Jouni Malinen <jouni@xxxxxxxxxxxxxx> wrote: > For fragmented packets, ath11k reassembles each fragment as a normal > packet and then reinjects it into HW ring. In this case, the DMA > direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE, otherwise > invalid payload will be reinjected to HW and then delivered to host. > What is more, since arbitrary memory could be allocated to the frame, we > don't know what kind of data is contained in the buffer reinjected. > Thus, as a bad result, private info may be leaked. > > Note that this issue is only found on Intel platform. > > Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 > Signed-off-by: Baochen Qiang <bqiang@xxxxxxxxxxxxxx> > Signed-off-by: Jouni Malinen <jouni@xxxxxxxxxxxxxx> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> Dropping due to the issue Peter found. Patch set to Changes Requested. -- https://patchwork.kernel.org/project/linux-wireless/patch/20210913180246.193388-1-jouni@xxxxxxxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
