From patchwork Tue May 19 12:37:01 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Kazior X-Patchwork-Id: 6436751 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 974C2C0432 for ; Tue, 19 May 2015 12:37:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id C6C322054D for ; Tue, 19 May 2015 12:37:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AEC2F20453 for ; Tue, 19 May 2015 12:37:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755666AbbESMhU (ORCPT ); Tue, 19 May 2015 08:37:20 -0400 Received: from mail-wi0-f171.google.com ([209.85.212.171]:35978 "EHLO mail-wi0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755413AbbESMhR (ORCPT ); Tue, 19 May 2015 08:37:17 -0400 Received: by wizk4 with SMTP id k4so115742701wiz.1 for ; Tue, 19 May 2015 05:37:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tieto.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=iqhCtIFIa1b5fsofRv7lP+ooYrRZOfYcXmZLVr3ajV8=; b=2mME1Q9EXIT2KwJJsK+GV1PNZVe0RauogE5pG1hrQk3xQVPBXmoRLFT62sp5V+e2dz 9Tmn9I2gKhLHKghgRYnXTj6MFvuunsm1TUkOx4FMLeOIa7M53DP36pTe3xzgJWdW0de6 QcaUpQzieWlBWsH/8Cvpy2NI1mnFlYOx/8WeU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=iqhCtIFIa1b5fsofRv7lP+ooYrRZOfYcXmZLVr3ajV8=; b=RKOMa91c+U0KZL5IhUpC/C90NiIvAFKgURv1jqOxH1ewjYKK6Dix2hOWWno5J3MQ2s lkIp0r9U1twuO/MNguqro5J9H0rdhacQpNgF9tAhXKyLCx7O4VXR2O3WkPi0RYPIO8GZ vjRYisCJjHGVlML5LIQ0cgaPfMB0ErfjGsaTc0xDZCmlSgcms3oJKlksBj7yUVtlgYA7 WkBGP7Ov/MWwLPCT5SCcZX9oAmCp4V9X73qwszaWniHhpwBrdHmI1lOVjusArKF4FVPe SxAVdkSgYbJAmzxg+iq0QHuQob5I2d4AIW5CshR0Wv3BXFF3UOv3ei8xyWqAeP4KMOjZ NeYA== X-Gm-Message-State: ALoCoQmMAh2YoDbz6RK18U0csxuHerMYmh6FNEMHnQLRJOo/hGbh92IeCE8IGl0rW8YqD3hA6mYXCoB016fy38aGtZVwC9TYNwq/mMvzAPCNky8Uj/NjHRRTtSWnUHVEbql9ELUMBW1ESUa+++XPRh2u68aOFm3DbKoRa5DSwZtK45F4kyTPolIraRVAfMUvjO/a3rJ2JVG8 X-Received: by 10.180.88.8 with SMTP id bc8mr12279842wib.19.1432039035857; Tue, 19 May 2015 05:37:15 -0700 (PDT) Received: from localhost.localdomain ([91.198.246.8]) by mx.google.com with ESMTPSA id ch2sm17166331wib.18.2015.05.19.05.37.14 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 19 May 2015 05:37:15 -0700 (PDT) From: Michal Kazior To: linux-wireless@vger.kernel.org Cc: johannes@sipsolutions.net, Michal Kazior Subject: [PATCH 2/2] mac80211: guard against invalid ptr deref Date: Tue, 19 May 2015 14:37:01 +0200 Message-Id: <1432039021-29666-2-git-send-email-michal.kazior@tieto.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1432039021-29666-1-git-send-email-michal.kazior@tieto.com> References: <1432039021-29666-1-git-send-email-michal.kazior@tieto.com> X-DomainID: tieto.com Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Without "cfg80211: ignore netif running state when changing iftype" it was possible for mac80211 to crash the system due to an unexpected (and incorrect) flow. Even with cfg80211 being fixed it still makes sense to add a sanity check just in case. Signed-off-by: Michal Kazior --- net/mac80211/cfg.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 3469bbdc891c..74cc789f9c8e 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -1395,6 +1395,12 @@ static int ieee80211_change_station(struct wiphy *wiphy, vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan); if (params->vlan->ieee80211_ptr->use_4addr) { + if (vlansdata->vif.type != NL80211_IFTYPE_AP_VLAN) { + WARN_ON(1); + err = -EINVAL; + goto out_err; + } + if (vlansdata->u.vlan.sta) { err = -EBUSY; goto out_err;