Re: svn commit: r295607 - head/sys/dev/usb/wlan

Sun, 14 Feb 2016 10:21:05 -0800

Sun, 14 Feb 2016 18:19:02 +0200 було написано Hans Petter Selasky <[email protected]>: 


On 02/14/16 16:13, Andriy Voskoboinyk wrote:

Sun, 14 Feb 2016 09:16:36 +0200 було написано Hans Petter Selasky
<[email protected]>:


Author: hselasky
Date: Sun Feb 14 07:16:36 2016
New Revision: 295607
URL: https://svnweb.freebsd.org/changeset/base/295607

Log:
  Reduce the number of supported WLAN keys in the rum driver, else we
  risk bit shifting overflows. Found by D5245 / PVS.
 MFC after:    1 week


Hardware crypto support was never merged (so, there is nothing to MFC).


OK.


Modified: head/sys/dev/usb/wlan/if_rumreg.h
==============================================================================

--- head/sys/dev/usb/wlan/if_rumreg.h    Sun Feb 14 02:28:59 2016
(r295606)
+++ head/sys/dev/usb/wlan/if_rumreg.h    Sun Feb 14 07:16:36 2016
(r295607)
@@ -47,7 +47,7 @@
  * H/w encryption/decryption support
  */
#define KEY_SIZE (IEEE80211_KEYBUF_SIZE + IEEE80211_MICBUF_SIZE) 
-#define RT2573_ADDR_MAX         64
+#define RT2573_ADDR_MAX         (32 / RT2573_SKEY_MAX)
 #define RT2573_SKEY_MAX        4
#define RT2573_SKEY(vap, kidx) (0x1000 + ((vap) * RT2573_SKEY_MAX + \ 



Reason of this change? (device table has 64 entries, not 8).
I have not seen any overflows, caused by it:


You're right.



1)
     vap->iv_key_set = rum_key_set;
     vap->iv_key_delete = rum_key_delete;
     vap->iv_update_beacon = rum_update_beacon;
     vap->iv_max_aid = RT2573_ADDR_MAX;                        // not
the case

     usb_callout_init_mtx(&rvp->ratectl_ch, &sc->sc_mtx, 0);
     TASK_INIT(&rvp->ratectl_task, 0, rum_ratectl_task, rvp);

2)
          k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
         if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) {
             RUM_LOCK(sc);
             for (i = 0; i < RT2573_ADDR_MAX; i++) {      // can hold
[0;63] without any overflows;
                                      // keys_bmap is 64-bit, so there
is no overflow too
                 if ((sc->keys_bmap & (1ULL << i)) == 0) {
                     sc->keys_bmap |= 1ULL << i;
                     *keyix = i;

3)
                 }


I'll revert the header file change shortly. Then we're up to date.

--HPS


Thanks!
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"

Reply via email to