queue-4.9/mac80211-do-not-use-stack-memory-with-scatterlist-for-gmac.patch

   1 From a71fd9dac23613d96ba3c05619a8ef4fd6cdf9b9 Mon Sep 17 00:00:00 2001
   2 From: Jouni Malinen <j@w1.fi>
   3 Date: Tue, 28 May 2019 01:46:43 +0300
   4 Subject: mac80211: Do not use stack memory with scatterlist for GMAC
   5
   6 From: Jouni Malinen <j@w1.fi>
   7
   8 commit a71fd9dac23613d96ba3c05619a8ef4fd6cdf9b9 upstream.
   9
  10 ieee80211_aes_gmac() uses the mic argument directly in sg_set_buf() and
  11 that does not allow use of stack memory (e.g., BUG_ON() is hit in
  12 sg_set_buf() with CONFIG_DEBUG_SG). BIP GMAC TX side is fine for this
  13 since it can use the skb data buffer, but the RX side was using a stack
  14 variable for deriving the local MIC value to compare against the
  15 received one.
  16
  17 Fix this by allocating heap memory for the mic buffer.
  18
  19 This was found with hwsim test case ap_cipher_bip_gmac_128 hitting that
  20 BUG_ON() and kernel panic.
  21
  22 Cc: stable@vger.kernel.org
  23 Signed-off-by: Jouni Malinen <j@w1.fi>
  24 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  25 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  26
  27 ---
  28  net/mac80211/wpa.c |    7 ++++++-
  29  1 file changed, 6 insertions(+), 1 deletion(-)
  30
  31 --- a/net/mac80211/wpa.c
  32 +++ b/net/mac80211/wpa.c
  33 @@ -1169,7 +1169,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
  34         struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
  35         struct ieee80211_key *key = rx->key;
  36         struct ieee80211_mmie_16 *mmie;
  37 -       u8 aad[GMAC_AAD_LEN], mic[GMAC_MIC_LEN], ipn[6], nonce[GMAC_NONCE_LEN];
  38 +       u8 aad[GMAC_AAD_LEN], *mic, ipn[6], nonce[GMAC_NONCE_LEN];
  39         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
  40
  41         if (!ieee80211_is_mgmt(hdr->frame_control))
  42 @@ -1200,13 +1200,18 @@ ieee80211_crypto_aes_gmac_decrypt(struct
  43                 memcpy(nonce, hdr->addr2, ETH_ALEN);
  44                 memcpy(nonce + ETH_ALEN, ipn, 6);
  45
  46 +               mic = kmalloc(GMAC_MIC_LEN, GFP_ATOMIC);
  47 +               if (!mic)
  48 +                       return RX_DROP_UNUSABLE;
  49                 if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
  50                                        skb->data + 24, skb->len - 24,
  51                                        mic) < 0 ||
  52                     crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
  53                         key->u.aes_gmac.icverrors++;
  54 +                       kfree(mic);
  55                         return RX_DROP_UNUSABLE;
  56                 }
  57 +               kfree(mic);
  58         }
  59
  60         memcpy(key->u.aes_gmac.rx_pn, ipn, 6);