* [PATCH AUTOSEL 5.4 20/58] nl80211: fix potential leak in AP start
[not found] <20200305171420.29595-1-sashal@kernel.org>
@ 2020-03-05 17:13 ` Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 21/58] cfg80211: check reg_rule for NULL in handle_channel_custom() Sasha Levin
` (2 subsequent siblings)
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-03-05 17:13 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Johannes Berg, Sasha Levin, linux-wireless, netdev
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 9951ebfcdf2b97dbb28a5d930458424341e61aa2 ]
If nl80211_parse_he_obss_pd() fails, we leak the previously
allocated ACL memory. Free it in this case.
Fixes: 796e90f42b7e ("cfg80211: add support for parsing OBBS_PD attributes")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200221104142.835aba4cdd14.I1923b55ba9989c57e13978f91f40bfdc45e60cbd@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/nl80211.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index c74646b7a751f..78c2d9359fc72 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4794,8 +4794,7 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
err = nl80211_parse_he_obss_pd(
info->attrs[NL80211_ATTR_HE_OBSS_PD],
¶ms.he_obss_pd);
- if (err)
- return err;
+ goto out;
}
nl80211_calculate_ap_params(¶ms);
@@ -4817,6 +4816,7 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
}
wdev_unlock(wdev);
+out:
kfree(params.acl);
return err;
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.4 21/58] cfg80211: check reg_rule for NULL in handle_channel_custom()
[not found] <20200305171420.29595-1-sashal@kernel.org>
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 20/58] nl80211: fix potential leak in AP start Sasha Levin
@ 2020-03-05 17:13 ` Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 22/58] mac80211: Remove a redundant mutex unlock Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 30/58] mac80211: rx: avoid RCU list traversal under mutex Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-03-05 17:13 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Johannes Berg, Sasha Levin, linux-wireless, netdev
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit a7ee7d44b57c9ae174088e53a668852b7f4f452d ]
We may end up with a NULL reg_rule after the loop in
handle_channel_custom() if the bandwidth didn't fit,
check if this is the case and bail out if so.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20200221104449.3b558a50201c.I4ad3725c4dacaefd2d18d3cc65ba6d18acd5dbfe@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/reg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index fff9a74891fc4..1a8218f1bbe07 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -2276,7 +2276,7 @@ static void handle_channel_custom(struct wiphy *wiphy,
break;
}
- if (IS_ERR(reg_rule)) {
+ if (IS_ERR_OR_NULL(reg_rule)) {
pr_debug("Disabling freq %d MHz as custom regd has no rule that fits it\n",
chan->center_freq);
if (wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED) {
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.4 22/58] mac80211: Remove a redundant mutex unlock
[not found] <20200305171420.29595-1-sashal@kernel.org>
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 20/58] nl80211: fix potential leak in AP start Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 21/58] cfg80211: check reg_rule for NULL in handle_channel_custom() Sasha Levin
@ 2020-03-05 17:13 ` Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 30/58] mac80211: rx: avoid RCU list traversal under mutex Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-03-05 17:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Andrei Otcheretianski, Johannes Berg, Sasha Levin,
linux-wireless, netdev
From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
[ Upstream commit 0daa63ed4c6c4302790ce67b7a90c0997ceb7514 ]
The below-mentioned commit changed the code to unlock *inside*
the function, but previously the unlock was *outside*. It failed
to remove the outer unlock, however, leading to double unlock.
Fix this.
Fixes: 33483a6b88e4 ("mac80211: fix missing unlock on error in ieee80211_mark_sta_auth()")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Link: https://lore.kernel.org/r/20200221104719.cce4741cf6eb.I671567b185c8a4c2409377e483fd149ce590f56d@changeid
[rewrite commit message to better explain what happened]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/mlme.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 1e3b9d34aaa46..c7d8044ff0fa6 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -2959,7 +2959,7 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
(auth_transaction == 2 &&
ifmgd->auth_data->expected_transaction == 2)) {
if (!ieee80211_mark_sta_auth(sdata, bssid))
- goto out_err;
+ return; /* ignore frame -- wait for timeout */
} else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
auth_transaction == 2) {
sdata_info(sdata, "SAE peer confirmed\n");
@@ -2967,10 +2967,6 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
}
cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
- return;
- out_err:
- mutex_unlock(&sdata->local->sta_mtx);
- /* ignore frame -- wait for timeout */
}
#define case_WLAN(type) \
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.4 30/58] mac80211: rx: avoid RCU list traversal under mutex
[not found] <20200305171420.29595-1-sashal@kernel.org>
` (2 preceding siblings ...)
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 22/58] mac80211: Remove a redundant mutex unlock Sasha Levin
@ 2020-03-05 17:13 ` Sasha Levin
3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2020-03-05 17:13 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Madhuparna Bhowmik, Johannes Berg, Sasha Levin, linux-wireless, netdev
From: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
[ Upstream commit 253216ffb2a002a682c6f68bd3adff5b98b71de8 ]
local->sta_mtx is held in __ieee80211_check_fast_rx_iface().
No need to use list_for_each_entry_rcu() as it also requires
a cond argument to avoid false lockdep warnings when not used in
RCU read-side section (with CONFIG_PROVE_RCU_LIST).
Therefore use list_for_each_entry();
Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
Link: https://lore.kernel.org/r/20200223143302.15390-1-madhuparnabhowmik10@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/rx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0e05ff0376726..0ba98ad9bc854 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4114,7 +4114,7 @@ void __ieee80211_check_fast_rx_iface(struct ieee80211_sub_if_data *sdata)
lockdep_assert_held(&local->sta_mtx);
- list_for_each_entry_rcu(sta, &local->sta_list, list) {
+ list_for_each_entry(sta, &local->sta_list, list) {
if (sdata != sta->sdata &&
(!sta->sdata->bss || sta->sdata->bss != sdata->bss))
continue;
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-03-05 17:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20200305171420.29595-1-sashal@kernel.org>
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 20/58] nl80211: fix potential leak in AP start Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 21/58] cfg80211: check reg_rule for NULL in handle_channel_custom() Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 22/58] mac80211: Remove a redundant mutex unlock Sasha Levin
2020-03-05 17:13 ` [PATCH AUTOSEL 5.4 30/58] mac80211: rx: avoid RCU list traversal under mutex Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).