** Changed in: hwe-next
Status: New => Fix Released
** Changed in: hwe-next
Assignee: (unassigned) => Jesse Sung (wenchien)
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1897299
Title:
mwifiex stops working after kernel upgrade
Status in HWE Next:
Fix Released
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Focal:
In Progress
Status in linux source package in Groovy:
In Progress
Bug description:
== Impact ==
Marvell WiFi cards supported by the mwifiex driver may fail to connect to
some access points after kernel upgrade.
This is caused by the commit
commit e18696786548244914f36ec3c46ac99c53df99c3
Author: Dan Carpenter <dan.carpen...@oracle.com>
Date: Wed Jul 8 14:58:57 2020 +0300
mwifiex: Prevent memory corruption handling keys
The length of the key comes from the network and it's a 16 bit number. It
needs to be capped to prevent a buffer overflow.
Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell
mwifiex driver")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
Acked-by: Ganapathi Bhat <ganapathi.b...@nxp.com>
Signed-off-by: Kalle Valo <kv...@codeaurora.org>
Link: https://lore.kernel.org/r/20200708115857.GA13729@mwanda
The commit added a check to mwifiex_ret_802_11_key_material_v2() to
make sure the key length doesn't larger than the key buffer size
before copying it. The allocated key buffer is 16-byte long. In some
cases the key would be 32-byte long and hence the check fails. One
thing to note is that this commit is not the cause of the problem,
instead it just makes the issue visible.
The commit is included in Ubuntu-4.4.0-190.220, Ubuntu-4.15.0-119.120,
Ubuntu-5.4.0-48.52, and Ubuntu-5.8.0-18.19.
== Fix ==
There's already a fix in the mainline which increase the key buffer size to
32 bytes:
commit 4afc850e2e9e781976fb2c7852ce7bac374af938
Author: Maximilian Luz <luzmaximil...@gmail.com>
Date: Tue Aug 25 17:38:29 2020 +0200
mwifiex: Increase AES key storage size to 256 bits
Following commit e18696786548 ("mwifiex: Prevent memory corruption
handling keys") the mwifiex driver fails to authenticate with certain
networks, specifically networks with 256 bit keys, and repeatedly asks
for the password. The kernel log repeats the following lines (id and
bssid redacted):
mwifiex_pcie 0000:01:00.0: info: trying to associate to '<id>' bssid
<bssid>
mwifiex_pcie 0000:01:00.0: info: associated to bssid <bssid>
successfully
mwifiex_pcie 0000:01:00.0: crypto keys added
mwifiex_pcie 0000:01:00.0: info: successfully disconnected from
<bssid>: reason code 3
Tracking down this problem lead to the overflow check introduced by the
aforementioned commit into mwifiex_ret_802_11_key_material_v2(). This
check fails on networks with 256 bit keys due to the current storage
size for AES keys in struct mwifiex_aes_param being only 128 bit.
To fix this issue, increase the storage size for AES keys to 256 bit.
Fixes: e18696786548 ("mwifiex: Prevent memory corruption handling keys")
Signed-off-by: Maximilian Luz <luzmaximil...@gmail.com>
Reported-by: Kaloyan Nikolov <koni...@gmail.com>
Tested-by: Kaloyan Nikolov <koni...@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpen...@oracle.com>
Reviewed-by: Brian Norris <briannor...@chromium.org>
Tested-by: Brian Norris <briannor...@chromium.org>
Signed-off-by: Kalle Valo <kv...@codeaurora.org>
Link:
https://lore.kernel.org/r/20200825153829.38043-1-luzmaximil...@gmail.com
== Regression Potential ==
Low. While the fix increases the buffer size, it still checks and make sure
data to be copy can fit into the buffer. Also the commit does fix the issue we
saw in the Cert lab.
To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/1897299/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
