UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net/mac80211
History
Kenton Groombridge 26b177ecdd wifi: mac80211: Avoid address calculations via out of bounds array indexing 
[ Upstream commit 2663d0462eb32ae7c9b035300ab6b1523886c718 ]

req->n_channels must be set before req->channels[] can be used.

This patch fixes one of the issues encountered in [1].

[   83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4
[   83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]'
[...]
[   83.964264] Call Trace:
[   83.964267]  <TASK>
[   83.964269]  dump_stack_lvl+0x3f/0xc0
[   83.964274]  __ubsan_handle_out_of_bounds+0xec/0x110
[   83.964278]  ieee80211_prep_hw_scan+0x2db/0x4b0
[   83.964281]  __ieee80211_start_scan+0x601/0x990
[   83.964291]  nl80211_trigger_scan+0x874/0x980
[   83.964295]  genl_family_rcv_msg_doit+0xe8/0x160
[   83.964298]  genl_rcv_msg+0x240/0x270
[...]

[1] https://bugzilla.kernel.org/show_bug.cgi?id=218810

Co-authored-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Link: https://msgid.link/20240605152218.236061-1-concord@gentoo.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
[Xiangyu: Modified to apply on 6.1.y and 6.6.y]
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-10-17 15:24:32 +02:00
..
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-01-28 09:29:34 +02:00
Makefile wifi: mac80211: move link code to a new file 2022-09-03 17:02:25 +02:00
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aead_api.h
aes_ccm.h
aes_cmac.c mac80211: aes_cmac: check crypto_shash_setkey() return value 2021-04-19 12:01:40 +02:00
aes_cmac.h
aes_gcm.h
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aes_gmac.h
agg-rx.c wifi: mac80211: remove support for AddBA with fragmentation 2022-10-07 15:24:31 +02:00
agg-tx.c wifi: mac80211: fix BA session teardown race 2024-08-29 17:33:23 +02:00
airtime.c wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration 2022-11-25 12:45:53 +01:00
cfg.c wifi: mac80211: track capability/opmode NSS separately 2024-08-03 08:54:33 +02:00
chan.c wifi: mac80211: fix RCU list iterations 2024-10-10 11:57:27 +02:00
debug.h wifi: mac80211: Add getter functions for vif MLD state 2023-06-14 12:20:08 +02:00
debugfs.c wifi: mac80211: remove return value check of debugfs_create_dir() 2023-04-20 11:46:07 +02:00
debugfs.h
debugfs_key.c wifi: mac80211: reorg some iface data structs for MLD 2022-06-20 12:55:06 +02:00
debugfs_key.h
debugfs_netdev.c wifi: mac80211: Add debugfs entry to report dormant links 2023-06-19 12:05:19 +02:00
debugfs_netdev.h wifi: mac80211: add netdev per-link debugfs data and driver hook 2023-03-07 10:56:06 +01:00
debugfs_sta.c wifi: mac80211: add eht_capa debugfs field 2023-06-19 17:34:55 +02:00
debugfs_sta.h wifi: mac80211: add API to show the link STAs in debugfs 2022-10-07 15:23:41 +02:00
driver-ops.c wifi: mac80211: fix BA session teardown race 2024-08-29 17:33:23 +02:00
driver-ops.h wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush 2023-12-08 08:52:21 +01:00
drop.h wifi: mac80211: fix check for unusable RX result 2023-11-20 11:58:57 +01:00
eht.c wifi: mac80211: add helpers to access sband iftype data 2023-06-14 11:57:29 +02:00
ethtool.c wifi: mac80211: read ethtool's sta_stats from sinfo 2022-08-26 09:56:54 +02:00
fils_aead.c wifi: mac80211: Do not include crypto/algapi.h 2023-08-24 08:42:36 +02:00
fils_aead.h
he.c wifi: mac80211: correctly parse Spatial Reuse Parameter Set element 2024-06-21 14:38:13 +02:00
ht.c wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap 2024-01-20 11:51:37 +01:00
ibss.c wifi: mac80211: work around Cisco AP 9115 VHT MPDU length 2023-09-25 08:41:27 +02:00
ieee80211_i.h wifi: mac80211: track capability/opmode NSS separately 2024-08-03 08:54:33 +02:00
iface.c wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() 2024-10-04 16:28:57 +02:00
key.c wifi: mac80211: fix error path key leak 2023-10-11 16:36:14 +02:00
key.h wifi: mac80211: implement link switching 2022-09-06 10:17:20 +02:00
led.c leds: Change led_trigger_blink[_oneshot]() delay parameters to pass-by-value 2023-05-25 12:16:27 +01:00
led.h leds: Change led_trigger_blink[_oneshot]() delay parameters to pass-by-value 2023-05-25 12:16:27 +01:00
link.c wifi: mac80211: Fix setting vif links 2023-11-20 11:59:02 +01:00
main.c wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD 2024-09-08 07:54:43 +02:00
mesh.c wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata 2024-07-25 09:50:41 +02:00
mesh.h wifi: mac80211: split mesh fast tx cache into local/proxied/forwarded 2024-05-02 16:32:34 +02:00
mesh_hwmp.c wifi: mac80211: use wiphy work for sdata->work 2023-06-07 19:53:18 +02:00
mesh_pathtbl.c wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects 2024-06-21 14:38:12 +02:00
mesh_plink.c wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-01 12:42:27 +00:00
mesh_ps.c wifi: mac80211: consistently use u64 for BSS changes 2023-06-06 14:16:48 +02:00
mesh_sync.c mac80211: mesh: clean up rx_bcn_presp API 2021-09-23 16:26:33 +02:00
michael.c
michael.h
mlme.c wifi: mac80211: fix RCU list iterations 2024-10-10 11:57:27 +02:00
ocb.c wifi: mac80211: use wiphy work for sdata->work 2023-06-07 19:53:18 +02:00
offchannel.c wifi: mac80211: don't use rate mask for offchannel TX either 2024-10-04 16:28:52 +02:00
pm.c mac80211: Prevent AP probing during suspend 2021-10-21 17:27:51 +02:00
rate.c wifi: mac80211: don't use rate mask for offchannel TX either 2024-10-04 16:28:52 +02:00
rate.h wifi: mac80211: make ieee80211_check_rate_mask() link-aware 2022-07-15 11:43:21 +02:00
rc80211_minstrel_ht.c mac80211: minstrel_ht: remove unused n_supported variable 2023-03-30 11:21:17 +02:00
rc80211_minstrel_ht.h wifi: mac80211: minstrel_ht: remove unused has_mrr member from struct minstrel_priv 2022-10-07 15:25:05 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: show sampling rates in debugfs 2021-02-12 08:58:11 +01:00
rx.c wifi: mac80211: split mesh fast tx cache into local/proxied/forwarded 2024-05-02 16:32:34 +02:00
s1g.c wifi: mac80211: Set TWT Information Frame Disabled bit as 1 2022-11-02 09:50:40 +01:00
scan.c wifi: mac80211: Avoid address calculations via out of bounds array indexing 2024-10-17 15:24:32 +02:00
spectmgmt.c wifi: mac80211: separate out connection downgrade flags 2022-07-15 11:43:14 +02:00
sta_info.c wifi: mac80211: flush STA queues on unauthorization 2024-08-29 17:33:28 +02:00
sta_info.h wifi: mac80211: track capability/opmode NSS separately 2024-08-03 08:54:33 +02:00
status.c wifi: mac80211: use wiphy work for sdata->work 2023-06-07 19:53:18 +02:00
tdls.c wifi: mac80211: Extend AID element addition for TDLS frames 2023-06-19 12:05:28 +02:00
tkip.c
tkip.h
trace.c
trace.h wifi: mac80211: Replace strlcpy with strscpy 2023-06-14 12:32:19 +02:00
trace_msg.h mac80211: tracing: Use the new __vstring() helper 2022-07-24 19:11:17 -04:00
tx.c wifi: mac80211: don't use rate mask for offchannel TX either 2024-10-04 16:28:52 +02:00
util.c wifi: mac80211: fix RCU list iterations 2024-10-10 11:57:27 +02:00
vht.c wifi: mac80211: track capability/opmode NSS separately 2024-08-03 08:54:33 +02:00
wep.c
wep.h
wme.c wifi: mac80211: fix qos on mesh interfaces 2023-03-22 13:46:38 +01:00
wme.h wifi: mac80211: Drop support for TX push path 2022-10-10 11:06:14 +02:00
wpa.c wifi: mac80211: Do not include crypto/algapi.h 2023-08-24 08:42:36 +02:00
wpa.h wifi: mac80211: remove cipher scheme support 2022-06-10 15:35:53 +02:00