redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/wireless
History
Miaoqing Pan b501426cf8 nl80211: fix null pointer dereference 
If the interface is not in MESH mode, the command 'iw wlanx mpath del'
will cause kernel panic.

The root cause is null pointer access in mpp_flush_by_proxy(), as the
pointer 'sdata->u.mesh.mpp_paths' is NULL for non MESH interface.

Unable to handle kernel NULL pointer dereference at virtual address 00000068
[...]
PC is at _raw_spin_lock_bh+0x20/0x5c
LR is at mesh_path_del+0x1c/0x17c [mac80211]
[...]
Process iw (pid: 4537, stack limit = 0xd83e0238)
[...]
[<c021211c>] (_raw_spin_lock_bh) from [<bf8c7648>] (mesh_path_del+0x1c/0x17c [mac80211])
[<bf8c7648>] (mesh_path_del [mac80211]) from [<bf6cdb7c>] (extack_doit+0x20/0x68 [compat])
[<bf6cdb7c>] (extack_doit [compat]) from [<c05c309c>] (genl_rcv_msg+0x274/0x30c)
[<c05c309c>] (genl_rcv_msg) from [<c05c25d8>] (netlink_rcv_skb+0x58/0xac)
[<c05c25d8>] (netlink_rcv_skb) from [<c05c2e14>] (genl_rcv+0x20/0x34)
[<c05c2e14>] (genl_rcv) from [<c05c1f90>] (netlink_unicast+0x11c/0x204)
[<c05c1f90>] (netlink_unicast) from [<c05c2420>] (netlink_sendmsg+0x30c/0x370)
[<c05c2420>] (netlink_sendmsg) from [<c05886d0>] (sock_sendmsg+0x70/0x84)
[<c05886d0>] (sock_sendmsg) from [<c0589f4c>] (___sys_sendmsg.part.3+0x188/0x228)
[<c0589f4c>] (___sys_sendmsg.part.3) from [<c058add4>] (__sys_sendmsg+0x4c/0x70)
[<c058add4>] (__sys_sendmsg) from [<c0208c80>] (ret_fast_syscall+0x0/0x44)
Code: e2822c02 e2822001 e5832004 f590f000 (e1902f9f)
---[ end trace bbd717600f8f884d ]---

Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
Link: https://lore.kernel.org/r/1569485810-761-1-git-send-email-miaoqing@codeaurora.org
[trim useless data from commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2019-10-01 17:56:19 +02:00
..
certs cfg80211: ship certificates as hex files 2017-12-19 09:28:01 +01:00
.gitignore cfg80211: implement regdb signature checking 2017-10-11 14:24:24 +02:00
Kconfig lib80211: use crypto API ccm(aes) transform for CCMP processing 2019-07-26 13:22:47 +02:00
Makefile wireless: Skip directory when generating certificates 2019-05-14 10:27:57 +02:00
ap.c cfg80211: call disconnect_wk when AP stops 2019-02-01 11:12:50 +01:00
chan.c nl80211: Add support for EDMG channels 2019-08-21 11:07:35 +02:00
core.c cfg80211: always shut down on HW rfkill 2019-09-11 09:13:26 +02:00
core.h cfg80211: always shut down on HW rfkill 2019-09-11 09:13:26 +02:00
debugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ethtool.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ibss.c cfg80211: ibss: use 11a mandatory rates for 6GHz band operation 2019-08-21 10:54:57 +02:00
lib80211.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
lib80211_crypt_ccmp.c lib80211: use crypto API ccm(aes) transform for CCMP processing 2019-07-26 13:22:47 +02:00
lib80211_crypt_tkip.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lib80211_crypt_wep.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
mesh.c nl80211: Add SOCKET_OWNER support to JOIN_MESH 2018-03-29 10:38:24 +02:00
mlme.c cfg80211: Report Association Request frame IEs in association events 2019-02-22 13:35:09 +01:00
nl80211.c nl80211: fix null pointer dereference 2019-10-01 17:56:19 +02:00
nl80211.h cfg80211: Report Association Request frame IEs in association events 2019-02-22 13:35:09 +01:00
ocb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
of.c cfg80211: support ieee80211-freq-limit DT property 2017-01-06 14:01:13 +01:00
pmsr.c cfg80211: report measurement start TSF correctly 2019-06-14 15:46:33 +02:00
radiotap.c cfg80211: add radiotap VHT info to rtap_namespace_sizes 2016-02-24 09:04:41 +01:00
rdev-ops.h cfg80211: add support to probe unexercised mesh link 2019-04-26 13:02:11 +02:00
reg.c cfg80211: initialize on-stack chandefs 2019-10-01 17:56:18 +02:00
reg.h cfg80211: restore regulatory without calling userspace 2019-02-11 15:46:29 +01:00
scan.c cfg80211: validate SSID/MBSSID element ordering assumption 2019-10-01 17:56:18 +02:00
sme.c cfg80211: Handle bss expiry during connection 2019-05-28 09:35:39 +02:00
sysfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 432 2019-06-05 17:37:16 +02:00
sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.c cfg80211: add tracing to rdev-ops 2012-10-18 10:53:37 +02:00
trace.h cfg80211: add 6GHz in code handling array with NUM_NL80211_BANDS entries 2019-08-21 10:54:12 +02:00
util.c We have a number of changes, but things are settling down: 2019-09-11 14:57:17 +01:00
wext-compat.c cfg80211: initialize on-stack chandefs 2019-10-01 17:56:18 +02:00
wext-compat.h treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
wext-core.c net: Don't take rtnl_lock() in wireless_nlevent_flush() 2018-03-29 13:47:53 -04:00
wext-priv.c
wext-proc.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
wext-sme.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wext-spy.c wireless: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:19 -04:00