AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-24 07:39:41 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
37e179c028
linux_dsm_epyc7002/net/wireless
History
Du Cheng 6a07cf3606 cfg80211: call cfg80211_leave_ocb when switching away from OCB 
[ Upstream commit a64b6a25dd9f984ed05fade603a00e2eae787d2f ]

If the userland switches back-and-forth between NL80211_IFTYPE_OCB and
NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), there is a
chance where the cleanup cfg80211_leave_ocb() is not called. This leads
to initialization of in-use memory (e.g. init u.ibss while in-use by
u.ocb) due to a shared struct/union within ieee80211_sub_if_data:

struct ieee80211_sub_if_data {
    ...
    union {
        struct ieee80211_if_ap ap;
        struct ieee80211_if_vlan vlan;
        struct ieee80211_if_managed mgd;
        struct ieee80211_if_ibss ibss; // <- shares address
        struct ieee80211_if_mesh mesh;
        struct ieee80211_if_ocb ocb; // <- shares address
        struct ieee80211_if_mntr mntr;
        struct ieee80211_if_nan nan;
    } u;
    ...
}

Therefore add handling of otype == NL80211_IFTYPE_OCB, during
cfg80211_change_iface() to perform cleanup when leaving OCB mode.

link to syzkaller bug:
https://syzkaller.appspot.com/bug?id=0612dbfa595bf4b9b680ff7b4948257b8e3732d5

Reported-by: syzbot+105896fac213f26056f9@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210428063941.105161-1-ducheng2@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-06-30 08:47:19 -04:00
..
certs cfg80211: ship certificates as hex files 2017-12-19 09:28:01 +01:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c cfg80211: call disconnect_wk when AP stops 2019-02-01 11:12:50 +01:00
chan.c cfg80211: only allow S1G channels on S1G band 2020-10-08 10:41:24 +02:00
core.c cfg80211: initialize wdev data earlier 2020-10-30 10:03:59 +01:00
core.h nl80211: validate key indexes for cfg80211_registered_device 2020-12-26 16:02:45 +01:00
debugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ethtool.c cfg80211: check wiphy driver existence for drvinfo report 2020-02-07 12:53:26 +01:00
ibss.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
Kconfig cfg80211: select CONFIG_CRC32 2021-01-19 18:27:28 +01:00
lib80211_crypt_ccmp.c lib80211: use crypto API ccm(aes) transform for CCMP processing 2019-07-26 13:22:47 +02:00
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
Makefile cfg80211: make certificate generation more robust 2021-06-23 14:42:53 +02:00
mesh.c cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
mlme.c cfg80211: handle Association Response from S1G STA 2020-09-28 13:54:03 +02:00
nl80211.c nl80211: fix potential leak of ACL params 2021-04-14 08:42:02 +02:00
nl80211.h nl80211: link recursive netlink nested policy 2020-04-30 17:51:41 -07:00
ocb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
of.c cfg80211: support ieee80211-freq-limit DT property 2017-01-06 14:01:13 +01:00
pmsr.c cfg80211: avoid double free of PMSR request 2021-06-23 14:42:53 +02:00
radiotap.c wireless: radiotap: fix some kernel-doc 2020-09-28 13:53:05 +02:00
rdev-ops.h nl80211: add ability to report TX status for control port TX 2020-05-27 10:02:04 +02:00
reg.c cfg80211: regulatory: Fix inconsistent format argument 2020-10-30 10:06:56 +01:00
reg.h net: Fix various misspellings of "connect" 2019-10-28 13:41:59 -07:00
scan.c cfg80211: scan: drop entry from hidden_list on overflow 2021-05-14 09:50:00 +02:00
sme.c cfg80211: remove WARN_ON() in cfg80211_sme_connect 2021-04-14 08:42:13 +02:00
sysfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 432 2019-06-05 17:37:16 +02:00
sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.c
trace.h cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
util.c cfg80211: call cfg80211_leave_ocb when switching away from OCB 2021-06-30 08:47:19 -04:00
wext-compat.c net: wireless: Convert to use the preferred fallthrough macro 2020-08-27 11:24:28 +02:00
wext-compat.h treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
wext-core.c wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:28:38 +01:00
wext-priv.c
wext-proc.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
wext-sme.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
wext-spy.c