From nobody Wed Oct 15 22:45:57 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95E06276C4B; Sun, 24 Mar 2024 23:36:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323394; cv=none; b=mbLHGv58VC7qNI+bvL+EGSjy9xHrpAvgfN9oIr5eLeqcy8m3wur8/g19ahXwSoMyhzVeAJC2SEqfageT1O0xHfNWgkgpGvbFZp6ASYfOh+XwVkO5ihjJI/mGR0NRRjeb1azLqflSlhJsRzuaLONEAUpePxmtH7aHbhh7z9faCL0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711323394; c=relaxed/simple; bh=X4/j2O3DpjXdIuhLxyiVTcZ6Bcd21yeYa7KusoFZdg8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DGF9pxc8m8q/omf0l1+dJt+y5VpbtJ2j3LgJ5xlwjWArD0QQM8a+rNUuHJeXVrUWkEkNCDB13UB70tssocSIPD+Aadw7FT2WYydhgPMIgVuMcGd4Xv/faVLk39T9fvrR31lcmu3FjhSol5wykevHBHmJCTBhau6YnrscoGUnSTw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tbSAGosF; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tbSAGosF" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5964C433C7; Sun, 24 Mar 2024 23:36:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711323393; bh=X4/j2O3DpjXdIuhLxyiVTcZ6Bcd21yeYa7KusoFZdg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tbSAGosFjzubcsJ/uch4omVUMfp8E8nqX552/TUqXFFaZ7CmN3seAiy5lsZcv1cVv NVFkdLEYrS+QEanxYgvAWUIT/erVTE8O7BhrQi1ffK/0J81iuaUb4msWRu3h+G3+i9 7QrHx8OpgdgTPv1hKVCV4sbjTuniXvjJ53bQw1wsKkDWfoNQHOdnrRb6BYtUnoYokP Pnx5eh80FRHPS1jyA+EEfrVH90dtKn9OVdF/MPMX4SAQW52dMS1Bu2twtxTYASTEgm Os0Ntl0wUcADS0Ni7kVP5xmzXUZCD3ouwlIukmRUWdarfE6YK4h2j4I+DFXOeWfxoe MtESvk69oQkhw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Johannes Berg , Miri Korenblit , Sasha Levin Subject: [PATCH 5.15 094/317] wifi: iwlwifi: mvm: don't set replay counters to 0xff Date: Sun, 24 Mar 2024 19:31:14 -0400 Message-ID: <20240324233458.1352854-95-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324233458.1352854-1-sashal@kernel.org> References: <20240324233458.1352854-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Johannes Berg [ Upstream commit d5bd4041cd70faf26fc9a54bd6f172537bbe77f3 ] The firmware (later) actually uses the values even for keys that are invalid as far as the host is concerned, later in rekeying, and then only sets the low 48 bits since the PNs are only 48 bits over the air. It does, however, compare the full 64 bits later, obviously causing problems. Remove the memset and use kzalloc instead to avoid any old heap data leaking to the firmware. We already init all the other fields in the struct anyway. This leaves the data set to zero for any unused fields, so the firmware can look at them safely even if they're not used right now. Fixes: 79e561f0f05a ("iwlwifi: mvm: d3: implement RSC command version 5") Signed-off-by: Johannes Berg Signed-off-by: Miri Korenblit Link: https://msgid.link/20240206175739.462101146fef.I10f3855b99417af4247cf= f04af78dcbc6cb75c9c@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wire= less/intel/iwlwifi/mvm/d3.c index 27756e47f7caf..c4c62bcbe67de 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c @@ -462,12 +462,10 @@ static int iwl_mvm_wowlan_config_rsc_tsc(struct iwl_m= vm *mvm, struct wowlan_key_rsc_v5_data data =3D {}; int i; =20 - data.rsc =3D kmalloc(sizeof(*data.rsc), GFP_KERNEL); + data.rsc =3D kzalloc(sizeof(*data.rsc), GFP_KERNEL); if (!data.rsc) return -ENOMEM; =20 - memset(data.rsc, 0xff, sizeof(*data.rsc)); - for (i =3D 0; i < ARRAY_SIZE(data.rsc->mcast_key_id_map); i++) data.rsc->mcast_key_id_map[i] =3D IWL_MCAST_KEY_MAP_INVALID; --=20 2.43.0