Re: svn commit: r295607 - head/sys/dev/usb/wlan

Sun, 14 Feb 2016 08:12:06 -0800

Sun, 14 Feb 2016 09:16:36 +0200 було написано Hans Petter Selasky <hsela...@freebsd.org>: 


Author: hselasky
Date: Sun Feb 14 07:16:36 2016
New Revision: 295607
URL: https://svnweb.freebsd.org/changeset/base/295607

Log:
  Reduce the number of supported WLAN keys in the rum driver, else we
  risk bit shifting overflows. Found by D5245 / PVS.
 MFC after:     1 week


Hardware crypto support was never merged (so, there is nothing to MFC).



Modified:
  head/sys/dev/usb/wlan/if_rum.c
  head/sys/dev/usb/wlan/if_rumreg.h

Modified: head/sys/dev/usb/wlan/if_rum.c
==============================================================================
--- head/sys/dev/usb/wlan/if_rum.c      Sun Feb 14 02:28:59 2016        
(r295606)
+++ head/sys/dev/usb/wlan/if_rum.c      Sun Feb 14 07:16:36 2016        
(r295607)
...
--- skipped ---
...
Modified: head/sys/dev/usb/wlan/if_rumreg.h
==============================================================================
--- head/sys/dev/usb/wlan/if_rumreg.h   Sun Feb 14 02:28:59 2016        
(r295606)
+++ head/sys/dev/usb/wlan/if_rumreg.h   Sun Feb 14 07:16:36 2016        
(r295607)
@@ -47,7 +47,7 @@
  * H/w encryption/decryption support
  */
 #define KEY_SIZE               (IEEE80211_KEYBUF_SIZE + IEEE80211_MICBUF_SIZE)
-#define RT2573_ADDR_MAX         64
+#define RT2573_ADDR_MAX         (32 / RT2573_SKEY_MAX)
 #define RT2573_SKEY_MAX                4
#define RT2573_SKEY(vap, kidx)  (0x1000 + ((vap) * RT2573_SKEY_MAX + \



Reason of this change? (device table has 64 entries, not 8).
I have not seen any overflows, caused by it:

1)
        vap->iv_key_set = rum_key_set;
        vap->iv_key_delete = rum_key_delete;
        vap->iv_update_beacon = rum_update_beacon;
        vap->iv_max_aid = RT2573_ADDR_MAX;                                      
// not the case

        usb_callout_init_mtx(&rvp->ratectl_ch, &sc->sc_mtx, 0);
        TASK_INIT(&rvp->ratectl_task, 0, rum_ratectl_task, rvp);

2)
             k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
                if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) {
                        RUM_LOCK(sc);
for (i = 0; i < RT2573_ADDR_MAX; i++) { // can hold [0;63] without any overflows; 
                                                                     // 
keys_bmap is 64-bit, so there is no overflow too
                                if ((sc->keys_bmap & (1ULL << i)) == 0) {
                                        sc->keys_bmap |= 1ULL << i;
                                        *keyix = i;

3)
                                }
                        }
                        RUM_UNLOCK(sc);
                        if (i == RT2573_ADDR_MAX) {                        // 
like the first case
                                device_printf(sc->sc_dev,
                                    "%s: no free space in the key table\n",
                                    __func__);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to