Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Feb 2016 17:19:02 +0100
From:      Hans Petter Selasky <hps@selasky.org>
To:        Andriy Voskoboinyk <avos@freebsd.org>
Cc:        "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>
Subject:   Re: svn commit: r295607 - head/sys/dev/usb/wlan
Message-ID:  <56C0A8F6.1090105@selasky.org>
In-Reply-To: <op.yctwknx14dikkl@localhost>
References:  <201602140716.u1E7Gaot040504@repo.freebsd.org> <op.yctwknx14dikkl@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
On 02/14/16 16:13, Andriy Voskoboinyk wrote:
> Sun, 14 Feb 2016 09:16:36 +0200 було написано Hans Petter Selasky
> <hselasky@freebsd.org>:
>
>> Author: hselasky
>> Date: Sun Feb 14 07:16:36 2016
>> New Revision: 295607
>> URL: https://svnweb.freebsd.org/changeset/base/295607
>>
>> Log:
>>   Reduce the number of supported WLAN keys in the rum driver, else we
>>   risk bit shifting overflows. Found by D5245 / PVS.
>>  MFC after:    1 week
>
> Hardware crypto support was never merged (so, there is nothing to MFC).

OK.

>> Modified: head/sys/dev/usb/wlan/if_rumreg.h
>> ==============================================================================
>>
>> --- head/sys/dev/usb/wlan/if_rumreg.h    Sun Feb 14 02:28:59 2016
>> (r295606)
>> +++ head/sys/dev/usb/wlan/if_rumreg.h    Sun Feb 14 07:16:36 2016
>> (r295607)
>> @@ -47,7 +47,7 @@
>>   * H/w encryption/decryption support
>>   */
>>  #define KEY_SIZE        (IEEE80211_KEYBUF_SIZE + IEEE80211_MICBUF_SIZE)
>> -#define RT2573_ADDR_MAX         64
>> +#define RT2573_ADDR_MAX         (32 / RT2573_SKEY_MAX)
>>  #define RT2573_SKEY_MAX        4
>> #define RT2573_SKEY(vap, kidx)    (0x1000 + ((vap) * RT2573_SKEY_MAX + \
>>
>
> Reason of this change? (device table has 64 entries, not 8).
> I have not seen any overflows, caused by it:

You're right.

>
> 1)
>      vap->iv_key_set = rum_key_set;
>      vap->iv_key_delete = rum_key_delete;
>      vap->iv_update_beacon = rum_update_beacon;
>      vap->iv_max_aid = RT2573_ADDR_MAX;                        // not
> the case
>
>      usb_callout_init_mtx(&rvp->ratectl_ch, &sc->sc_mtx, 0);
>      TASK_INIT(&rvp->ratectl_task, 0, rum_ratectl_task, rvp);
>
> 2)
>           k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
>          if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) {
>              RUM_LOCK(sc);
>              for (i = 0; i < RT2573_ADDR_MAX; i++) {      // can hold
> [0;63] without any overflows;
>                                       // keys_bmap is 64-bit, so there
> is no overflow too
>                  if ((sc->keys_bmap & (1ULL << i)) == 0) {
>                      sc->keys_bmap |= 1ULL << i;
>                      *keyix = i;
>
> 3)
>                  }

I'll revert the header file change shortly. Then we're up to date.

--HPS



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56C0A8F6.1090105>