From patchwork Tue Feb 6 16:02:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miri Korenblit X-Patchwork-Id: 13547556 X-Patchwork-Delegate: johannes@sipsolutions.net Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 04779134CF6 for ; Tue, 6 Feb 2024 16:02:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.9 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707235359; cv=none; b=FTgpY0NYPBSmnpI6VEIaeXBlK7z+a7Am6gOn7u57PiwXsE1IvDzEZbuKwG4ng55MWUigRrZK+gmbGBN2k5rBwhqdUMxk3T2Dob9TUe8VBOz6ZF6KrdRGGJrDfdQrBgdX9Zo5qFVTCzpddb1C7sMSMKZQKh7Hm9ogQ0nNte51EC8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707235359; c=relaxed/simple; bh=m+Wo3kcS/LDvcxt/hiTxX+xx7HvmAPEctUB1Cwpa6Ns=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=k4xCvBDFiAL7D3xCrQQ52U1xm/iOHyYLk9dMkvx1KbU7T06u8qu1LtPjsNXeTe6TePdTTbg53DiE2mnHMqrookSheQuUNfRqoXVzCnxU2j4GIme7WRgcs/22eFNf4OwrQRg140wRHOUCWXj8oDWeYLluV3GuWP009zVWAAoj7g4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AoXJhzQD; arc=none smtp.client-ip=198.175.65.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AoXJhzQD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707235358; x=1738771358; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=m+Wo3kcS/LDvcxt/hiTxX+xx7HvmAPEctUB1Cwpa6Ns=; b=AoXJhzQDs+1stT86AmWy5epWeAXs6PqzbL3069jMSvE1ByOGvqlWob1Z QJO0H0lfCxVDJtwYD6esWVOJuQ2pKnUsM0g4pzqfl4zgXR11bMcIIwUcH 2Vqs0FGRQXAjhfRkHEhfzkKeTPd5hR9wxzKbKQKZx9M794KpTHg0x0ehm WD1fZfNNYAkgvjmD2a7ntfrbyLpIoG5QA4X6DzMCzb//J3+0T+bru8jOq BPJffrW1lw8ofOSnSmHhP9FheofxrNRAeIaA1pcPRJS+rwJtxm781jMCc dvUYPMgp99W7uHwSrsgv3IZyNa8mUIgLWxVnNyhqp4TCjVKZMFmOaw4Al g==; X-IronPort-AV: E=McAfee;i="6600,9927,10976"; a="23252329" X-IronPort-AV: E=Sophos;i="6.05,247,1701158400"; d="scan'208";a="23252329" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Feb 2024 08:02:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,247,1701158400"; d="scan'208";a="1349836" Received: from unknown (HELO WEIS0040.iil.intel.com) ([10.12.217.108]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Feb 2024 08:02:36 -0800 From: Miri Korenblit To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Johannes Berg Subject: [PATCH 06/11] wifi: iwlwifi: mvm: don't set replay counters to 0xff Date: Tue, 6 Feb 2024 18:02:09 +0200 Message-Id: <20240206175739.462101146fef.I10f3855b99417af4247cff04af78dcbc6cb75c9c@changeid> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240206160214.3260547-1-miriam.rachel.korenblit@intel.com> References: <20240206160214.3260547-1-miriam.rachel.korenblit@intel.com> Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Israel (74) Limited From: Johannes Berg The firmware (later) actually uses the values even for keys that are invalid as far as the host is concerned, later in rekeying, and then only sets the low 48 bits since the PNs are only 48 bits over the air. It does, however, compare the full 64 bits later, obviously causing problems. Remove the memset and use kzalloc instead to avoid any old heap data leaking to the firmware. We already init all the other fields in the struct anyway. This leaves the data set to zero for any unused fields, so the firmware can look at them safely even if they're not used right now. Fixes: 79e561f0f05a ("iwlwifi: mvm: d3: implement RSC command version 5") Signed-off-by: Johannes Berg Signed-off-by: Miri Korenblit --- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c index 5bc08c1d207a..e1c77276557d 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c @@ -461,12 +461,10 @@ static int iwl_mvm_wowlan_config_rsc_tsc(struct iwl_mvm *mvm, struct wowlan_key_rsc_v5_data data = {}; int i; - data.rsc = kmalloc(sizeof(*data.rsc), GFP_KERNEL); + data.rsc = kzalloc(sizeof(*data.rsc), GFP_KERNEL); if (!data.rsc) return -ENOMEM; - memset(data.rsc, 0xff, sizeof(*data.rsc)); - for (i = 0; i < ARRAY_SIZE(data.rsc->mcast_key_id_map); i++) data.rsc->mcast_key_id_map[i] = IWL_MCAST_KEY_MAP_INVALID;