UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net
History
Johannes Berg 177d574be4 wifi: nl80211: reject iftype change with mesh ID change 
commit f78c1375339a291cba492a70eaf12ec501d28a8e upstream.

It's currently possible to change the mesh ID when the
interface isn't yet in mesh mode, at the same time as
changing it into mesh mode. This leads to an overwrite
of data in the wdev->u union for the interface type it
currently has, causing cfg80211_change_iface() to do
wrong things when switching.

We could probably allow setting an interface to mesh
while setting the mesh ID at the same time by doing a
different order of operations here, but realistically
there's no userspace that's going to do this, so just
disallow changes in iftype when setting mesh ID.

Cc: stable@vger.kernel.org
Fixes: 29cbe68c51 ("cfg80211/mac80211: add mesh join/leave commands")
Reported-by: syzbot+dd4779978217b1973180@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-03-06 14:48:40 +00:00
..
6lowpan 6lowpan: Remove redundant initialisation. 2023-03-29 08:22:52 +01:00
9p net: 9p: avoid freeing uninit memory in p9pdu_vreadf 2024-01-01 12:42:41 +00:00
802
8021q vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING 2024-01-31 16:19:01 -08:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 17:01:50 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 17:01:48 +01:00
ax25 ax25: Kconfig: Update link for linux-ax25.org 2023-09-18 12:56:58 +01:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-24 10:51:39 -07:00
bluetooth Bluetooth: Enforce validation on max value of connection interval 2024-03-06 14:48:36 +00:00
bpf bpf: Fix a few selftest failures due to llvm18 change 2024-02-05 20:14:20 +00:00
bpfilter net: Use umd_cleanup_helper() 2023-05-31 13:06:57 +02:00
bridge netfilter: bridge: confirm multicast packets before passing them up the stack 2024-03-06 14:48:36 +00:00
caif sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
can can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) 2024-02-23 09:25:17 +01:00
ceph libceph: fail sparse-read if the data length doesn't match 2024-03-01 13:34:56 +01:00
core rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back 2024-03-06 14:48:36 +00:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-01 21:07:46 -07:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:59:35 +01:00
devlink devlink: fix port dump cmd type 2024-03-01 13:35:09 +01:00
dns_resolver keys, dns: Fix size check of V1 server-list header 2024-01-25 15:35:41 -08:00
dsa net: dsa: mark parsed interface mode for legacy switch drivers 2023-08-09 13:08:09 -07:00
ethernet
ethtool ethtool: netlink: Add missing ethnl_ops_begin/complete 2024-01-25 15:36:00 -08:00
handshake net/handshake: Fix handshake_req_destroy_test1 2024-02-23 09:24:50 +01:00
hsr net: hsr: Use correct offset for HSR TLV values in supervisory HSR frames 2024-03-06 14:48:36 +00:00
ieee802154 sysctl-6.6-rc1 2023-08-29 17:39:15 -07:00
ife net: sched: ife: fix potential use-after-free 2024-01-01 12:42:30 +00:00
ipv4 net: ip_tunnel: prevent perpetual headroom growth 2024-03-06 14:48:34 +00:00
ipv6 ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() 2024-03-06 14:48:35 +00:00
iucv
kcm net: kcm: fix direct access to bv_len 2024-02-05 20:14:25 +00:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-18 12:44:56 -07:00
l2tp l2tp: pass correct message length to ip6_append_data 2024-03-01 13:35:01 +01:00
l3mdev
lapb
llc llc: call sock_orphan() at release time 2024-02-05 20:14:36 +00:00
mac80211 wifi: mac80211: accept broadcast probe responses on 6 GHz 2024-03-01 13:34:55 +01:00
mac802154 Core WPAN changes: 2023-06-24 15:41:46 -07:00
mctp net: mctp: take ownership of skb in mctp_local_output 2024-03-06 14:48:34 +00:00
mpls networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
mptcp mptcp: add needs_id for netlink appending addr 2024-03-01 13:35:11 +01:00
ncsi net/ncsi: Fix netlink major/minor version numbers 2024-01-25 15:35:20 -08:00
netfilter netfilter: bridge: confirm multicast packets before passing them up the stack 2024-03-06 14:48:36 +00:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-01-25 15:35:14 -08:00
netlink netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter 2024-03-06 14:48:34 +00:00
netrom netrom: Deny concurrent connect(). 2023-08-28 06:58:46 +01:00
nfc nfc: nci: free rx_data_reassembly skb on NCI device cleanup 2024-02-23 09:25:02 +01:00
nsh net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
openvswitch net: openvswitch: limit the number of recursions from action sets 2024-02-23 09:24:51 +01:00
packet packet: Move reference count in packet_sock to atomic_long_t 2023-12-13 18:45:23 +01:00
phonet phonet/pep: fix racy skb_queue_empty() use 2024-03-01 13:35:10 +01:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:45:10 +01:00
qrtr net: qrtr: ns: Return 0 if server port is not present 2024-01-20 11:51:47 +01:00
rds net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv 2024-01-31 16:19:01 -08:00
rfkill net: rfkill: gpio: set GPIO direction 2024-01-01 12:42:41 +00:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-01 12:42:31 +00:00
rxrpc rxrpc: Fix counting of new acks and nacks 2024-02-16 19:10:50 +01:00
sched net/sched: flower: Add lock protection when remove filter handle 2024-03-01 13:35:09 +01:00
sctp sctp: fix busy polling 2024-01-25 15:35:30 -08:00
smc net/smc: disable SEID on non-s390 archs where virtual ISM may be used 2024-02-05 20:14:25 +00:00
strparser
sunrpc SUNRPC: Fix a suspicious RCU usage warning 2024-02-05 20:14:17 +00:00
switchdev net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-03-01 13:35:06 +01:00
tipc tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() 2024-02-16 19:10:50 +01:00
tls tls: fix use-after-free on failed backlog decryption 2024-03-06 14:48:37 +00:00
unix af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. 2024-02-16 19:10:50 +01:00
vmw_vsock virtio/vsock: send credit update during setting SO_RCVLOWAT 2024-01-25 15:35:26 -08:00
wireless wifi: nl80211: reject iftype change with mesh ID change 2024-03-06 14:48:40 +00:00
x25 sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
xdp xsk: Add truesize to skb_add_rx_frag(). 2024-03-01 13:35:05 +01:00
xfrm ipsec-2023-10-17 2023-10-17 18:21:13 -07:00
Kconfig bpf: Add fd-based tcx multi-prog infra with link support 2023-07-19 10:07:27 -07:00
Kconfig.debug
Makefile net/handshake: Create a NETLINK service for handling handshake requests 2023-04-19 18:48:48 -07:00
compat.c net/compat: Update msg_control_is_user when setting a kernel pointer 2023-04-14 11:09:27 +01:00
devres.c
socket.c net: Save and restore msg_namelen in sock_sendmsg 2024-01-10 17:16:51 +01:00
sysctl_net.c sysctl: Add size to register_net_sysctl function 2023-08-15 15:26:17 -07:00