From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Johannes Berg <johannes.berg@intel.com>
Subject: [PATCH 4.9 063/102] mac80211: mark station unauthorized before key removal
Date: Wed, 1 Apr 2020 18:18:06 +0200 [thread overview]
Message-ID: <20200401161543.546814307@linuxfoundation.org> (raw)
In-Reply-To: <20200401161530.451355388@linuxfoundation.org>
From: Johannes Berg <johannes.berg@intel.com>
commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream.
If a station is still marked as authorized, mark it as no longer
so before removing its keys. This allows frames transmitted to it
to be rejected, providing additional protection against leaking
plain text data during the disconnection flow.
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/sta_info.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -3,6 +3,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2013-2014 Intel Mobile Communications GmbH
* Copyright (C) 2015 - 2016 Intel Deutschland GmbH
+ * Copyright (C) 2018-2020 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -945,6 +946,11 @@ static void __sta_info_destroy_part2(str
might_sleep();
lockdep_assert_held(&local->sta_mtx);
+ while (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
+ ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
+ WARN_ON_ONCE(ret);
+ }
+
/* now keys can no longer be reached */
ieee80211_free_sta_keys(local, sta);
next prev parent reply other threads:[~2020-04-01 16:37 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-01 16:17 [PATCH 4.9 000/102] 4.9.218-rc1 review Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 001/102] spi: qup: call spi_qup_pm_resume_runtime before suspending Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 002/102] powerpc: Include .BTF section Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 003/102] ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 004/102] spi/zynqmp: remove entry that causes a cs glitch Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 005/102] drm/exynos: dsi: propagate error value and silence meaningless warning Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 006/102] drm/exynos: dsi: fix workaround for the legacy clock name Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 007/102] altera-stapl: altera_get_note: prevent write beyond end of key Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 008/102] USB: Disable LPM on WD19s Realtek Hub Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 009/102] usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 010/102] USB: serial: option: add ME910G1 ECM composition 0x110b Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 011/102] usb: host: xhci-plat: add a shutdown Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 012/102] USB: serial: pl2303: add device-id for HP LD381 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 013/102] ALSA: line6: Fix endless MIDI read loop Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 014/102] ALSA: seq: virmidi: Fix running status after receiving sysex Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 015/102] ALSA: seq: oss: " Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 016/102] ALSA: pcm: oss: Avoid plugin buffer overflow Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 017/102] ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 018/102] iio: magnetometer: ak8974: Fix negative raw values in sysfs Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 019/102] mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 020/102] staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 021/102] staging/speakup: fix get_word non-space look-ahead Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 022/102] intel_th: Fix user-visible error codes Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 023/102] rtc: max8907: add missing select REGMAP_IRQ Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 024/102] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 025/102] mm: slub: be more careful about the double cmpxchg of freelist Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 026/102] mm, slub: prevent kmalloc_node crashes and memory leaks Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 027/102] x86/mm: split vmalloc_sync_all() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 028/102] USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 029/102] USB: cdc-acm: fix rounding error " Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 030/102] kbuild: Disable -Wpointer-to-enum-cast Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 031/102] futex: Fix inode life-time issue Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 032/102] futex: Unbreak futex hashing Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 033/102] ALSA: hda/realtek: Fix pop noise on ALC225 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 034/102] arm64: smp: fix smp_send_stop() behaviour Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 035/102] staging: greybus: loopback_test: fix potential path truncation Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 036/102] staging: greybus: loopback_test: fix potential path truncations Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 037/102] Revert "drm/dp_mst: Skip validating ports during destruction, just ref" Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 038/102] hsr: fix general protection fault in hsr_addr_is_self() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 039/102] macsec: restrict to ethernet devices Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 040/102] net: dsa: Fix duplicate frames flooded by learning Greg Kroah-Hartman
2020-04-07 0:42 ` Florian Fainelli
2020-04-07 5:42 ` Greg Kroah-Hartman
2020-04-07 6:05 ` Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 041/102] net_sched: cls_route: remove the right filter from hashtable Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 042/102] net_sched: keep alloc_hash updated after hash allocation Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 043/102] NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 044/102] slcan: not call free_netdev before rtnl_unlock in slcan_open Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 045/102] vxlan: check return value of gro_cells_init() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 046/102] net: mvneta: Fix the case where the last poll did not process all rx Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 047/102] hsr: use rcu_read_lock() in hsr_get_node_{list/status}() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 048/102] hsr: add restart routine into hsr_get_node_list() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 049/102] hsr: set .netnsok flag Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 050/102] KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 051/102] net: ipv4: dont let PMTU updates increase route MTU Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 052/102] cpupower: avoid multiple definition with gcc -fno-common Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 053/102] dt-bindings: net: FMan erratum A050385 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 054/102] scsi: ipr: Fix softlockup when rescanning devices in petitboot Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 055/102] mac80211: Do not send mesh HWMP PREQ if HWMP is disabled Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.9 056/102] sxgbe: Fix off by one in samsung driver strncpy size arg Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 057/102] i2c: hix5hd2: add missed clk_disable_unprepare in remove Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 058/102] ARM: dts: dra7: Add bus_dma_limit for L3 bus Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 059/102] ARM: dts: omap5: " Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 060/102] perf probe: Do not depend on dwfl_module_addrsym() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 061/102] scripts/dtc: Remove redundant YYLOC global declaration Greg Kroah-Hartman
2020-04-01 21:25 ` Nathan Chancellor
2020-04-02 17:40 ` Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 062/102] scsi: sd: Fix optimal I/O size for devices that change reported values Greg Kroah-Hartman
2020-04-01 16:18 ` Greg Kroah-Hartman [this message]
2020-04-01 16:18 ` [PATCH 4.9 064/102] genirq: Fix reference leaks on irq affinity notifiers Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 065/102] vti[6]: fix packet tx through bpf_redirect() in XinY cases Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 066/102] xfrm: fix uctx len check in verify_sec_ctx_len Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 067/102] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 068/102] xfrm: policy: Fix doulbe free in xfrm_policy_timer Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 069/102] netfilter: nft_fwd_netdev: validate family and chain type Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 070/102] vti6: Fix memory leak of skb if input policy check fails Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 071/102] Input: raydium_i2c_ts - use true and false for boolean values Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 072/102] Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 073/102] tools: Let O= makes handle a relative path with -C option Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 074/102] USB: serial: option: add support for ASKEY WWHC050 Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 075/102] USB: serial: option: add BroadMobi BM806U Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 076/102] USB: serial: option: add Wistron Neweb D19Q1 Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 077/102] USB: cdc-acm: restore capability check order Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 078/102] USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 079/102] usb: musb: fix crash with highmen PIO and usbmon Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 080/102] media: flexcop-usb: fix endpoint sanity check Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 081/102] media: usbtv: fix control-message timeouts Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 082/102] staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 083/102] staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 084/102] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 085/102] libfs: fix infoleak in simple_attr_read() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 086/102] media: ov519: add missing endpoint sanity checks Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 087/102] media: dib0700: fix rc endpoint lookup Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 088/102] media: stv06xx: add missing descriptor sanity checks Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 089/102] media: xirlink_cit: " Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 090/102] mac80211: Check port authorization in the ieee80211_tx_dequeue() case Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 091/102] mac80211: fix authentication with iwlwifi/mvm Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 092/102] vt: selection, introduce vc_is_sel Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 093/102] vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 094/102] vt: switch vt_dont_switch to bool Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 095/102] vt: vt_ioctl: remove unnecessary console allocation checks Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 096/102] vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 097/102] locking/atomic, kref: Add kref_read() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 098/102] vt: vt_ioctl: fix use-after-free in vt_in_use() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 099/102] bpf: Explicitly memset the bpf_attr structure Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 100/102] net: ks8851-ml: Fix IO operations, again Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 101/102] arm64: alternative: fix build with clang integrated assembler Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.9 102/102] perf map: Fix off by one in strncpy() size argument Greg Kroah-Hartman
2020-04-02 1:10 ` [PATCH 4.9 000/102] 4.9.218-rc1 review Guenter Roeck
2020-04-02 7:09 ` Jon Hunter
2020-04-02 7:45 ` Naresh Kamboju
2020-04-02 16:58 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200401161543.546814307@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=johannes.berg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).