* [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params Alexander Aring
` (15 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch fixes a null pointer derefence for panid handle by move the
check for the netlink variable directly before accessing them.
Reported-by: syzbot+d4c07de0144f6f63be3a@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl-mac.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index 9c640d670ffe..0c1b0770c59e 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -551,9 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
- if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
- !(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
- info->attrs[IEEE802154_ATTR_HW_ADDR]))
+ if (!info->attrs[IEEE802154_ATTR_PAN_ID])
return -EINVAL;
desc->device_addr.pan_id = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_PAN_ID]);
@@ -562,6 +560,9 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
desc->device_addr.mode = IEEE802154_ADDR_SHORT;
desc->device_addr.short_addr = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_SHORT_ADDR]);
} else {
+ if (!info->attrs[IEEE802154_ATTR_HW_ADDR])
+ return -EINVAL;
+
desc->device_addr.mode = IEEE802154_ADDR_LONG;
desc->device_addr.extended_addr = nla_get_hwaddr(info->attrs[IEEE802154_ATTR_HW_ADDR]);
}
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors Alexander Aring
` (14 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to set llsec params for monitor interfaces which we
don't support yet.
Reported-by: syzbot+8b6719da8a04beeafcc3@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 1600edb98107..ce8956f31ef9 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1384,6 +1384,9 @@ static int nl802154_set_llsec_params(struct sk_buff *skb,
u32 changed = 0;
int ret;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (info->attrs[NL802154_ATTR_SEC_ENABLED]) {
u8 enabled;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key Alexander Aring
` (13 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch stops dumping llsec keys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index ce8956f31ef9..7815f253c8a3 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1493,6 +1493,11 @@ nl802154_dump_llsec_key(struct sk_buff *skb, struct netlink_callback *cb)
if (err)
return err;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+ err = skb->len;
+ goto out_err;
+ }
+
if (!wpan_dev->netdev) {
err = -EINVAL;
goto out_err;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (2 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del " Alexander Aring
` (12 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to add llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 7815f253c8a3..42a246b6f9cb 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1552,6 +1552,9 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
struct ieee802154_llsec_key_id id = { };
u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del llsec key
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (3 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors Alexander Aring
` (11 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to del llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 42a246b6f9cb..bfc0eca774e3 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1604,6 +1604,9 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
struct ieee802154_llsec_key_id id;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (4 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev Alexander Aring
` (10 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch stops dumping llsec devs for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index bfc0eca774e3..ef0becc9faa7 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1672,6 +1672,11 @@ nl802154_dump_llsec_dev(struct sk_buff *skb, struct netlink_callback *cb)
if (err)
return err;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+ err = skb->len;
+ goto out_err;
+ }
+
if (!wpan_dev->netdev) {
err = -EINVAL;
goto out_err;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (5 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del " Alexander Aring
` (9 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to add llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index ef0becc9faa7..0d7dc9478b56 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1763,6 +1763,9 @@ static int nl802154_add_llsec_dev(struct sk_buff *skb, struct genl_info *info)
struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
struct ieee802154_llsec_device dev_desc;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (ieee802154_llsec_parse_device(info->attrs[NL802154_ATTR_SEC_DEVICE],
&dev_desc) < 0)
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del llsec dev
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (6 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors Alexander Aring
` (8 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to del llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 0d7dc9478b56..17c782d4cdae 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1781,6 +1781,9 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
__le64 extended_addr;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (7 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey Alexander Aring
` (7 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch stops dumping llsec devkeys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 17c782d4cdae..6f9cb6c0cafc 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1853,6 +1853,11 @@ nl802154_dump_llsec_devkey(struct sk_buff *skb, struct netlink_callback *cb)
if (err)
return err;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+ err = skb->len;
+ goto out_err;
+ }
+
if (!wpan_dev->netdev) {
err = -EINVAL;
goto out_err;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (8 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del " Alexander Aring
` (6 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to add llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 6f9cb6c0cafc..c3f9bff7a557 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1915,6 +1915,9 @@ static int nl802154_add_llsec_devkey(struct sk_buff *skb, struct genl_info *info
struct ieee802154_llsec_device_key key;
__le64 extended_addr;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack) < 0)
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del llsec devkey
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (9 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors Alexander Aring
` (5 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to del llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index c3f9bff7a557..88735f03b73e 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1949,6 +1949,9 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
struct ieee802154_llsec_device_key key;
__le64 extended_addr;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (10 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel Alexander Aring
` (4 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch stops dumping llsec seclevels for monitors which we don't
support yet. Otherwise we will access llsec mib which isn't initialized
for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 88735f03b73e..9158b095ccf9 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2026,6 +2026,11 @@ nl802154_dump_llsec_seclevel(struct sk_buff *skb, struct netlink_callback *cb)
if (err)
return err;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+ err = skb->len;
+ goto out_err;
+ }
+
if (!wpan_dev->netdev) {
err = -EINVAL;
goto out_err;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (11 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del " Alexander Aring
` (3 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to add llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 9158b095ccf9..28427ce52a9b 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2115,6 +2115,9 @@ static int nl802154_add_llsec_seclevel(struct sk_buff *skb,
struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
struct ieee802154_llsec_seclevel sl;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
&sl) < 0)
return -EINVAL;
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del llsec seclevel
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (12 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 0:30 ` [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors Alexander Aring
` (2 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch forbids to del llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.
Reported-by: syzbot+fbf4fc11a819824e027b@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 28427ce52a9b..effc4c1a4780 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2133,6 +2133,9 @@ static int nl802154_del_llsec_seclevel(struct sk_buff *skb,
struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
struct ieee802154_llsec_seclevel sl;
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ return -EOPNOTSUPP;
+
if (!info->attrs[NL802154_ATTR_SEC_LEVEL] ||
llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
&sl) < 0)
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (13 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05 0:30 ` Alexander Aring
2021-04-05 11:51 ` [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec " Alexander Aring
2021-04-06 20:29 ` Stefan Schmidt
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 0:30 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch stops dumping llsec params for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.
Reported-by: syzbot+cde43a581a8e5f317bc2@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index effc4c1a4780..05f6bd89a7dd 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -820,8 +820,13 @@ nl802154_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
goto nla_put_failure;
#ifdef CONFIG_IEEE802154_NL802154_EXPERIMENTAL
+ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+ goto out;
+
if (nl802154_get_llsec_params(msg, rdev, wpan_dev) < 0)
goto nla_put_failure;
+
+out:
#endif /* CONFIG_IEEE802154_NL802154_EXPERIMENTAL */
genlmsg_end(msg, hdr);
--
2.26.3
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (14 preceding siblings ...)
2021-04-05 0:30 ` [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors Alexander Aring
@ 2021-04-05 11:51 ` Alexander Aring
2021-04-06 20:29 ` Stefan Schmidt
16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 11:51 UTC (permalink / raw)
To: Alexander Aring
Cc: Stefan Schmidt, linux-wpan - ML, open list:NETWORKING [GENERAL],
Du Cheng
Hi,
On Sun, 4 Apr 2021 at 20:31, Alexander Aring <aahringo@redhat.com> wrote:
>
> Hi,
>
> this patch series contains fixes to forbid various security parameters
> settings for monitor types. Monitor types doesn't use the llsec security
> currently and we don't support it. With this patch series the user will
> be notified with a EOPNOTSUPP error that for monitor interfaces security
> is not supported yet. However there might be a possibility in future
> that the kernel will decrypt frames with llsec information for sniffing
> frames and deliver plaintext to userspace, but this isn't supported yet.
>
cc: Du Cheng by request.
- Alex
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors
2021-04-05 0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
` (15 preceding siblings ...)
2021-04-05 11:51 ` [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec " Alexander Aring
@ 2021-04-06 20:29 ` Stefan Schmidt
16 siblings, 0 replies; 18+ messages in thread
From: Stefan Schmidt @ 2021-04-06 20:29 UTC (permalink / raw)
To: Alexander Aring; +Cc: linux-wpan, netdev
Hello.
On 05.04.21 02:30, Alexander Aring wrote:
> Hi,
>
> this patch series contains fixes to forbid various security parameters
> settings for monitor types. Monitor types doesn't use the llsec security
> currently and we don't support it. With this patch series the user will
> be notified with a EOPNOTSUPP error that for monitor interfaces security
> is not supported yet. However there might be a possibility in future
> that the kernel will decrypt frames with llsec information for sniffing
> frames and deliver plaintext to userspace, but this isn't supported yet.
>
> - Alex
>
> Alexander Aring (15):
> net: ieee802154: nl-mac: fix check on panid
> net: ieee802154: forbid monitor for set llsec params
> net: ieee802154: stop dump llsec keys for monitors
> net: ieee802154: forbid monitor for add llsec key
> net: ieee802154: forbid monitor for del llsec key
> net: ieee802154: stop dump llsec devs for monitors
> net: ieee802154: forbid monitor for add llsec dev
> net: ieee802154: forbid monitor for del llsec dev
> net: ieee802154: stop dump llsec devkeys for monitors
> net: ieee802154: forbid monitor for add llsec devkey
> net: ieee802154: forbid monitor for del llsec devkey
> net: ieee802154: stop dump llsec seclevels for monitors
> net: ieee802154: forbid monitor for add llsec seclevel
> net: ieee802154: forbid monitor for del llsec seclevel
> net: ieee802154: stop dump llsec params for monitors
>
> net/ieee802154/nl-mac.c | 7 +++---
> net/ieee802154/nl802154.c | 52 +++++++++++++++++++++++++++++++++++++++
> 2 files changed, 56 insertions(+), 3 deletions(-)
>
This series has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 18+ messages in thread