[PATCH ath-next v2] wifi: ath12k: Add MSDU length validation for tkip mic error error
Vasanthakumar Thiagarajan
vasanthakumar.thiagarajan at oss.qualcomm.com
Wed Apr 16 21:41:50 PDT 2025
On 4/16/2025 7:49 AM, Nithyanantham Paramasivam wrote:
> From: P Praneesh <quic_ppranees at quicinc.com>
>
> In the WBM error path, while processing TKIP MIC errors, MSDU length
> is fetched from the hal_rx_desc's msdu_end. This MSDU length is
> directly passed to skb_put without validation. In stress test
> scenarios, the WBM error ring may receive invalid descriptors, which
> could lead to an invalid MSDU length.
>
> To fix this, add a check to drop the skb when the calculated MSDU
> length is greater than the skb size.
>
> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
>
> Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
> Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
> Signed-off-by: Nithyanantham Paramasivam <nithyanantham.paramasivam at oss.qualcomm.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan at oss.qualcomm.com>
More information about the ath12k
mailing list