* [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04
@ 2019-10-04 12:37 Luca Coelho
2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho
2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
0 siblings, 2 replies; 3+ messages in thread
From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
From: Luca Coelho <luciano.coelho@intel.com>
Hi,
A couple of patches with mac80211 and cfg80211 changes from our
internal tree.
Please review, though you have already reviewed most if not all of
them ;)
Cheers,
Luca.
Johannes Berg (1):
mac80211: accept deauth frames in IBSS mode
Sara Sharon (1):
cfg80211: fix a bunch of RCU issues in multi-bssid code
net/mac80211/rx.c | 11 ++++++++++-
net/wireless/scan.c | 23 +++++++++++++----------
2 files changed, 23 insertions(+), 11 deletions(-)
--
2.23.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] mac80211: accept deauth frames in IBSS mode
2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho
@ 2019-10-04 12:37 ` Luca Coelho
2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
1 sibling, 0 replies; 3+ messages in thread
From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
From: Johannes Berg <johannes.berg@intel.com>
We can process deauth frames and all, but we drop them very
early in the RX path today - this could never have worked.
Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
net/mac80211/rx.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 768d14c9a716..0e05ff037672 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -3467,9 +3467,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
/* process for all: mesh, mlme, ibss */
break;
+ case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
+ if (is_multicast_ether_addr(mgmt->da) &&
+ !is_broadcast_ether_addr(mgmt->da))
+ return RX_DROP_MONITOR;
+
+ /* process only for station/IBSS */
+ if (sdata->vif.type != NL80211_IFTYPE_STATION &&
+ sdata->vif.type != NL80211_IFTYPE_ADHOC)
+ return RX_DROP_MONITOR;
+ break;
case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
- case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
if (is_multicast_ether_addr(mgmt->da) &&
!is_broadcast_ether_addr(mgmt->da))
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code
2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho
2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho
@ 2019-10-04 12:37 ` Luca Coelho
1 sibling, 0 replies; 3+ messages in thread
From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw)
To: johannes; +Cc: linux-wireless
From: Sara Sharon <sara.sharon@intel.com>
cfg80211_update_notlisted_nontrans() leaves the RCU critical session
too early, while still using nontrans_ssid which is RCU protected. In
addition, it performs a bunch of RCU pointer update operations such
as rcu_access_pointer and rcu_assign_pointer.
The caller, cfg80211_inform_bss_frame_data(), also accesses the RCU
pointer without holding the lock.
Just wrap all of this with bss_lock.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
net/wireless/scan.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index d313c9befa23..4c63255722e6 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1703,8 +1703,7 @@ cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy,
static void
cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
struct cfg80211_bss *nontrans_bss,
- struct ieee80211_mgmt *mgmt, size_t len,
- gfp_t gfp)
+ struct ieee80211_mgmt *mgmt, size_t len)
{
u8 *ie, *new_ie, *pos;
const u8 *nontrans_ssid, *trans_ssid, *mbssid;
@@ -1715,6 +1714,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
const struct cfg80211_bss_ies *old;
u8 cpy_len;
+ lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock);
+
ie = mgmt->u.probe_resp.variable;
new_ie_len = ielen;
@@ -1726,23 +1727,22 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
if (!mbssid)
return;
new_ie_len -= mbssid[1];
- rcu_read_lock();
+
nontrans_ssid = ieee80211_bss_get_ie(nontrans_bss, WLAN_EID_SSID);
- if (!nontrans_ssid) {
- rcu_read_unlock();
+ if (!nontrans_ssid)
return;
- }
+
new_ie_len += nontrans_ssid[1];
- rcu_read_unlock();
/* generate new ie for nontrans BSS
* 1. replace SSID with nontrans BSS' SSID
* 2. skip MBSSID IE
*/
- new_ie = kzalloc(new_ie_len, gfp);
+ new_ie = kzalloc(new_ie_len, GFP_ATOMIC);
if (!new_ie)
return;
- new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, gfp);
+
+ new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, GFP_ATOMIC);
if (!new_ies)
goto out_free;
@@ -1896,6 +1896,8 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy,
cfg80211_parse_mbssid_frame_data(wiphy, data, mgmt, len,
&non_tx_data, gfp);
+ spin_lock_bh(&wiphy_to_rdev(wiphy)->bss_lock);
+
/* check if the res has other nontransmitting bss which is not
* in MBSSID IE
*/
@@ -1910,8 +1912,9 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy,
ies2 = rcu_access_pointer(tmp_bss->ies);
if (ies2->tsf < ies1->tsf)
cfg80211_update_notlisted_nontrans(wiphy, tmp_bss,
- mgmt, len, gfp);
+ mgmt, len);
}
+ spin_unlock_bh(&wiphy_to_rdev(wiphy)->bss_lock);
return res;
}
--
2.23.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-04 12:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho
2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho
2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).