AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
28f901fe16
linux_dsm_epyc7002/net/mac80211
History
Markus Theil 25e809bf8b mac80211: fix double free in ibss_leave 
commit 3bd801b14e0c5d29eeddc7336558beb3344efaa3 upstream.

Clear beacon ie pointer and ie length after free
in order to prevent double free.

==================================================================
BUG: KASAN: double-free or invalid-free \
in ieee80211_ibss_leave+0x83/0xe0 net/mac80211/ibss.c:1876

CPU: 0 PID: 8472 Comm: syz-executor100 Not tainted 5.11.0-rc6-syzkaller #0
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 print_address_description.constprop.0.cold+0x5b/0x2c6 mm/kasan/report.c:230
 kasan_report_invalid_free+0x51/0x80 mm/kasan/report.c:355
 ____kasan_slab_free+0xcc/0xe0 mm/kasan/common.c:341
 kasan_slab_free include/linux/kasan.h:192 [inline]
 __cache_free mm/slab.c:3424 [inline]
 kfree+0xed/0x270 mm/slab.c:3760
 ieee80211_ibss_leave+0x83/0xe0 net/mac80211/ibss.c:1876
 rdev_leave_ibss net/wireless/rdev-ops.h:545 [inline]
 __cfg80211_leave_ibss+0x19a/0x4c0 net/wireless/ibss.c:212
 __cfg80211_leave+0x327/0x430 net/wireless/core.c:1172
 cfg80211_leave net/wireless/core.c:1221 [inline]
 cfg80211_netdev_notifier_call+0x9e8/0x12c0 net/wireless/core.c:1335
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2040
 call_netdevice_notifiers_extack net/core/dev.c:2052 [inline]
 call_netdevice_notifiers net/core/dev.c:2066 [inline]
 __dev_close_many+0xee/0x2e0 net/core/dev.c:1586
 __dev_close net/core/dev.c:1624 [inline]
 __dev_change_flags+0x2cb/0x730 net/core/dev.c:8476
 dev_change_flags+0x8a/0x160 net/core/dev.c:8549
 dev_ifsioc+0x210/0xa70 net/core/dev_ioctl.c:265
 dev_ioctl+0x1b1/0xc40 net/core/dev_ioctl.c:511
 sock_do_ioctl+0x148/0x2d0 net/socket.c:1060
 sock_ioctl+0x477/0x6a0 net/socket.c:1177
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl fs/ioctl.c:739 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported-by: syzbot+93976391bf299d425f44@syzkaller.appspotmail.com
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Link: https://lore.kernel.org/r/20210213133653.367130-1-markus.theil@tu-ilmenau.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-03-30 14:32:08 +02:00
..
aead_api.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
aead_api.h
aes_ccm.h
aes_cmac.c mac80211: Update BIP to support Beacon frames 2020-02-24 10:36:03 +01:00
aes_cmac.h
aes_gcm.h
aes_gmac.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
aes_gmac.h
agg-rx.c net: mac80211: agg-rx.c: fix duplicated words 2020-08-27 11:23:08 +02:00
agg-tx.c mac80211: accept aggregation sessions on 6 GHz 2020-05-31 11:27:16 +02:00
airtime.c mac80211: add AQL support for VHT160 tx rates 2020-09-18 11:36:03 +02:00
cfg.c mac80211: fix rate mask reset 2021-03-30 14:32:00 +02:00
chan.c mac80211: get correct default channel width for S1G 2020-09-28 13:53:05 +02:00
debug.h
debugfs_key.c mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_netdev.c cfg80211/mac80211: add connected to auth server to meshconf 2020-07-31 09:24:24 +02:00
debugfs_netdev.h
debugfs_sta.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2020-03-29 21:25:29 -07:00
debugfs_sta.h
debugfs.c mac80211: fix incorrect strlen of .write in debugfs 2021-02-07 15:37:15 +01:00
debugfs.h
driver-ops.c mac80211: fix station rate table updates on assoc 2021-02-10 09:29:16 +01:00
driver-ops.h mac80211: notify the driver when a sta uses 4-address mode 2020-09-18 12:16:16 +02:00
ethtool.c
fils_aead.c
fils_aead.h
he.c mac80211: use HE 6 GHz band capability and pass it to the driver 2020-05-31 11:27:03 +02:00
ht.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
ibss.c mac80211: fix double free in ibss_leave 2021-03-30 14:32:08 +02:00
ieee80211_i.h mac80211: pause TX while changing interface type 2021-02-03 23:28:48 +01:00
iface.c mac80211: pause TX while changing interface type 2021-02-03 23:28:48 +01:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-02-17 11:02:25 +01:00
key.c mac80211: rework tx encapsulation offload API 2020-09-18 12:02:57 +02:00
key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
led.c
led.h
main.c mac80211: rename csa counters to countdown counters 2020-08-27 14:12:15 +02:00
Makefile mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
mesh_hwmp.c mac80211: fix potential overflow when multiplying to u32 integers 2021-03-04 11:37:32 +01:00
mesh_pathtbl.c mac80211: mesh: fix mesh_pathtbl_init() error path 2020-12-04 17:34:25 -08:00
mesh_plink.c mac80211: fix some more kernel-doc in mesh 2020-09-28 14:36:53 +02:00
mesh_ps.c mac80211: fix some more kernel-doc in mesh 2020-09-28 14:36:53 +02:00
mesh_sync.c
mesh.c mac80211: rename csa counters to countdown counters 2020-08-27 14:12:15 +02:00
mesh.h mac80211: add HE 6 GHz Band Capability element 2020-05-31 11:26:39 +02:00
michael.c
michael.h
mlme.c mac80211: Allow HE operation to be longer than expected. 2021-03-30 14:32:00 +02:00
ocb.c
offchannel.c mac80211: Inform AP when returning operating channel 2020-09-28 13:18:53 +02:00
pm.c
rate.c mac80211: fix station rate table updates on assoc 2021-02-10 09:29:16 +01:00
rate.h mac80211: populate debugfs only after cfg80211 init 2020-04-24 11:30:13 +02:00
rc80211_minstrel_debugfs.c mac80211: minstrel_ht: rename prob_ewma to prob_avg, use it for the new average 2019-10-11 10:31:45 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: rename prob_ewma to prob_avg, use it for the new average 2019-10-11 10:31:45 +02:00
rc80211_minstrel_ht.c One batch of changes, containing: 2020-05-26 20:17:35 -07:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: rename prob_ewma to prob_avg, use it for the new average 2019-10-11 10:31:45 +02:00
rc80211_minstrel.c mac80211: minstrel: fix tx status processing corner case 2020-11-12 11:25:09 +01:00
rc80211_minstrel.h mac80211: minstrel: remove deferred sampling code 2020-11-12 11:24:43 +01:00
rx.c mac80211: fix fast-rx encryption check 2021-02-07 15:37:15 +01:00
s1g.c mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
scan.c mac80211: convert S1G beacon to scan results 2020-09-28 13:53:25 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-02-13 13:55:04 +01:00
sta_info.c mac80211: free sta in sta_info_insert_finish() on errors 2020-11-13 09:48:32 +01:00
sta_info.h mac80211: fix kernel-doc markups 2020-10-30 10:06:09 +01:00
status.c mac80211: fix memory leak on filtered powersave frames 2020-11-12 11:23:58 +01:00
tdls.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
tkip.c mac80211: Fix TKIP replay protection immediately after key setup 2020-01-15 09:52:12 +01:00
tkip.h
trace_msg.h
trace.c
trace.h mac80211: notify the driver when a sta uses 4-address mode 2020-09-18 12:16:16 +02:00
tx.c mac80211: fix encryption key selection for 802.3 xmit 2021-02-07 15:37:15 +01:00
util.c mac80211: Allow HE operation to be longer than expected. 2021-03-30 14:32:00 +02:00
vht.c mac80211: don't set set TDLS STA bandwidth wider than possible 2020-12-30 11:53:50 +01:00
wep.c mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wep.h mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wme.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
wme.h
wpa.c
wpa.h