From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.13 40/43] cfg80211: fix connect/disconnect edge cases
Date: Tue, 31 Oct 2017 10:56:00 +0100 [thread overview]
Message-ID: <20171031095532.092184252@linuxfoundation.org> (raw)
In-Reply-To: <20171031095530.520746935@linuxfoundation.org>
4.13-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 51e13359cd5ea34acc62c90627603352956380af upstream.
If we try to connect while already connected/connecting, but
this fails, we set ssid_len=0 but leave current_bss hanging,
leading to errors.
Check all of this better, first of all ensuring that we can't
try to connect to a different SSID while connected/ing; ensure
that prev_bssid is set for re-association attempts even in the
case of the driver supporting the connect() method, and don't
reset ssid_len in the failure cases.
While at it, also reset ssid_len while disconnecting unless we
were connected and expect a disconnected event, and warn on a
successful connection without ssid_len being set.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/sme.c | 50 +++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 41 insertions(+), 9 deletions(-)
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -522,11 +522,6 @@ static int cfg80211_sme_connect(struct w
return -EOPNOTSUPP;
if (wdev->current_bss) {
- if (!prev_bssid)
- return -EALREADY;
- if (prev_bssid &&
- !ether_addr_equal(prev_bssid, wdev->current_bss->pub.bssid))
- return -ENOTCONN;
cfg80211_unhold_bss(wdev->current_bss);
cfg80211_put_bss(wdev->wiphy, &wdev->current_bss->pub);
wdev->current_bss = NULL;
@@ -1063,11 +1058,35 @@ int cfg80211_connect(struct cfg80211_reg
ASSERT_WDEV_LOCK(wdev);
- if (WARN_ON(wdev->connect_keys)) {
- kzfree(wdev->connect_keys);
- wdev->connect_keys = NULL;
+ /*
+ * If we have an ssid_len, we're trying to connect or are
+ * already connected, so reject a new SSID unless it's the
+ * same (which is the case for re-association.)
+ */
+ if (wdev->ssid_len &&
+ (wdev->ssid_len != connect->ssid_len ||
+ memcmp(wdev->ssid, connect->ssid, wdev->ssid_len)))
+ return -EALREADY;
+
+ /*
+ * If connected, reject (re-)association unless prev_bssid
+ * matches the current BSSID.
+ */
+ if (wdev->current_bss) {
+ if (!prev_bssid)
+ return -EALREADY;
+ if (!ether_addr_equal(prev_bssid, wdev->current_bss->pub.bssid))
+ return -ENOTCONN;
}
+ /*
+ * Reject if we're in the process of connecting with WEP,
+ * this case isn't very interesting and trying to handle
+ * it would make the code much more complex.
+ */
+ if (wdev->connect_keys)
+ return -EINPROGRESS;
+
cfg80211_oper_and_ht_capa(&connect->ht_capa_mask,
rdev->wiphy.ht_capa_mod_mask);
@@ -1118,7 +1137,12 @@ int cfg80211_connect(struct cfg80211_reg
if (err) {
wdev->connect_keys = NULL;
- wdev->ssid_len = 0;
+ /*
+ * This could be reassoc getting refused, don't clear
+ * ssid_len in that case.
+ */
+ if (!wdev->current_bss)
+ wdev->ssid_len = 0;
return err;
}
@@ -1145,6 +1169,14 @@ int cfg80211_disconnect(struct cfg80211_
else if (wdev->ssid_len)
err = rdev_disconnect(rdev, dev, reason);
+ /*
+ * Clear ssid_len unless we actually were fully connected,
+ * in which case cfg80211_disconnected() will take care of
+ * this later.
+ */
+ if (!wdev->current_bss)
+ wdev->ssid_len = 0;
+
return err;
}
next prev parent reply other threads:[~2017-10-31 9:59 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-31 9:55 [PATCH 4.13 00/43] 4.13.11-stable review Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 01/43] workqueue: replace pool->manager_arb mutex with a flag Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 03/43] ALSA: hda/realtek - Add support for ALC236/ALC3204 Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 04/43] ALSA: hda - fix headset mic problem for Dell machines with alc236 Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 05/43] ceph: unlock dangling spinlock in try_flush_caps() Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 06/43] Fix tracing sample code warning Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 07/43] KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 08/43] KVM: PPC: Book3S HV: POWER9 more doorbell fixes Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 09/43] KVM: PPC: Book3S: Protect kvmppc_gpa_to_ua() with SRCU Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 10/43] s390/kvm: fix detection of guest machine checks Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 11/43] nbd: handle interrupted sendmsg with a sndtimeo set Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 12/43] spi: uapi: spidev: add missing ioctl header Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 13/43] spi: a3700: Return correct value on timeout detection Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 14/43] spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 15/43] spi: armada-3700: Fix failing commands with quad-SPI Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 16/43] ovl: add NULL check in ovl_alloc_inode Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 17/43] ovl: fix EIO from lookup of non-indexed upper Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 18/43] ovl: handle ENOENT on index lookup Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 19/43] ovl: do not cleanup unsupported index entries Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 20/43] fuse: fix READDIRPLUS skipping an entry Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 21/43] xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 22/43] xen: fix booting ballooned down hvm guest Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 23/43] cifs: Select all required crypto modules Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 25/43] Input: elan_i2c - add ELAN0611 to the ACPI table Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 26/43] Input: gtco - fix potential out-of-bound access Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 27/43] Fix encryption labels and lengths for SMB3.1.1 Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 28/43] SMB3: Validate negotiate request must always be signed Greg Kroah-Hartman
2017-10-31 13:02 ` Thomas Backlund
2017-11-01 15:17 ` Greg Kroah-Hartman
2017-11-01 15:18 ` Greg Kroah-Hartman
2018-01-04 2:15 ` Srivatsa S. Bhat
2018-01-18 21:25 ` Srivatsa S. Bhat
2018-01-19 13:23 ` Aurélien Aptel
2018-01-30 3:31 ` Srivatsa S. Bhat
2018-02-27 3:44 ` Srivatsa S. Bhat
2018-02-27 8:54 ` Greg Kroah-Hartman
2018-02-27 9:22 ` Srivatsa S. Bhat
2018-02-27 12:40 ` Greg Kroah-Hartman
2018-02-27 17:45 ` Srivatsa S. Bhat
2018-02-27 17:55 ` Steve French
2018-02-27 17:56 ` Steve French
2018-02-27 18:33 ` Srivatsa S. Bhat
2018-03-12 2:37 ` Steve French
2018-03-13 9:21 ` Greg Kroah-Hartman
2018-03-13 15:21 ` Steve French
2018-03-16 13:32 ` Greg Kroah-Hartman
2018-03-16 16:19 ` Steve French
2018-03-22 2:02 ` Steve French
2018-03-22 5:12 ` Srivatsa S. Bhat
2018-03-22 5:15 ` Srivatsa S. Bhat
2018-03-22 10:32 ` Greg Kroah-Hartman
2018-03-22 19:14 ` Pavel Shilovsky
2018-03-01 20:12 ` Steve French
2018-03-01 20:51 ` Srivatsa S. Bhat
2017-10-31 9:55 ` [PATCH 4.13 29/43] assoc_array: Fix a buggy node-splitting case Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 30/43] scsi: zfcp: fix erp_action use-before-initialize in REC action trace Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 31/43] scsi: aacraid: Fix controller initialization failure Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 32/43] scsi: qla2xxx: Initialize Work element before requesting IRQs Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 33/43] scsi: sg: Re-fix off by one in sg_fill_request_table() Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 34/43] x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS doesnt Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 35/43] drm/amd/powerplay: fix uninitialized variable Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 36/43] drm/i915/perf: fix perf enable/disable ioctls with 32bits userspace Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 37/43] can: sun4i: fix loopback mode Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 38/43] can: kvaser_usb: Correct return value in printout Greg Kroah-Hartman
2017-10-31 9:55 ` [PATCH 4.13 39/43] can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages Greg Kroah-Hartman
2017-10-31 9:56 ` Greg Kroah-Hartman [this message]
2017-10-31 9:56 ` [PATCH 4.13 41/43] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
2017-10-31 9:56 ` [PATCH 4.13 42/43] regulator: fan53555: fix I2C device ids Greg Kroah-Hartman
2017-10-31 17:20 ` [PATCH 4.13 00/43] 4.13.11-stable review Guenter Roeck
2017-11-01 15:21 ` Greg Kroah-Hartman
2017-10-31 20:04 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171031095532.092184252@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).