* [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 @ 2019-10-04 12:37 Luca Coelho 2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho 2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho 0 siblings, 2 replies; 3+ messages in thread From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw) To: johannes; +Cc: linux-wireless From: Luca Coelho <luciano.coelho@intel.com> Hi, A couple of patches with mac80211 and cfg80211 changes from our internal tree. Please review, though you have already reviewed most if not all of them ;) Cheers, Luca. Johannes Berg (1): mac80211: accept deauth frames in IBSS mode Sara Sharon (1): cfg80211: fix a bunch of RCU issues in multi-bssid code net/mac80211/rx.c | 11 ++++++++++- net/wireless/scan.c | 23 +++++++++++++---------- 2 files changed, 23 insertions(+), 11 deletions(-) -- 2.23.0 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] mac80211: accept deauth frames in IBSS mode 2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho @ 2019-10-04 12:37 ` Luca Coelho 2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho 1 sibling, 0 replies; 3+ messages in thread From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw) To: johannes; +Cc: linux-wireless From: Johannes Berg <johannes.berg@intel.com> We can process deauth frames and all, but we drop them very early in the RX path today - this could never have worked. Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> --- net/mac80211/rx.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 768d14c9a716..0e05ff037672 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -3467,9 +3467,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): /* process for all: mesh, mlme, ibss */ break; + case cpu_to_le16(IEEE80211_STYPE_DEAUTH): + if (is_multicast_ether_addr(mgmt->da) && + !is_broadcast_ether_addr(mgmt->da)) + return RX_DROP_MONITOR; + + /* process only for station/IBSS */ + if (sdata->vif.type != NL80211_IFTYPE_STATION && + sdata->vif.type != NL80211_IFTYPE_ADHOC) + return RX_DROP_MONITOR; + break; case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP): case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP): - case cpu_to_le16(IEEE80211_STYPE_DEAUTH): case cpu_to_le16(IEEE80211_STYPE_DISASSOC): if (is_multicast_ether_addr(mgmt->da) && !is_broadcast_ether_addr(mgmt->da)) -- 2.23.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code 2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho 2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho @ 2019-10-04 12:37 ` Luca Coelho 1 sibling, 0 replies; 3+ messages in thread From: Luca Coelho @ 2019-10-04 12:37 UTC (permalink / raw) To: johannes; +Cc: linux-wireless From: Sara Sharon <sara.sharon@intel.com> cfg80211_update_notlisted_nontrans() leaves the RCU critical session too early, while still using nontrans_ssid which is RCU protected. In addition, it performs a bunch of RCU pointer update operations such as rcu_access_pointer and rcu_assign_pointer. The caller, cfg80211_inform_bss_frame_data(), also accesses the RCU pointer without holding the lock. Just wrap all of this with bss_lock. Signed-off-by: Sara Sharon <sara.sharon@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> --- net/wireless/scan.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index d313c9befa23..4c63255722e6 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1703,8 +1703,7 @@ cfg80211_parse_mbssid_frame_data(struct wiphy *wiphy, static void cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, struct cfg80211_bss *nontrans_bss, - struct ieee80211_mgmt *mgmt, size_t len, - gfp_t gfp) + struct ieee80211_mgmt *mgmt, size_t len) { u8 *ie, *new_ie, *pos; const u8 *nontrans_ssid, *trans_ssid, *mbssid; @@ -1715,6 +1714,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, const struct cfg80211_bss_ies *old; u8 cpy_len; + lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock); + ie = mgmt->u.probe_resp.variable; new_ie_len = ielen; @@ -1726,23 +1727,22 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, if (!mbssid) return; new_ie_len -= mbssid[1]; - rcu_read_lock(); + nontrans_ssid = ieee80211_bss_get_ie(nontrans_bss, WLAN_EID_SSID); - if (!nontrans_ssid) { - rcu_read_unlock(); + if (!nontrans_ssid) return; - } + new_ie_len += nontrans_ssid[1]; - rcu_read_unlock(); /* generate new ie for nontrans BSS * 1. replace SSID with nontrans BSS' SSID * 2. skip MBSSID IE */ - new_ie = kzalloc(new_ie_len, gfp); + new_ie = kzalloc(new_ie_len, GFP_ATOMIC); if (!new_ie) return; - new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, gfp); + + new_ies = kzalloc(sizeof(*new_ies) + new_ie_len, GFP_ATOMIC); if (!new_ies) goto out_free; @@ -1896,6 +1896,8 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, cfg80211_parse_mbssid_frame_data(wiphy, data, mgmt, len, &non_tx_data, gfp); + spin_lock_bh(&wiphy_to_rdev(wiphy)->bss_lock); + /* check if the res has other nontransmitting bss which is not * in MBSSID IE */ @@ -1910,8 +1912,9 @@ cfg80211_inform_bss_frame_data(struct wiphy *wiphy, ies2 = rcu_access_pointer(tmp_bss->ies); if (ies2->tsf < ies1->tsf) cfg80211_update_notlisted_nontrans(wiphy, tmp_bss, - mgmt, len, gfp); + mgmt, len); } + spin_unlock_bh(&wiphy_to_rdev(wiphy)->bss_lock); return res; } -- 2.23.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-10-04 12:37 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-04 12:37 [PATCH 0/2] cfg80211/mac80211 patches from our internal tree 2019-10-04 Luca Coelho 2019-10-04 12:37 ` [PATCH 1/2] mac80211: accept deauth frames in IBSS mode Luca Coelho 2019-10-04 12:37 ` [PATCH 2/2] cfg80211: fix a bunch of RCU issues in multi-bssid code Luca Coelho
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).