Subject: fix target assertion in cfg80211 case 1. originally the key usage with “GROUP_USAGE | TX_USAGE” but it should be only GROUP_USAGE when group key is WPA*-PSK. 2. Use ATOMIC flag instead of GFP_KERNEL to avoid potentail memory corruption 3. this issue can be reproduced easily during WPS process
Signed-off-by: Samuel Chang <[email protected]> diff -ruN kernel-2.6.37.6-11.5/drivers/staging/ar6003/os/linux/cfg80211.c kernel-2.6.37.6-11.5_cfg80211_target_assertion/drivers/staging/ar6003/os/linux/cfg80211.c --- kernel-2.6.37.6-11.5/drivers/staging/ar6003/os/linux/cfg80211.c 2011-05-27 06:17:00.000000000 +0800 +++ kernel-2.6.37.6-11.5_cfg80211_target_assertion/drivers/staging/ar6003/os/linux/cfg80211.c 2011-06-07 05:03:47.041877851 +0800 @@ -245,6 +245,7 @@ AR_SOFTC_T *ar = arPriv->arSoftc; AR_SOFTC_STA_T *arSta = &arPriv->arSta; A_STATUS status; + A_UINT8 keyUsage = 0; AR_DEBUG_PRINTF(ATH_DEBUG_INFO, ("%s: \n", __func__)); @@ -372,14 +373,19 @@ key->cipher = arPriv->arPairwiseCrypto; arPriv->arDefTxKeyIndex = sme->key_idx; - wmi_addKey_cmd(arPriv->arWmi, sme->key_idx, - arPriv->arPairwiseCrypto, - GROUP_USAGE | TX_USAGE, - key->key_len, - NULL, - key->key, KEY_OP_INIT_VAL, NULL, - NO_SYNC_WMIFLAG); - } + if (arPriv->arAuthMode & (WPA_PSK_AUTH | WPA2_PSK_AUTH)) + keyUsage = GROUP_USAGE; + else + keyUsage = GROUP_USAGE | TX_USAGE; + + wmi_addKey_cmd(arPriv->arWmi, sme->key_idx, + arPriv->arPairwiseCrypto, + keyUsage, + key->key_len, + NULL, + key->key, KEY_OP_INIT_VAL, NULL, + NO_SYNC_WMIFLAG); + } if (!arSta->arUserBssFilter) { if (wmi_bssfilter_cmd(arPriv->arWmi, ALL_BSS_FILTER, 0) != A_OK) { @@ -557,13 +563,13 @@ bss = cfg80211_inform_bss_frame(arPriv->wdev->wiphy, ibss_channel, mgmt, le16_to_cpu(size), - signal, GFP_KERNEL); + signal, GFP_ATOMIC); A_FREE(ieeemgmtbuf); cfg80211_put_bss(bss); } if((ADHOC_NETWORK & networkType)) { - cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_KERNEL); + cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_ATOMIC); return; } @@ -572,13 +578,13 @@ cfg80211_connect_result(arPriv->arNetDev, bssid, assocReqIe, assocReqLen, assocRespIe, assocRespLen, - WLAN_STATUS_SUCCESS, GFP_KERNEL); + WLAN_STATUS_SUCCESS, GFP_ATOMIC); } else { /* inform roam event to cfg80211 */ cfg80211_roamed(arPriv->arNetDev, bssid, assocReqIe, assocReqLen, assocRespIe, assocRespLen, - GFP_KERNEL); + GFP_ATOMIC); } } @@ -640,7 +646,7 @@ return; } A_MEMZERO(bssid, ETH_ALEN); - cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_KERNEL); + cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_ATOMIC); return; } @@ -659,11 +665,11 @@ NULL, 0, NULL, 0, WLAN_STATUS_UNSPECIFIED_FAILURE, - GFP_KERNEL); + GFP_ATOMIC); } } else { /* connection loss due to disconnect cmd or low rssi */ - cfg80211_disconnected(arPriv->arNetDev, reason, NULL, 0, GFP_KERNEL); + cfg80211_disconnected(arPriv->arNetDev, reason, NULL, 0, GFP_ATOMIC); } }
Subject: fix target assertion in cfg80211 case 1. originally the key usage with âGROUP_USAGE | TX_USAGEâ but it should be only GROUP_USAGE when group key is WPA*-PSK. 2. Use ATOMIC flag instead of GFP_KERNEL to avoid potentail memory corruption 3. this issue can be reproduced easily during WPS process Signed-off-by: Samuel Chang <[email protected]> diff -ruN kernel-2.6.37.6-11.5/drivers/staging/ar6003/os/linux/cfg80211.c kernel-2.6.37.6-11.5_cfg80211_target_assertion/drivers/staging/ar6003/os/linux/cfg80211.c --- kernel-2.6.37.6-11.5/drivers/staging/ar6003/os/linux/cfg80211.c 2011-05-27 06:17:00.000000000 +0800 +++ kernel-2.6.37.6-11.5_cfg80211_target_assertion/drivers/staging/ar6003/os/linux/cfg80211.c 2011-06-07 05:03:47.041877851 +0800 @@ -245,6 +245,7 @@ AR_SOFTC_T *ar = arPriv->arSoftc; AR_SOFTC_STA_T *arSta = &arPriv->arSta; A_STATUS status; + A_UINT8 keyUsage = 0; AR_DEBUG_PRINTF(ATH_DEBUG_INFO, ("%s: \n", __func__)); @@ -372,14 +373,19 @@ key->cipher = arPriv->arPairwiseCrypto; arPriv->arDefTxKeyIndex = sme->key_idx; - wmi_addKey_cmd(arPriv->arWmi, sme->key_idx, - arPriv->arPairwiseCrypto, - GROUP_USAGE | TX_USAGE, - key->key_len, - NULL, - key->key, KEY_OP_INIT_VAL, NULL, - NO_SYNC_WMIFLAG); - } + if (arPriv->arAuthMode & (WPA_PSK_AUTH | WPA2_PSK_AUTH)) + keyUsage = GROUP_USAGE; + else + keyUsage = GROUP_USAGE | TX_USAGE; + + wmi_addKey_cmd(arPriv->arWmi, sme->key_idx, + arPriv->arPairwiseCrypto, + keyUsage, + key->key_len, + NULL, + key->key, KEY_OP_INIT_VAL, NULL, + NO_SYNC_WMIFLAG); + } if (!arSta->arUserBssFilter) { if (wmi_bssfilter_cmd(arPriv->arWmi, ALL_BSS_FILTER, 0) != A_OK) { @@ -557,13 +563,13 @@ bss = cfg80211_inform_bss_frame(arPriv->wdev->wiphy, ibss_channel, mgmt, le16_to_cpu(size), - signal, GFP_KERNEL); + signal, GFP_ATOMIC); A_FREE(ieeemgmtbuf); cfg80211_put_bss(bss); } if((ADHOC_NETWORK & networkType)) { - cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_KERNEL); + cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_ATOMIC); return; } @@ -572,13 +578,13 @@ cfg80211_connect_result(arPriv->arNetDev, bssid, assocReqIe, assocReqLen, assocRespIe, assocRespLen, - WLAN_STATUS_SUCCESS, GFP_KERNEL); + WLAN_STATUS_SUCCESS, GFP_ATOMIC); } else { /* inform roam event to cfg80211 */ cfg80211_roamed(arPriv->arNetDev, bssid, assocReqIe, assocReqLen, assocRespIe, assocRespLen, - GFP_KERNEL); + GFP_ATOMIC); } } @@ -640,7 +646,7 @@ return; } A_MEMZERO(bssid, ETH_ALEN); - cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_KERNEL); + cfg80211_ibss_joined(arPriv->arNetDev, bssid, GFP_ATOMIC); return; } @@ -659,11 +665,11 @@ NULL, 0, NULL, 0, WLAN_STATUS_UNSPECIFIED_FAILURE, - GFP_KERNEL); + GFP_ATOMIC); } } else { /* connection loss due to disconnect cmd or low rssi */ - cfg80211_disconnected(arPriv->arNetDev, reason, NULL, 0, GFP_KERNEL); + cfg80211_disconnected(arPriv->arNetDev, reason, NULL, 0, GFP_ATOMIC); } }
_______________________________________________ MeeGo-kernel mailing list [email protected] http://lists.meego.com/listinfo/meego-kernel
