Linux-WPAN Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors
@ 2021-04-05  0:30 Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid Alexander Aring
                   ` (16 more replies)
  0 siblings, 17 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

Hi,

this patch series contains fixes to forbid various security parameters
settings for monitor types. Monitor types doesn't use the llsec security
currently and we don't support it. With this patch series the user will
be notified with a EOPNOTSUPP error that for monitor interfaces security
is not supported yet. However there might be a possibility in future
that the kernel will decrypt frames with llsec information for sniffing
frames and deliver plaintext to userspace, but this isn't supported yet.

- Alex

Alexander Aring (15):
  net: ieee802154: nl-mac: fix check on panid
  net: ieee802154: forbid monitor for set llsec params
  net: ieee802154: stop dump llsec keys for monitors
  net: ieee802154: forbid monitor for add llsec key
  net: ieee802154: forbid monitor for del llsec key
  net: ieee802154: stop dump llsec devs for monitors
  net: ieee802154: forbid monitor for add llsec dev
  net: ieee802154: forbid monitor for del llsec dev
  net: ieee802154: stop dump llsec devkeys for monitors
  net: ieee802154: forbid monitor for add llsec devkey
  net: ieee802154: forbid monitor for del llsec devkey
  net: ieee802154: stop dump llsec seclevels for monitors
  net: ieee802154: forbid monitor for add llsec seclevel
  net: ieee802154: forbid monitor for del llsec seclevel
  net: ieee802154: stop dump llsec params for monitors

 net/ieee802154/nl-mac.c   |  7 +++---
 net/ieee802154/nl802154.c | 52 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 3 deletions(-)

-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params Alexander Aring
                   ` (15 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch fixes a null pointer derefence for panid handle by move the
check for the netlink variable directly before accessing them.

Reported-by: syzbot+d4c07de0144f6f63be3a@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl-mac.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index 9c640d670ffe..0c1b0770c59e 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -551,9 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
 	desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
 
 	if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
-		if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
-		    !(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
-		      info->attrs[IEEE802154_ATTR_HW_ADDR]))
+		if (!info->attrs[IEEE802154_ATTR_PAN_ID])
 			return -EINVAL;
 
 		desc->device_addr.pan_id = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_PAN_ID]);
@@ -562,6 +560,9 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
 			desc->device_addr.mode = IEEE802154_ADDR_SHORT;
 			desc->device_addr.short_addr = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_SHORT_ADDR]);
 		} else {
+			if (!info->attrs[IEEE802154_ATTR_HW_ADDR])
+				return -EINVAL;
+
 			desc->device_addr.mode = IEEE802154_ADDR_LONG;
 			desc->device_addr.extended_addr = nla_get_hwaddr(info->attrs[IEEE802154_ATTR_HW_ADDR]);
 		}
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors Alexander Aring
                   ` (14 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to set llsec params for monitor interfaces which we
don't support yet.

Reported-by: syzbot+8b6719da8a04beeafcc3@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 1600edb98107..ce8956f31ef9 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1384,6 +1384,9 @@ static int nl802154_set_llsec_params(struct sk_buff *skb,
 	u32 changed = 0;
 	int ret;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (info->attrs[NL802154_ATTR_SEC_ENABLED]) {
 		u8 enabled;
 
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key Alexander Aring
                   ` (13 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch stops dumping llsec keys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index ce8956f31ef9..7815f253c8a3 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1493,6 +1493,11 @@ nl802154_dump_llsec_key(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (2 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del " Alexander Aring
                   ` (12 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to add llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 7815f253c8a3..42a246b6f9cb 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1552,6 +1552,9 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct ieee802154_llsec_key_id id = { };
 	u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del llsec key
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (3 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors Alexander Aring
                   ` (11 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to del llsec key for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 42a246b6f9cb..bfc0eca774e3 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1604,6 +1604,9 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
 	struct ieee802154_llsec_key_id id;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (4 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev Alexander Aring
                   ` (10 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch stops dumping llsec devs for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index bfc0eca774e3..ef0becc9faa7 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1672,6 +1672,11 @@ nl802154_dump_llsec_dev(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (5 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del " Alexander Aring
                   ` (9 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to add llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index ef0becc9faa7..0d7dc9478b56 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1763,6 +1763,9 @@ static int nl802154_add_llsec_dev(struct sk_buff *skb, struct genl_info *info)
 	struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
 	struct ieee802154_llsec_device dev_desc;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (ieee802154_llsec_parse_device(info->attrs[NL802154_ATTR_SEC_DEVICE],
 					  &dev_desc) < 0)
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del llsec dev
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (6 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors Alexander Aring
                   ` (8 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to del llsec dev for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 0d7dc9478b56..17c782d4cdae 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1781,6 +1781,9 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
 	__le64 extended_addr;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (7 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey Alexander Aring
                   ` (7 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch stops dumping llsec devkeys for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 17c782d4cdae..6f9cb6c0cafc 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1853,6 +1853,11 @@ nl802154_dump_llsec_devkey(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (8 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del " Alexander Aring
                   ` (6 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to add llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 6f9cb6c0cafc..c3f9bff7a557 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1915,6 +1915,9 @@ static int nl802154_add_llsec_devkey(struct sk_buff *skb, struct genl_info *info
 	struct ieee802154_llsec_device_key key;
 	__le64 extended_addr;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack) < 0)
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del llsec devkey
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (9 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors Alexander Aring
                   ` (5 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to del llsec devkey for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index c3f9bff7a557..88735f03b73e 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1949,6 +1949,9 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
 	struct ieee802154_llsec_device_key key;
 	__le64 extended_addr;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
 	    nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (10 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel Alexander Aring
                   ` (4 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch stops dumping llsec seclevels for monitors which we don't
support yet. Otherwise we will access llsec mib which isn't initialized
for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 88735f03b73e..9158b095ccf9 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2026,6 +2026,11 @@ nl802154_dump_llsec_seclevel(struct sk_buff *skb, struct netlink_callback *cb)
 	if (err)
 		return err;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
+		err = skb->len;
+		goto out_err;
+	}
+
 	if (!wpan_dev->netdev) {
 		err = -EINVAL;
 		goto out_err;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (11 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del " Alexander Aring
                   ` (3 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to add llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 9158b095ccf9..28427ce52a9b 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2115,6 +2115,9 @@ static int nl802154_add_llsec_seclevel(struct sk_buff *skb,
 	struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
 	struct ieee802154_llsec_seclevel sl;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
 				 &sl) < 0)
 		return -EINVAL;
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del llsec seclevel
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (12 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05  0:30 ` [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors Alexander Aring
                   ` (2 subsequent siblings)
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch forbids to del llsec seclevel for monitor interfaces which we
don't support yet. Otherwise we will access llsec mib which isn't
initialized for monitors.

Reported-by: syzbot+fbf4fc11a819824e027b@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 28427ce52a9b..effc4c1a4780 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -2133,6 +2133,9 @@ static int nl802154_del_llsec_seclevel(struct sk_buff *skb,
 	struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
 	struct ieee802154_llsec_seclevel sl;
 
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		return -EOPNOTSUPP;
+
 	if (!info->attrs[NL802154_ATTR_SEC_LEVEL] ||
 	    llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
 				 &sl) < 0)
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (13 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del " Alexander Aring
@ 2021-04-05  0:30 ` Alexander Aring
  2021-04-05 11:51 ` [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec " Alexander Aring
  2021-04-06 20:29 ` Stefan Schmidt
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05  0:30 UTC (permalink / raw)
  To: stefan; +Cc: linux-wpan, netdev

This patch stops dumping llsec params for monitors which we don't support
yet. Otherwise we will access llsec mib which isn't initialized for
monitors.

Reported-by: syzbot+cde43a581a8e5f317bc2@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
 net/ieee802154/nl802154.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index effc4c1a4780..05f6bd89a7dd 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -820,8 +820,13 @@ nl802154_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
 		goto nla_put_failure;
 
 #ifdef CONFIG_IEEE802154_NL802154_EXPERIMENTAL
+	if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
+		goto out;
+
 	if (nl802154_get_llsec_params(msg, rdev, wpan_dev) < 0)
 		goto nla_put_failure;
+
+out:
 #endif /* CONFIG_IEEE802154_NL802154_EXPERIMENTAL */
 
 	genlmsg_end(msg, hdr);
-- 
2.26.3


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (14 preceding siblings ...)
  2021-04-05  0:30 ` [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors Alexander Aring
@ 2021-04-05 11:51 ` Alexander Aring
  2021-04-06 20:29 ` Stefan Schmidt
  16 siblings, 0 replies; 18+ messages in thread
From: Alexander Aring @ 2021-04-05 11:51 UTC (permalink / raw)
  To: Alexander Aring
  Cc: Stefan Schmidt, linux-wpan - ML, open list:NETWORKING [GENERAL],
	Du Cheng

Hi,

On Sun, 4 Apr 2021 at 20:31, Alexander Aring <aahringo@redhat.com> wrote:
>
> Hi,
>
> this patch series contains fixes to forbid various security parameters
> settings for monitor types. Monitor types doesn't use the llsec security
> currently and we don't support it. With this patch series the user will
> be notified with a EOPNOTSUPP error that for monitor interfaces security
> is not supported yet. However there might be a possibility in future
> that the kernel will decrypt frames with llsec information for sniffing
> frames and deliver plaintext to userspace, but this isn't supported yet.
>

cc: Du Cheng by request.

- Alex

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors
  2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
                   ` (15 preceding siblings ...)
  2021-04-05 11:51 ` [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec " Alexander Aring
@ 2021-04-06 20:29 ` Stefan Schmidt
  16 siblings, 0 replies; 18+ messages in thread
From: Stefan Schmidt @ 2021-04-06 20:29 UTC (permalink / raw)
  To: Alexander Aring; +Cc: linux-wpan, netdev

Hello.

On 05.04.21 02:30, Alexander Aring wrote:
> Hi,
> 
> this patch series contains fixes to forbid various security parameters
> settings for monitor types. Monitor types doesn't use the llsec security
> currently and we don't support it. With this patch series the user will
> be notified with a EOPNOTSUPP error that for monitor interfaces security
> is not supported yet. However there might be a possibility in future
> that the kernel will decrypt frames with llsec information for sniffing
> frames and deliver plaintext to userspace, but this isn't supported yet.
> 
> - Alex
> 
> Alexander Aring (15):
>    net: ieee802154: nl-mac: fix check on panid
>    net: ieee802154: forbid monitor for set llsec params
>    net: ieee802154: stop dump llsec keys for monitors
>    net: ieee802154: forbid monitor for add llsec key
>    net: ieee802154: forbid monitor for del llsec key
>    net: ieee802154: stop dump llsec devs for monitors
>    net: ieee802154: forbid monitor for add llsec dev
>    net: ieee802154: forbid monitor for del llsec dev
>    net: ieee802154: stop dump llsec devkeys for monitors
>    net: ieee802154: forbid monitor for add llsec devkey
>    net: ieee802154: forbid monitor for del llsec devkey
>    net: ieee802154: stop dump llsec seclevels for monitors
>    net: ieee802154: forbid monitor for add llsec seclevel
>    net: ieee802154: forbid monitor for del llsec seclevel
>    net: ieee802154: stop dump llsec params for monitors
> 
>   net/ieee802154/nl-mac.c   |  7 +++---
>   net/ieee802154/nl802154.c | 52 +++++++++++++++++++++++++++++++++++++++
>   2 files changed, 56 insertions(+), 3 deletions(-)
> 

This series has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!

regards
Stefan Schmidt

^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, back to index

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-05  0:30 [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec params for monitors Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 01/15] net: ieee802154: nl-mac: fix check on panid Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 02/15] net: ieee802154: forbid monitor for set llsec params Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 03/15] net: ieee802154: stop dump llsec keys for monitors Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 04/15] net: ieee802154: forbid monitor for add llsec key Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 05/15] net: ieee802154: forbid monitor for del " Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 06/15] net: ieee802154: stop dump llsec devs for monitors Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 07/15] net: ieee802154: forbid monitor for add llsec dev Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 08/15] net: ieee802154: forbid monitor for del " Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 09/15] net: ieee802154: stop dump llsec devkeys for monitors Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 10/15] net: ieee802154: forbid monitor for add llsec devkey Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 11/15] net: ieee802154: forbid monitor for del " Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 12/15] net: ieee802154: stop dump llsec seclevels for monitors Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 13/15] net: ieee802154: forbid monitor for add llsec seclevel Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 14/15] net: ieee802154: forbid monitor for del " Alexander Aring
2021-04-05  0:30 ` [PATCH RESEND wpan 15/15] net: ieee802154: stop dump llsec params for monitors Alexander Aring
2021-04-05 11:51 ` [PATCH RESEND wpan 00/15] net: ieee802154: forbid sec " Alexander Aring
2021-04-06 20:29 ` Stefan Schmidt

Linux-WPAN Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-wpan/0 linux-wpan/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-wpan linux-wpan/ https://lore.kernel.org/linux-wpan \
		linux-wpan@vger.kernel.org
	public-inbox-index linux-wpan

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-wpan


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git