e220ffb533
Improves local TCP throughput and fixes use-after-free bugs that could lead to crashes. Signed-off-by: Felix Fietkau <nbd@nbd.name>
233 lines
7.5 KiB
Diff
233 lines
7.5 KiB
Diff
From: Janusz Dziedzic <janusz.dziedzic@tieto.com>
|
|
Date: Fri, 19 Feb 2016 11:01:50 +0100
|
|
Subject: [PATCH] mac80211: add NEED_ALIGNED4_SKBS hw flag
|
|
|
|
HW/driver should set NEED_ALIGNED4_SKBS flag in case
|
|
require aligned skbs to four-byte boundaries.
|
|
This affect only TX direction.
|
|
|
|
Padding is added after ieee80211_hdr, before IV/LLC.
|
|
|
|
Before we have to do memmove(hdrlen) twice in the
|
|
dirver. Once before we pass this to HW and next
|
|
in tx completion (to be sure monitor will report
|
|
this tx frame correctly).
|
|
|
|
With this patch we can skip this memmove() and save CPU.
|
|
|
|
Currently this was tested with ath9k, both hw/sw crypt for
|
|
wep/tkip/ccmp.
|
|
|
|
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
|
|
---
|
|
|
|
--- a/include/net/mac80211.h
|
|
+++ b/include/net/mac80211.h
|
|
@@ -2127,6 +2127,9 @@ struct ieee80211_txq {
|
|
* @IEEE80211_HW_DOESNT_SUPPORT_QOS_NDP: The driver (or firmware) doesn't
|
|
* support QoS NDP for AP probing - that's most likely a driver bug.
|
|
*
|
|
+ * @IEEE80211_HW_NEEDS_ALIGNED4_SKBS: Driver need aligned skbs to four-byte.
|
|
+ * Padding will be added after ieee80211_hdr, before IV/LLC.
|
|
+ *
|
|
* @NUM_IEEE80211_HW_FLAGS: number of hardware flags, used for sizing arrays
|
|
*/
|
|
enum ieee80211_hw_flags {
|
|
@@ -2172,6 +2175,7 @@ enum ieee80211_hw_flags {
|
|
IEEE80211_HW_SUPPORTS_TDLS_BUFFER_STA,
|
|
IEEE80211_HW_DEAUTH_NEED_MGD_TX_PREP,
|
|
IEEE80211_HW_DOESNT_SUPPORT_QOS_NDP,
|
|
+ IEEE80211_HW_NEEDS_ALIGNED4_SKBS,
|
|
|
|
/* keep last, obviously */
|
|
NUM_IEEE80211_HW_FLAGS
|
|
--- a/net/mac80211/debugfs.c
|
|
+++ b/net/mac80211/debugfs.c
|
|
@@ -214,6 +214,7 @@ static const char *hw_flag_names[] = {
|
|
FLAG(SUPPORTS_TDLS_BUFFER_STA),
|
|
FLAG(DEAUTH_NEED_MGD_TX_PREP),
|
|
FLAG(DOESNT_SUPPORT_QOS_NDP),
|
|
+ FLAG(NEEDS_ALIGNED4_SKBS),
|
|
#undef FLAG
|
|
};
|
|
|
|
--- a/net/mac80211/ieee80211_i.h
|
|
+++ b/net/mac80211/ieee80211_i.h
|
|
@@ -1557,6 +1557,29 @@ ieee80211_vif_get_num_mcast_if(struct ie
|
|
return -1;
|
|
}
|
|
|
|
+static inline unsigned int
|
|
+ieee80211_hdr_padsize(struct ieee80211_hw *hw, unsigned int hdrlen)
|
|
+{
|
|
+ /*
|
|
+ * While hdrlen is already aligned to two-byte boundaries,
|
|
+ * simple check with & 2 will return correct padsize.
|
|
+ */
|
|
+ if (ieee80211_hw_check(hw, NEEDS_ALIGNED4_SKBS))
|
|
+ return hdrlen & 2;
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static inline unsigned int
|
|
+ieee80211_padded_hdrlen(struct ieee80211_hw *hw, __le16 fc)
|
|
+{
|
|
+ unsigned int hdrlen;
|
|
+
|
|
+ hdrlen = ieee80211_hdrlen(fc);
|
|
+ hdrlen += ieee80211_hdr_padsize(hw, hdrlen);
|
|
+
|
|
+ return hdrlen;
|
|
+}
|
|
+
|
|
u64 ieee80211_calculate_rx_timestamp(struct ieee80211_local *local,
|
|
struct ieee80211_rx_status *status,
|
|
unsigned int mpdu_len,
|
|
--- a/net/mac80211/sta_info.h
|
|
+++ b/net/mac80211/sta_info.h
|
|
@@ -301,7 +301,7 @@ struct ieee80211_fast_tx {
|
|
u8 hdr_len;
|
|
u8 sa_offs, da_offs, pn_offs;
|
|
u8 band;
|
|
- u8 hdr[30 + 2 + IEEE80211_FAST_XMIT_MAX_IV +
|
|
+ u8 hdr[30 + 2 + 2 + IEEE80211_FAST_XMIT_MAX_IV +
|
|
sizeof(rfc1042_header)] __aligned(2);
|
|
|
|
struct rcu_head rcu_head;
|
|
--- a/net/mac80211/status.c
|
|
+++ b/net/mac80211/status.c
|
|
@@ -658,9 +658,22 @@ void ieee80211_tx_monitor(struct ieee802
|
|
struct sk_buff *skb2;
|
|
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
|
|
struct ieee80211_sub_if_data *sdata;
|
|
+ struct ieee80211_hdr *hdr = (void *)skb->data;
|
|
struct net_device *prev_dev = NULL;
|
|
+ unsigned int hdrlen, padsize;
|
|
int rtap_len;
|
|
|
|
+ /* Remove padding if was added */
|
|
+ if (ieee80211_hw_check(&local->hw, NEEDS_ALIGNED4_SKBS)) {
|
|
+ hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
+ padsize = ieee80211_hdr_padsize(&local->hw, hdrlen);
|
|
+
|
|
+ if (padsize && skb->len > hdrlen + padsize) {
|
|
+ memmove(skb->data + padsize, skb->data, hdrlen);
|
|
+ skb_pull(skb, padsize);
|
|
+ }
|
|
+ }
|
|
+
|
|
/* send frame to monitor interfaces now */
|
|
rtap_len = ieee80211_tx_radiotap_len(info);
|
|
if (WARN_ON_ONCE(skb_headroom(skb) < rtap_len)) {
|
|
--- a/net/mac80211/tkip.c
|
|
+++ b/net/mac80211/tkip.c
|
|
@@ -201,10 +201,12 @@ void ieee80211_get_tkip_p2k(struct ieee8
|
|
{
|
|
struct ieee80211_key *key = (struct ieee80211_key *)
|
|
container_of(keyconf, struct ieee80211_key, conf);
|
|
+ struct ieee80211_hw *hw = &key->local->hw;
|
|
const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
|
|
struct tkip_ctx *ctx = &key->u.tkip.tx;
|
|
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
|
|
- const u8 *data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control);
|
|
+ const u8 *data = (u8 *)hdr + ieee80211_padded_hdrlen(hw,
|
|
+ hdr->frame_control);
|
|
u32 iv32 = get_unaligned_le32(&data[4]);
|
|
u16 iv16 = data[2] | (data[0] << 8);
|
|
|
|
--- a/net/mac80211/tx.c
|
|
+++ b/net/mac80211/tx.c
|
|
@@ -1171,8 +1171,7 @@ ieee80211_tx_prepare(struct ieee80211_su
|
|
info->flags &= ~IEEE80211_TX_INTFL_NEED_TXPROCESSING;
|
|
|
|
hdr = (struct ieee80211_hdr *) skb->data;
|
|
-
|
|
- tx->hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
+ tx->hdrlen = ieee80211_padded_hdrlen(&local->hw, hdr->frame_control);
|
|
|
|
if (likely(sta)) {
|
|
if (!IS_ERR(sta))
|
|
@@ -2205,7 +2204,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
|
|
goto fail;
|
|
|
|
hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
|
|
- hdrlen = ieee80211_hdrlen(hdr->frame_control);
|
|
+ hdrlen = ieee80211_padded_hdrlen(&local->hw, hdr->frame_control);
|
|
|
|
if (skb->len < len_rthdr + hdrlen)
|
|
goto fail;
|
|
@@ -2423,7 +2422,7 @@ static struct sk_buff *ieee80211_build_h
|
|
struct ieee80211_chanctx_conf *chanctx_conf;
|
|
struct ieee80211_sub_if_data *ap_sdata;
|
|
enum nl80211_band band;
|
|
- int ret;
|
|
+ int padsize, ret;
|
|
|
|
if (IS_ERR(sta))
|
|
sta = NULL;
|
|
@@ -2643,6 +2642,9 @@ static struct sk_buff *ieee80211_build_h
|
|
hdrlen += 2;
|
|
}
|
|
|
|
+ /* Check aligned4 skb required */
|
|
+ padsize = ieee80211_hdr_padsize(&sdata->local->hw, hdrlen);
|
|
+
|
|
/*
|
|
* Drop unicast frames to unauthorised stations unless they are
|
|
* EAPOL frames from the local station.
|
|
@@ -2723,6 +2725,7 @@ static struct sk_buff *ieee80211_build_h
|
|
|
|
skb_pull(skb, skip_header_bytes);
|
|
head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
|
|
+ head_need += padsize;
|
|
|
|
/*
|
|
* So we need to modify the skb header and hence need a copy of
|
|
@@ -2755,6 +2758,9 @@ static struct sk_buff *ieee80211_build_h
|
|
memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
|
|
#endif
|
|
|
|
+ if (padsize)
|
|
+ memset(skb_push(skb, padsize), 0, padsize);
|
|
+
|
|
if (ieee80211_is_data_qos(fc)) {
|
|
__le16 *qos_control;
|
|
|
|
@@ -2930,6 +2936,9 @@ void ieee80211_check_fast_xmit(struct st
|
|
fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
|
|
}
|
|
|
|
+ /* Check aligned4 skb required */
|
|
+ build.hdr_len += ieee80211_hdr_padsize(&local->hw, build.hdr_len);
|
|
+
|
|
/* We store the key here so there's no point in using rcu_dereference()
|
|
* but that's fine because the code that changes the pointers will call
|
|
* this function after doing so. For a single CPU that would be enough,
|
|
@@ -3524,7 +3533,7 @@ begin:
|
|
|
|
if (tx.key &&
|
|
(tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
|
|
- pn_offs = ieee80211_hdrlen(hdr->frame_control);
|
|
+ pn_offs = tx.hdrlen;
|
|
|
|
ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
|
|
tx.key, skb);
|
|
--- a/net/mac80211/util.c
|
|
+++ b/net/mac80211/util.c
|
|
@@ -1288,6 +1288,7 @@ void ieee80211_send_auth(struct ieee8021
|
|
u32 tx_flags)
|
|
{
|
|
struct ieee80211_local *local = sdata->local;
|
|
+ struct ieee80211_hw *hw = &local->hw;
|
|
struct sk_buff *skb;
|
|
struct ieee80211_mgmt *mgmt;
|
|
unsigned int hdrlen;
|
|
@@ -1314,7 +1315,7 @@ void ieee80211_send_auth(struct ieee8021
|
|
skb_put_data(skb, extra, extra_len);
|
|
|
|
if (auth_alg == WLAN_AUTH_SHARED_KEY && transaction == 3) {
|
|
- hdrlen = ieee80211_hdrlen(mgmt->frame_control);
|
|
+ hdrlen = ieee80211_padded_hdrlen(hw, mgmt->frame_control);
|
|
mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
|
|
err = ieee80211_wep_encrypt(local, skb, hdrlen, key,
|
|
key_len, key_idx);
|