Date: Sun, 14 Feb 2016 17:19:02 +0100 From: Hans Petter Selasky <hps@selasky.org> To: Andriy Voskoboinyk <avos@freebsd.org> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r295607 - head/sys/dev/usb/wlan Message-ID: <56C0A8F6.1090105@selasky.org> In-Reply-To: <op.yctwknx14dikkl@localhost> References: <201602140716.u1E7Gaot040504@repo.freebsd.org> <op.yctwknx14dikkl@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/14/16 16:13, Andriy Voskoboinyk wrote: > Sun, 14 Feb 2016 09:16:36 +0200 було написано Hans Petter Selasky > <hselasky@freebsd.org>: > >> Author: hselasky >> Date: Sun Feb 14 07:16:36 2016 >> New Revision: 295607 >> URL: https://svnweb.freebsd.org/changeset/base/295607 >> >> Log: >> Reduce the number of supported WLAN keys in the rum driver, else we >> risk bit shifting overflows. Found by D5245 / PVS. >> MFC after: 1 week > > Hardware crypto support was never merged (so, there is nothing to MFC). OK. >> Modified: head/sys/dev/usb/wlan/if_rumreg.h >> ============================================================================== >> >> --- head/sys/dev/usb/wlan/if_rumreg.h Sun Feb 14 02:28:59 2016 >> (r295606) >> +++ head/sys/dev/usb/wlan/if_rumreg.h Sun Feb 14 07:16:36 2016 >> (r295607) >> @@ -47,7 +47,7 @@ >> * H/w encryption/decryption support >> */ >> #define KEY_SIZE (IEEE80211_KEYBUF_SIZE + IEEE80211_MICBUF_SIZE) >> -#define RT2573_ADDR_MAX 64 >> +#define RT2573_ADDR_MAX (32 / RT2573_SKEY_MAX) >> #define RT2573_SKEY_MAX 4 >> #define RT2573_SKEY(vap, kidx) (0x1000 + ((vap) * RT2573_SKEY_MAX + \ >> > > Reason of this change? (device table has 64 entries, not 8). > I have not seen any overflows, caused by it: You're right. > > 1) > vap->iv_key_set = rum_key_set; > vap->iv_key_delete = rum_key_delete; > vap->iv_update_beacon = rum_update_beacon; > vap->iv_max_aid = RT2573_ADDR_MAX; // not > the case > > usb_callout_init_mtx(&rvp->ratectl_ch, &sc->sc_mtx, 0); > TASK_INIT(&rvp->ratectl_task, 0, rum_ratectl_task, rvp); > > 2) > k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { > if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) { > RUM_LOCK(sc); > for (i = 0; i < RT2573_ADDR_MAX; i++) { // can hold > [0;63] without any overflows; > // keys_bmap is 64-bit, so there > is no overflow too > if ((sc->keys_bmap & (1ULL << i)) == 0) { > sc->keys_bmap |= 1ULL << i; > *keyix = i; > > 3) > } I'll revert the header file change shortly. Then we're up to date. --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56C0A8F6.1090105>