skb->data[hdrlen + 3] >> 6; + skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1); + keyidx = keyid >> 6; rx->key = rcu_dereference(rx->sdata->keys[keyidx]); @@ -940,6 +942,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx) if (skb_linearize(rx->skb)) return RX_DROP_UNUSABLE; + hdr = (struct ieee80211_hdr *)skb->data; + /* Check for weak IVs if possible */ if (rx->sta && rx->key->conf.alg == ALG_WEP && ieee80211_is_data(hdr->frame_control) &&