lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250604143457.26032-1-johan+linaro@kernel.org>
Date: Wed,  4 Jun 2025 16:34:52 +0200
From: Johan Hovold <johan+linaro@...nel.org>
To: Jeff Johnson <jjohnson@...nel.org>
Cc: Miaoqing Pan <quic_miaoqing@...cinc.com>,
	Baochen Qiang <quic_bqiang@...cinc.com>,
	linux-wireless@...r.kernel.org,
	ath11k@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	Johan Hovold <johan+linaro@...nel.org>
Subject: [PATCH v2 0/5] wifi: ath11k: fix dest ring-buffer corruption

As a follow up to commits:

	6d037a372f81 ("wifi: ath11k: fix ring-buffer corruption")
	ab52e3e44fe9 ("wifi: ath11k: fix rx completion meta data corruption")

add the remaining missing memory barriers to make sure that destination
ring descriptors are read after the head pointers to avoid using stale
data on weakly ordered architectures like aarch64.

Also switch back to plain accesses for the descriptor fields which is
sufficient after the memory barrier.

New in v2 are two patches that adds the missing barriers also for source
rings and when updating the tail pointer for destination rings.

To avoid leaking ring details from the "hal" (lmac or non-lmac), the
barriers are added to the ath11k_hal_srng_access_end() helper. For
symmetry I therefore moved also the dest ring barriers into
ath11k_hal_srng_access_begin() and made the barrier conditional.

[ Due to this change I did not add Miaoqing's reviewed-by tag. ]

Johan


Changes in v2:
 - add tested-on tags to plain access patches
 - move destination barriers into begin helper
 - fix source ring corruption (new patch)
 - fix dest ring corruption when ring is full (new patch)


Johan Hovold (5):
  wifi: ath11k: fix dest ring-buffer corruption
  wifi: ath11k: use plain access for descriptor length
  wifi: ath11k: use plain accesses for monitor descriptor
  wifi: ath11k: fix source ring-buffer corruption
  wifi: ath11k: fix dest ring-buffer corruption when ring is full

 drivers/net/wireless/ath/ath11k/ce.c    |  3 ---
 drivers/net/wireless/ath/ath11k/dp_rx.c | 25 +++++++-----------
 drivers/net/wireless/ath/ath11k/hal.c   | 35 +++++++++++++++++++++----
 3 files changed, 39 insertions(+), 24 deletions(-)

-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ