UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

Just a couple of fixes: 

* two potential leaks
  * use-after-free in certain scan races
  * warning in IBSS code
  * error return from a debugfs file was wrong
  * possible NULL-ptr-deref when station lookup fails
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEH1e1rEeCd0AIMq6MB8qZga/fl8QFAmMIhgMACgkQB8qZga/f
 l8QKmRAAkYm/uhgE2RLkSNpUCkkxsH5kLaB2JJpmKrHgX15Dwv8UNA/+fy13qRvd
 I3eyswbXGWuTguXn8peq992e7wv1w7pJuYtEiMwz/8wnIjLeKYMSDpy6qxGC+sGU
 Dv4gA6t4BmUY8/BlCY+XRVCylSbTklfRq2yP8XfndJ3Ac3NeQoAVIEIc7fJ1by0O
 QKKaGFU1qnBpuFWdjfBLumCFCzO4C1s93jxbIdIBqxlTho8R3X0d6I16Ow8Rk+9z
 BICsxKGQsy+Ss4x+SsEPdXMptjp36HnTg8pR9wFCrjb+Qbh20qh1eExwq+LSVPgp
 qnqY9X4q1eWaEAD2tub9PMjsc+Pbiy6L2wcXT5WCv5JPGfE5uC0g2WuUSnDmAWJQ
 Ogy4pNdqNG5gAyhVZwH8mhQodRtybcY9QNDBHRg6Hla83bUqArXmMoIBRiOGwVw/
 WWFqhH5mrrmADbeuh9CWDcmyVc/9+NHOIhSFMDPHddcdaOD4NZAO8do3PsO/kKyN
 kooo8FxkkFf4yULWZwmwaQJmZp95SiAEmyZgW4/FHR8//z2L7gRyrcGD3Q6N/EZZ
 5ZH2luoXkXrFPOJq02yp//2+C+IKeas7w5GZaNpyPkdjGlu79uh1Yxcve9zypNRV
 WTMn9j2y3plTkUPGshSf9avdR26kTAHkPeMhpLCmNeC24zITrw0=
 =7lVK
 -----END PGP SIGNATURE-----

Merge tag 'wireless-2022-08-26' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

Johannes Berg says:

====================
pull-request: wireless-2022-08-26

Here are a couple of fixes for the current cycle,
see the tag description below.

Just a couple of fixes:
 * two potential leaks
 * use-after-free in certain scan races
 * warning in IBSS code
 * error return from a debugfs file was wrong
 * possible NULL-ptr-deref when station lookup fails

Please pull and let me know if there's any problem.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2022-08-26 11:43:20 +01:00
parent 4c612826be 55f0a48944
commit 4ba9d38bb5
5 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/mac80211/ibss.c
View File

@ -530,6 +530,10 @@ int ieee80211_ibss_finish_csa(struct ieee80211_sub_if_data *sdata)
sdata_assert_lock(sdata);
/* When not connected/joined, sending CSA doesn't make sense. */
if (ifibss->state != IEEE80211_IBSS_MLME_JOINED)
return -ENOLINK;
/* update cfg80211 bss information with the new channel */
if (!is_zero_ether_addr(ifibss->bssid)) {
cbss = cfg80211_get_bss(sdata->local->hw.wiphy,

11
net/mac80211/scan.c
View File

@ -469,16 +469,19 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
scan_req = rcu_dereference_protected(local->scan_req,
lockdep_is_held(&local->mtx));
if (scan_req != local->int_scan_req) {
local->scan_info.aborted = aborted;
cfg80211_scan_done(scan_req, &local->scan_info);
}
RCU_INIT_POINTER(local->scan_req, NULL);
RCU_INIT_POINTER(local->scan_sdata, NULL);
local->scanning = 0;
local->scan_chandef.chan = NULL;
synchronize_rcu();
if (scan_req != local->int_scan_req) {
local->scan_info.aborted = aborted;
cfg80211_scan_done(scan_req, &local->scan_info);
}
/* Set power back to normal operating levels. */
ieee80211_hw_config(local, 0);

2
net/mac80211/sta_info.c
View File

@ -494,7 +494,7 @@ __sta_info_alloc(struct ieee80211_sub_if_data *sdata,
sta->sdata = sdata;
if (sta_info_alloc_link(local, &sta->deflink, gfp))
return NULL;
goto free;
if (link_id >= 0) {
sta_info_add_link(sta, link_id, &sta->deflink,

3
net/mac80211/tx.c
View File

@ -5885,6 +5885,7 @@ int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
rcu_read_lock();
err = ieee80211_lookup_ra_sta(sdata, skb, &sta);
if (err) {
dev_kfree_skb(skb);
rcu_read_unlock();
return err;
}
@ -5899,7 +5900,7 @@ int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
* for MLO STA, the SA should be the AP MLD address, but
* the link ID has been selected already
*/
if (sta->sta.mlo)
if (sta && sta->sta.mlo)
memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
}
rcu_read_unlock();

3
net/wireless/debugfs.c
View File

@ -65,9 +65,10 @@ static ssize_t ht40allow_map_read(struct file *file,
{
struct wiphy *wiphy = file->private_data;
char *buf;
unsigned int offset = 0, buf_size = PAGE_SIZE, i, r;
unsigned int offset = 0, buf_size = PAGE_SIZE, i;
enum nl80211_band band;
struct ieee80211_supported_band *sband;
ssize_t r;
buf = kzalloc(buf_size, GFP_KERNEL);
if (!buf)