#
9a6847ba |
| 08-Apr-2021 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: fix beacon head validation
If the beacon head attribute (NL80211_ATTR_BEACON_HEAD) is too short to even contain the frame control field, we access uninitialized data beyond the buffer. Fix
nl80211: fix beacon head validation
If the beacon head attribute (NL80211_ATTR_BEACON_HEAD) is too short to even contain the frame control field, we access uninitialized data beyond the buffer. Fix this by checking the minimal required size first. We used to do this until S1G support was added, where the fixed data portion has a different size.
Reported-and-tested-by: syzbot+72b99dcf4607e8c770f3@syzkaller.appspotmail.com Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Fixes: 1d47f1198d58 ("nl80211: correctly validate S1G beacon head") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20210408154518.d9b06d39b4ee.Iff908997b2a4067e8d456b3cb96cab9771d252b8@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
abaf94ec |
| 08-Apr-2021 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: fix potential leak of ACL params
In case nl80211_parse_unsol_bcast_probe_resp() results in an error, need to "goto out" instead of just returning to free possibly allocated data.
Fixes: 74
nl80211: fix potential leak of ACL params
In case nl80211_parse_unsol_bcast_probe_resp() results in an error, need to "goto out" instead of just returning to free possibly allocated data.
Fixes: 7443dcd1f171 ("nl80211: Unsolicited broadcast probe response support") Link: https://lore.kernel.org/r/20210408142833.d8bc2e2e454a.If290b1ba85789726a671ff0b237726d4851b5b0f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
Revision tags: v5.10.27, v5.10.26, v5.10.25, v5.10.24, v5.10.23, v5.10.22, v5.10.21, v5.10.20, v5.10.19, v5.4.101, v5.10.18 |
|
#
272cd0e8 |
| 22-Feb-2021 |
Aloka Dixit <alokad@codeaurora.org> |
nl80211: Add missing line in nl80211_fils_discovery_policy
Add NL80211_FILS_DISCOVERY_ATTR_TMPL explicitly in nl80211_fils_discovery_policy definition.
Signed-off-by: Aloka Dixit <alokad@codeaurora
nl80211: Add missing line in nl80211_fils_discovery_policy
Add NL80211_FILS_DISCOVERY_ATTR_TMPL explicitly in nl80211_fils_discovery_policy definition.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org> Link: https://lore.kernel.org/r/20210222212059.22492-1-alokad@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
239729a2 |
| 12-Mar-2021 |
Jarod Wilson <jarod@redhat.com> |
wireless/nl80211: fix wdev_id may be used uninitialized
Build currently fails with -Werror=maybe-uninitialized set:
net/wireless/nl80211.c: In function '__cfg80211_wdev_from_attrs': net/wireless/nl
wireless/nl80211: fix wdev_id may be used uninitialized
Build currently fails with -Werror=maybe-uninitialized set:
net/wireless/nl80211.c: In function '__cfg80211_wdev_from_attrs': net/wireless/nl80211.c:124:44: error: 'wdev_id' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Easy fix is to just initialize wdev_id to 0, since it's value doesn't otherwise matter unless have_wdev_id is true.
Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver") CC: Johannes Berg <johannes@sipsolutions.net> CC: "David S. Miller" <davem@davemloft.net> CC: Jakub Kicinski <kuba@kernel.org> CC: linux-wireless@vger.kernel.org CC: netdev@vger.kernel.org Signed-off-by: Jarod Wilson <jarod@redhat.com> Link: https://lore.kernel.org/r/20210312163651.1398207-1-jarod@redhat.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
77cbf790 |
| 10-Mar-2021 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: fix locking for wireless device netns change
We have all the network interfaces marked as netns-local since the only reasonable thing to do right now is to set a whole device, including all
nl80211: fix locking for wireless device netns change
We have all the network interfaces marked as netns-local since the only reasonable thing to do right now is to set a whole device, including all netdevs, into a different network namespace. For this reason, we also have our own way of changing the network namespace.
Unfortunately, the RTNL locking changes broke this, and it now results in many RTNL assertions. The trivial fix for those (just hold RTNL for the changes) however leads to deadlocks in the cfg80211 netdev notifier.
Since we only need the wiphy, and that's still protected by the RTNL, add a new NL80211_FLAG_NO_WIPHY_MTX flag to the nl80211 ops and use it to _not_ take the wiphy mutex but only the RTNL. This way, the notifier does all the work necessary during unregistration/registration of the netdevs from the old and in the new namespace.
Reported-by: Sid Hayn <sidhayn@gmail.com> Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20210310215839.eadf7c43781b.I5fc6cf6676f800ab8008e03bbea9c3349b02d804@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
Revision tags: v5.10.17, v5.11, v5.10.16, v5.10.15, v5.10.14 |
|
#
b6db0f89 |
| 04-Feb-2021 |
Ben Greear <greearb@candelatech.com> |
cfg80211/mac80211: Support disabling HE mode
Allow user to disable HE mode, similar to how VHT and HT can be disabled. Useful for testing.
Signed-off-by: Ben Greear <greearb@candelatech.com> Link:
cfg80211/mac80211: Support disabling HE mode
Allow user to disable HE mode, similar to how VHT and HT can be disabled. Useful for testing.
Signed-off-by: Ben Greear <greearb@candelatech.com> Link: https://lore.kernel.org/r/20210204144610.25971-1-greearb@candelatech.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
0391a45c |
| 28-Jan-2021 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: call cfg80211_dev_rename() under RTNL
This is required, and we have an assertion, move the RTNL unlock down to cover cfg80211_dev_rename().
Fixes: a05829a7222e ("cfg80211: avoid holding th
nl80211: call cfg80211_dev_rename() under RTNL
This is required, and we have an assertion, move the RTNL unlock down to cover cfg80211_dev_rename().
Fixes: a05829a7222e ("cfg80211: avoid holding the RTNL when calling the driver") Reported-by: syzbot+ed107c5fa3e21cdcd86e@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210128183454.16a4ea036740.I2beeb391dc322d6f1df3ee2612e714e0a7817397@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
a05829a7 |
| 22-Jan-2021 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: avoid holding the RTNL when calling the driver
Currently, _everything_ in cfg80211 holds the RTNL, and if you have a slow USB device (or a few) you can get some bad lock contention on that
cfg80211: avoid holding the RTNL when calling the driver
Currently, _everything_ in cfg80211 holds the RTNL, and if you have a slow USB device (or a few) you can get some bad lock contention on that.
Fix that by re-adding a mutex to each wiphy/rdev as we had at some point, so we have locking for the wireless_dev lists and all the other things in there, and also so that drivers still don't have to worry too much about it (they still won't get parallel calls for a single device).
Then, we can restrict the RTNL to a few cases where we add or remove interfaces and really need the added protection. Some of the global list management still also uses the RTNL, since we need to have it anyway for netdev management, but we only hold the RTNL for very short periods of time here.
Link: https://lore.kernel.org/r/20210122161942.81df9f5e047a.I4a8e1a60b18863ea8c5e6d3a0faeafb2d45b2f40@changeid Tested-by: Marek Szyprowski <m.szyprowski@samsung.com> [marvell driver issues] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
Revision tags: v5.10 |
|
#
6bdb68ce |
| 03-Dec-2020 |
Carl Huang <cjhuang@codeaurora.org> |
nl80211: add common API to configure SAR power limitations
NL80211_CMD_SET_SAR_SPECS is added to configure SAR from user space. NL80211_ATTR_SAR_SPEC is used to pass the SAR power specification when
nl80211: add common API to configure SAR power limitations
NL80211_CMD_SET_SAR_SPECS is added to configure SAR from user space. NL80211_ATTR_SAR_SPEC is used to pass the SAR power specification when used with NL80211_CMD_SET_SAR_SPECS.
Wireless driver needs to register SAR type, supported frequency ranges to wiphy, so user space can query it. The index in frequency range is used to specify which sub band the power limitation applies to. The SAR type is for compatibility, so later other SAR mechanism can be implemented without breaking the user space SAR applications.
Normal process is user space queries the SAR capability, and gets the index of supported frequency ranges and associates the power limitation with this index and sends to kernel.
Here is an example of message send to kernel: 8c 00 00 00 08 00 01 00 00 00 00 00 38 00 2b 81 08 00 01 00 00 00 00 00 2c 00 02 80 14 00 00 80 08 00 02 00 00 00 00 00 08 00 01 00 38 00 00 00 14 00 01 80 08 00 02 00 01 00 00 00 08 00 01 00 48 00 00 00
NL80211_CMD_SET_SAR_SPECS: 0x8c NL80211_ATTR_WIPHY: 0x01(phy idx is 0) NL80211_ATTR_SAR_SPEC: 0x812b (NLA_NESTED) NL80211_SAR_ATTR_TYPE: 0x00 (NL80211_SAR_TYPE_POWER) NL80211_SAR_ATTR_SPECS: 0x8002 (NLA_NESTED) freq range 0 power: 0x38 in 0.25dbm unit (14dbm) freq range 1 power: 0x48 in 0.25dbm unit (18dbm)
Signed-off-by: Carl Huang <cjhuang@codeaurora.org> Reviewed-by: Brian Norris <briannorris@chromium.org> Reviewed-by: Abhishek Kumar <kuabhs@chromium.org> Link: https://lore.kernel.org/r/20201203103728.3034-2-cjhuang@codeaurora.org [minor edits, NLA parse cleanups] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
3bb02143 |
| 06-Dec-2020 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: support immediate reconnect request hint
There are cases where it's necessary to disconnect, but an immediate reconnection is desired. Support a hint to userspace that this is the case, by
cfg80211: support immediate reconnect request hint
There are cases where it's necessary to disconnect, but an immediate reconnection is desired. Support a hint to userspace that this is the case, by including a new attribute in the deauth or disassoc event.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201206145305.58d33941fb9d.I0e7168c205c7949529c8e3b86f3c9b12c01a7017@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
2d946308 |
| 04-Dec-2020 |
Anant Thazhemadam <anant.thazhemadam@gmail.com> |
nl80211: validate key indexes for cfg80211_registered_device
syzbot discovered a bug in which an OOB access was being made because an unsuitable key_idx value was wrongly considered to be acceptable
nl80211: validate key indexes for cfg80211_registered_device
syzbot discovered a bug in which an OOB access was being made because an unsuitable key_idx value was wrongly considered to be acceptable while deleting a key in nl80211_del_key().
Since we don't know the cipher at the time of deletion, if cfg80211_validate_key_settings() were to be called directly in nl80211_del_key(), even valid keys would be wrongly determined invalid, and deletion wouldn't occur correctly. For this reason, a new function - cfg80211_valid_key_idx(), has been created, to determine if the key_idx value provided is valid or not. cfg80211_valid_key_idx() is directly called in 2 places - nl80211_del_key(), and cfg80211_validate_key_settings().
Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com Suggested-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com Cc: stable@vger.kernel.org [also disallow IGTK key IDs if no IGTK cipher is supported] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
669b8413 |
| 29-Nov-2020 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: include block-tx flag in channel switch started event
In the NL80211_CMD_CH_SWITCH_STARTED_NOTIFY event, include the NL80211_ATTR_CH_SWITCH_BLOCK_TX flag attribute if block-tx was requeste
cfg80211: include block-tx flag in channel switch started event
In the NL80211_CMD_CH_SWITCH_STARTED_NOTIFY event, include the NL80211_ATTR_CH_SWITCH_BLOCK_TX flag attribute if block-tx was requested by the AP.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.8953ef22cc64.Ifee9cab337a4369938545920ba5590559e91327a@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
c837cbad |
| 29-Nov-2020 |
Avraham Stern <avraham.stern@intel.com> |
nl80211: always accept scan request with the duration set
Accept a scan request with the duration set even if the driver does not support setting the scan dwell. The duration can be used as a hint t
nl80211: always accept scan request with the duration set
Accept a scan request with the duration set even if the driver does not support setting the scan dwell. The duration can be used as a hint to the driver, but the driver may use its internal logic for setting the scan dwell.
Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.9491a12f9226.Ia9c5b24fcefc5ce5592537507243391633a27e5f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
d6587602 |
| 29-Nov-2020 |
Ilan Peer <ilan.peer@intel.com> |
cfg80211: Parse SAE H2E only membership selector
This extends the support for drivers that rebuild IEs in the FW (same as with HT/VHT/HE).
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-
cfg80211: Parse SAE H2E only membership selector
This extends the support for drivers that rebuild IEs in the FW (same as with HT/VHT/HE).
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.4012647275f3.I1a93ae71c57ef0b6f58f99d47fce919d19d65ff0@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
d7832c71 |
| 20-Nov-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
nl80211: Fix fall-through warnings for Clang
In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning by explicitly adding a break statement instead of letting the code fall through
nl80211: Fix fall-through warnings for Clang
In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning by explicitly adding a break statement instead of letting the code fall through to the next case.
Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/fe5afd456a1244751177e53359d3dd149a63a873.1605896060.git.gustavoars@kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
e7e0517c |
| 09-Nov-2020 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: remove WDS code
Remove all the code that was there to configure WDS interfaces, now that there's no way to reach it anymore.
Link: https://lore.kernel.org/r/20201109105103.8f5b98e4068d.I5
cfg80211: remove WDS code
Remove all the code that was there to configure WDS interfaces, now that there's no way to reach it anymore.
Link: https://lore.kernel.org/r/20201109105103.8f5b98e4068d.I5f5129041649ef2862b69683574bb3344743727b@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
Revision tags: v5.8.17, v5.8.16 |
|
#
c4a30446 |
| 16-Oct-2020 |
Rajkumar Manoharan <rmanohar@codeaurora.org> |
cfg80211: add support to configure HE MCS for beacon rate
This allows an option to configure a single HE MCS beacon tx rate.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org> Link: https:
cfg80211: add support to configure HE MCS for beacon rate
This allows an option to configure a single HE MCS beacon tx rate.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org> Link: https://lore.kernel.org/r/1602879327-29488-2-git-send-email-rmanohar@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
857b34c4 |
| 16-Oct-2020 |
Rajkumar Manoharan <rmanohar@codeaurora.org> |
nl80211: fix beacon tx rate mask validation
While adding HE MCS beacon tx rate support, it is observed that legacy beacon tx rate in VHT hwsim test suite is failed. Whenever the application doesn't
nl80211: fix beacon tx rate mask validation
While adding HE MCS beacon tx rate support, it is observed that legacy beacon tx rate in VHT hwsim test suite is failed. Whenever the application doesn't explicitly set VHT/MCS rate attribute in fixed rate command, by default all HE MCS masks are enabled in cfg80211. In beacon fixed rate, more than one rate mask is not allowed. Fix that by not setting all rate mask by default in case of beacon tx rate.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org> Link: https://lore.kernel.org/r/1602879327-29488-1-git-send-email-rmanohar@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
9f0ffa41 |
| 27-Oct-2020 |
Rohan Dutta <drohan@codeaurora.org> |
cfg80211: Add support to configure SAE PWE value to drivers
Add support to configure SAE PWE preference from userspace to drivers in both AP and STA modes. This is needed for cases where the driver
cfg80211: Add support to configure SAE PWE value to drivers
Add support to configure SAE PWE preference from userspace to drivers in both AP and STA modes. This is needed for cases where the driver takes care of Authentication frame processing (SME in the driver) so that correct enforcement of the acceptable PWE derivation mechanism can be performed.
The userspace applications can pass the sae_pwe value using the NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and NL80211_CMD_START_AP commands to the driver. This allows selection between the hunting-and-pecking loop and hash-to-element options for PWE derivation. For backwards compatibility, this new attribute is optional and if not included, the driver is notified of the value being unspecified.
Signed-off-by: Rohan Dutta <drohan@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
#
1b728869 |
| 09-Jun-2021 |
Ping-Ke Shih <pkshih@realtek.com> |
cfg80211: fix default HE tx bitrate mask in 2G band
[ Upstream commit 9df66d5b9f45c39b3925d16e8947cc10009b186d ]
In 2G band, a HE sta can only supports HT and HE, but not supports VHT. In this case
cfg80211: fix default HE tx bitrate mask in 2G band
[ Upstream commit 9df66d5b9f45c39b3925d16e8947cc10009b186d ]
In 2G band, a HE sta can only supports HT and HE, but not supports VHT. In this case, default HE tx bitrate mask isn't filled, when we use iw to set bitrates without any parameter.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Link: https://lore.kernel.org/r/20210609075944.51130-1-pkshih@realtek.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
#
fea52345 |
| 08-Apr-2021 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: fix potential leak of ACL params
commit abaf94ecc9c356d0b885a84edef4905cdd89cfdd upstream.
In case nl80211_parse_unsol_bcast_probe_resp() results in an error, need to "goto out" instead of
nl80211: fix potential leak of ACL params
commit abaf94ecc9c356d0b885a84edef4905cdd89cfdd upstream.
In case nl80211_parse_unsol_bcast_probe_resp() results in an error, need to "goto out" instead of just returning to free possibly allocated data.
Fixes: 7443dcd1f171 ("nl80211: Unsolicited broadcast probe response support") Link: https://lore.kernel.org/r/20210408142833.d8bc2e2e454a.If290b1ba85789726a671ff0b237726d4851b5b0f@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
42e4450e |
| 08-Apr-2021 |
Johannes Berg <johannes.berg@intel.com> |
nl80211: fix beacon head validation
commit 9a6847ba1747858ccac53c5aba3e25c54fbdf846 upstream.
If the beacon head attribute (NL80211_ATTR_BEACON_HEAD) is too short to even contain the frame control
nl80211: fix beacon head validation
commit 9a6847ba1747858ccac53c5aba3e25c54fbdf846 upstream.
If the beacon head attribute (NL80211_ATTR_BEACON_HEAD) is too short to even contain the frame control field, we access uninitialized data beyond the buffer. Fix this by checking the minimal required size first. We used to do this until S1G support was added, where the fixed data portion has a different size.
Reported-and-tested-by: syzbot+72b99dcf4607e8c770f3@syzkaller.appspotmail.com Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Fixes: 1d47f1198d58 ("nl80211: correctly validate S1G beacon head") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20210408154518.d9b06d39b4ee.Iff908997b2a4067e8d456b3cb96cab9771d252b8@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
05725b40 |
| 04-Dec-2020 |
Anant Thazhemadam <anant.thazhemadam@gmail.com> |
nl80211: validate key indexes for cfg80211_registered_device
commit 2d9463083ce92636a1bdd3e30d1236e3e95d859e upstream.
syzbot discovered a bug in which an OOB access was being made because an unsui
nl80211: validate key indexes for cfg80211_registered_device
commit 2d9463083ce92636a1bdd3e30d1236e3e95d859e upstream.
syzbot discovered a bug in which an OOB access was being made because an unsuitable key_idx value was wrongly considered to be acceptable while deleting a key in nl80211_del_key().
Since we don't know the cipher at the time of deletion, if cfg80211_validate_key_settings() were to be called directly in nl80211_del_key(), even valid keys would be wrongly determined invalid, and deletion wouldn't occur correctly. For this reason, a new function - cfg80211_valid_key_idx(), has been created, to determine if the key_idx value provided is valid or not. cfg80211_valid_key_idx() is directly called in 2 places - nl80211_del_key(), and cfg80211_validate_key_settings().
Reported-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com Tested-by: syzbot+49d4cab497c2142ee170@syzkaller.appspotmail.com Suggested-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> Link: https://lore.kernel.org/r/20201204215825.129879-1-anant.thazhemadam@gmail.com Cc: stable@vger.kernel.org [also disallow IGTK key IDs if no IGTK cipher is supported] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
f495acd8 |
| 29-Nov-2020 |
Sara Sharon <sara.sharon@intel.com> |
cfg80211: initialize rekey_data
In case we have old supplicant, the akm field is uninitialized.
Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.c
cfg80211: initialize rekey_data
In case we have old supplicant, the akm field is uninitialized.
Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/iwlwifi.20201129172929.930f0ab7ebee.Ic546e384efab3f4a89f318eafddc3eb7d556aecb@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|
Revision tags: v5.8.15, v5.9 |
|
#
9bdaf3b9 |
| 09-Oct-2020 |
Johannes Berg <johannes.berg@intel.com> |
cfg80211: initialize wdev data earlier
There's a race condition in the netdev registration in that NETDEV_REGISTER actually happens after the netdev is available, and so if we initialize things only
cfg80211: initialize wdev data earlier
There's a race condition in the netdev registration in that NETDEV_REGISTER actually happens after the netdev is available, and so if we initialize things only there, we might get called with an uninitialized wdev through nl80211 - not using a wdev but using a netdev interface index.
I found this while looking into a syzbot report, but it doesn't really seem to be related, and unfortunately there's no repro for it (yet). I can't (yet) explain how it managed to get into cfg80211_release_pmsr() from nl80211_netlink_notify() without the wdev having been initialized, as the latter only iterates the wdevs that are linked into the rdev, which even without the change here happened after init.
However, looking at this, it seems fairly clear that the init needs to be done earlier, otherwise we might even re-init on a netns move, when data might still be pending.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Link: https://lore.kernel.org/r/20201009135821.fdcbba3aad65.Ie9201d91dbcb7da32318812effdc1561aeaf4cdc@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
show more ...
|