svn commit: r295607 - head/sys/dev/usb/wlan

Andriy Voskoboinyk avos at freebsd.org
Sun Feb 14 18:20:47 UTC 2016 

Sun, 14 Feb 2016 18:19:02 +0200 було написано Hans Petter Selasky  
<hps at selasky.org>:

> On 02/14/16 16:13, Andriy Voskoboinyk wrote:
>> Sun, 14 Feb 2016 09:16:36 +0200 було написано Hans Petter Selasky
>> <hselasky at freebsd.org>:
>>
>>> Author: hselasky
>>> Date: Sun Feb 14 07:16:36 2016
>>> New Revision: 295607
>>> URL: https://svnweb.freebsd.org/changeset/base/295607
>>>
>>> Log:
>>>   Reduce the number of supported WLAN keys in the rum driver, else we
>>>   risk bit shifting overflows. Found by D5245 / PVS.
>>>  MFC after:    1 week
>>
>> Hardware crypto support was never merged (so, there is nothing to MFC).
>
> OK.
>
>>> Modified: head/sys/dev/usb/wlan/if_rumreg.h
>>> ==============================================================================
>>>
>>> --- head/sys/dev/usb/wlan/if_rumreg.h    Sun Feb 14 02:28:59 2016
>>> (r295606)
>>> +++ head/sys/dev/usb/wlan/if_rumreg.h    Sun Feb 14 07:16:36 2016
>>> (r295607)
>>> @@ -47,7 +47,7 @@
>>>   * H/w encryption/decryption support
>>>   */
>>>  #define KEY_SIZE        (IEEE80211_KEYBUF_SIZE +  
>>> IEEE80211_MICBUF_SIZE)
>>> -#define RT2573_ADDR_MAX         64
>>> +#define RT2573_ADDR_MAX         (32 / RT2573_SKEY_MAX)
>>>  #define RT2573_SKEY_MAX        4
>>> #define RT2573_SKEY(vap, kidx)    (0x1000 + ((vap) * RT2573_SKEY_MAX +  
>>> \
>>>
>>
>> Reason of this change? (device table has 64 entries, not 8).
>> I have not seen any overflows, caused by it:
>
> You're right.
>
>>
>> 1)
>>      vap->iv_key_set = rum_key_set;
>>      vap->iv_key_delete = rum_key_delete;
>>      vap->iv_update_beacon = rum_update_beacon;
>>      vap->iv_max_aid = RT2573_ADDR_MAX;                        // not
>> the case
>>
>>      usb_callout_init_mtx(&rvp->ratectl_ch, &sc->sc_mtx, 0);
>>      TASK_INIT(&rvp->ratectl_task, 0, rum_ratectl_task, rvp);
>>
>> 2)
>>           k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
>>          if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) {
>>              RUM_LOCK(sc);
>>              for (i = 0; i < RT2573_ADDR_MAX; i++) {      // can hold
>> [0;63] without any overflows;
>>                                       // keys_bmap is 64-bit, so there
>> is no overflow too
>>                  if ((sc->keys_bmap & (1ULL << i)) == 0) {
>>                      sc->keys_bmap |= 1ULL << i;
>>                      *keyix = i;
>>
>> 3)
>>                  }
>
> I'll revert the header file change shortly. Then we're up to date.
>
> --HPS

Thanks!

More information about the svn-src-all mailing list