[PATCH 2/3] ath11k: change return buffer manager for QCA6390
Kalle Valo
kvalo at codeaurora.org
Mon Oct 25 06:02:06 PDT 2021
Kalle Valo <kvalo at codeaurora.org> writes:
> bqiang at codeaurora.org writes:
>
>> On 2021-09-28 23:14, Kalle Valo wrote:
>>> Jouni Malinen <jouni at codeaurora.org> writes:
>>>
>>>> From: Baochen Qiang <bqiang at codeaurora.org>
>>>>
>>>> QCA6390 firmware uses HAL_RX_BUF_RBM_SW1_BM, not
>>>> HAL_RX_BUF_RBM_SW3_BM.
>>>>
>>>> Tested-on: QCA6390 hw2.0 PCI
>>>> WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
>>>>
>>>> Signed-off-by: Baochen Qiang <bqiang at codeaurora.org>
>>>> Signed-off-by: Jouni Malinen <jouni at codeaurora.org>
>>>
>>> Same question as in patch 1, does this fix a bug or is just a
>>> theoretical issue found during code review?
>>
>> Yes, this patch did fix a bug.
>>
>> QCA6390 firmware expects some specific packets from WBM2SW1 ring,
>> which, however, will not happen because they are routed directly to
>> host through WBM2SW3 ring due to wrong configuration of RBM.
>
> What specific packets exactly?
We discussed this internally and I now changed the commit log to:
ath11k: change return buffer manager for QCA6390
QCA6390 firmware uses HAL_RX_BUF_RBM_SW1_BM, not HAL_RX_BUF_RBM_SW3_BM. This is
needed to fix a case where an A-MSDU has an unexpected LLC/SNAP header in the
first subframe (CVE-2020-24588).
Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1
Signed-off-by: Baochen Qiang <bqiang at codeaurora.org>
Signed-off-by: Jouni Malinen <jouni at codeaurora.org>
Signed-off-by: Kalle Valo <kvalo at codeaurora.org>
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
More information about the ath11k
mailing list