* [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04
@ 2019-10-04 12:37 Luca Coelho
2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho
2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
0 siblings, 2 replies; 3+ messages in thread
From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
From: Luca Coelho <luciano.coelho@intel.com>
Hi,
A couple of patches with mac80211 and cfg80211 changes from our
internal tree.
Please review, though you have already reviewed most if not all of
them ;)
Cheers,
Luca.
Johannes Berg (1):
mac80211: accept deauth frames in IBSS mode
Sara Sharon (1):
cfg80211: fix a bunch of RCU issues in multi-bssid code
net/mac80211/rx.c | 11 ++++++++++-
net/wireless/scan.c | 23 +++++++++++++----------
2 files changed, 23 insertions(+), 11 deletions(-)
--
2.23.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] mac80211: accept deauth frames in IBSS mode
2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho
@ 2019-10-04 12:37 ` Luca Coelho
2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
1 sibling, 0 replies; 3+ messages in thread
From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
From: Johannes Berg <johannes.berg@intel.com>
We can process deauth frames and all, but we drop them very
early in the RX path today - this could never have worked.
Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
net/mac80211/rx.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 768d14c9a716..0e05ff037672 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3467,9 +3467,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
/* process for all: mesh, mlme, ibss */
break;
+ case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
+ if (is_multicast_ether_addr(mgmt->da) &&
+ !is_broadcast_ether_addr(mgmt->da))
+ return RX_DROP_MONITOR;
+
+ /* process only for station/IBSS */
+ if (sdata->vif.type != NL80211_IFTYPE_STATION &&
+ sdata->vif.type != NL80211_IFTYPE_ADHOC)
+ return RX_DROP_MONITOR;
+ break;
case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
- case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
if (is_multicast_ether_addr(mgmt->da) &&
!is_broadcast_ether_addr(mgmt->da))
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code
2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho
2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho
@ 2019-10-04 12:37 ` Luca Coelho
1 sibling, 0 replies; 3+ messages in thread
From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
From: Sara Sharon <sara.sharon@intel.com>
cfg80211_update_notlisted_nontrans() leaves the RCU critical session
too early, while still using nontrans_ssid which is RCU protected. In
addition, it performs a bunch of RCU pointer update operations such
as rcu_access_pointer and rcu_assign_pointer.
The caller, cfg80211_inform_bss_frame_data(), also accesses the RCU
pointer without holding the lock.
Just wrap all of this with bss_lock.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
net/wireless/scan.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index d313c9befa23..4c63255722e6 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1703,8 +1703,7 @@ cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy,
static void
cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
struct cfg80211_bss *nontrans_bss,
- struct ieee80211_mgmt *mgmt, size_t len,
- gfp_t gfp)
+ struct ieee80211_mgmt *mgmt, size_t len)
{
u8 *ie, *new_ie, *pos;
const u8 *nontrans_ssid, *trans_ssid, *mbssid;
@@ -1715,6 +1714,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
const struct cfg80211_bss_ies *old;
u8 cpy_len;
+ lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock);
+
ie = mgmt->u.probe_resp.variable;
new_ie_len = ielen;
@@ -1726,23 +1727,22 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
if (!mbssid)
return;
new_ie_len -= mbssid[1];
- rcu_read_lock();
+
nontrans_ssid = ieee80211_bss_get_ie(nontrans_bss, WLAN_EID_SSID);
- if (!nontrans_ssid) {
- rcu_read_unlock();
+ if (!nontrans_ssid)
return;
- }
+
new_ie_len += nontrans_ssid[1];
- rcu_read_unlock();
/* generate new ie for nontrans BSS
* 1. replace SSID with nontrans BSS' SSID
* 2. skip MBSSID IE
*/
- new_ie = kzalloc(new_ie_len, gfp);
+ new_ie = kzalloc(new_ie_len, GFP_ATOMIC);
if (!new_ie)
return;
- new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, gfp);
+
+ new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, GFP_ATOMIC);
if (!new_ies)
goto out_free;
@@ -1896,6 +1896,8 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy,
cfg80211_parse_mbssid_frame_data(wiphy, data, mgmt, len,
&non_tx_data, gfp);
+ spin_lock_bh(&wiphy_to_rdev(wiphy)->bss_lock);
+
/* check if the res has other nontransmitting bss which is not
* in MBSSID IE
*/
@@ -1910,8 +1912,9 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy,
ies2 = rcu_access_pointer(tmp_bss->ies);
if (ies2->tsf < ies1->tsf)
cfg80211_update_notlisted_nontrans(wiphy, tmp_bss,
- mgmt, len, gfp);
+ mgmt, len);
}
+ spin_unlock_bh(&wiphy_to_rdev(wiphy)->bss_lock);
return res;
}
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-04 12:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho
2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho
2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.