android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c65f72eec6
android_kernel_xiaomi_sm8450/net/mac80211
History
Dmitry Antipov bb8ace6794 wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() 
[ Upstream commit 92ecbb3ac6f3fe8ae9edf3226c76aa17b6800699 ]

When testing the previous patch with CONFIG_UBSAN_BOUNDS, I've
noticed the following:

UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:372:4
index 0 is out of range for type 'struct ieee80211_channel *[]'
CPU: 0 PID: 1435 Comm: wpa_supplicant Not tainted 6.9.0+ #1
Hardware name: LENOVO 20UN005QRT/20UN005QRT <...BIOS details...>
Call Trace:
 <TASK>
 dump_stack_lvl+0x2d/0x90
 __ubsan_handle_out_of_bounds+0xe7/0x140
 ? timerqueue_add+0x98/0xb0
 ieee80211_prep_hw_scan+0x2db/0x480 [mac80211]
 ? __kmalloc+0xe1/0x470
 __ieee80211_start_scan+0x541/0x760 [mac80211]
 rdev_scan+0x1f/0xe0 [cfg80211]
 nl80211_trigger_scan+0x9b6/0xae0 [cfg80211]
 ...<the rest is not too useful...>

Since '__ieee80211_start_scan()' leaves 'hw_scan_req->req.n_channels'
uninitialized, actual boundaries of 'hw_scan_req->req.channels' can't
be checked in 'ieee80211_prep_hw_scan()'. Although an initialization
of 'hw_scan_req->req.n_channels' introduces some confusion around
allocated vs. used VLA members, this shouldn't be a problem since
everything is correctly adjusted soon in 'ieee80211_prep_hw_scan()'.

Cleanup 'kmalloc()' math in '__ieee80211_start_scan()' by using the
convenient 'struct_size()' as well.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Link: https://msgid.link/20240517153332.18271-2-dmantipov@yandex.ru
[improve (imho) indentation a bit]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-07-27 10:40:17 +02:00
..
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-04-10 13:36:08 +02:00
aead_api.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_ccm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_cmac.c mac80211: Update BIP to support Beacon frames 2020-02-24 10:36:03 +01:00
aes_cmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gcm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-04-10 13:36:08 +02:00
aes_gmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
agg-rx.c mac80211: fix lookup when adding AddBA extension element 2021-12-22 09:30:54 +01:00
agg-tx.c wifi: mac80211: sdata can be NULL during AMPDU start 2023-01-24 07:19:56 +01:00
airtime.c wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration 2022-12-08 11:23:56 +01:00
cfg.c wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes 2024-04-13 12:59:03 +02:00
chan.c wifi: mac80211: fix use-after-free in chanctx code 2022-06-09 10:21:22 +02:00
debug.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_key.c mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_netdev.c cfg80211/mac80211: add connected to auth server to meshconf 2020-07-31 09:24:24 +02:00
debugfs_netdev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_sta.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2020-03-29 21:25:29 -07:00
debugfs_sta.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c mac80211: fix incorrect strlen of .write in debugfs 2021-02-07 15:37:15 +01:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
driver-ops.c wifi: mac80211: sdata can be NULL during AMPDU start 2023-01-24 07:19:56 +01:00
driver-ops.h mac80211: mark TX-during-stop for TX in in_reconfig 2021-12-22 09:30:50 +01:00
ethtool.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 432 2019-06-05 17:37:16 +02:00
fils_aead.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
fils_aead.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
he.c wifi: mac80211: correctly parse Spatial Reuse Parameter Set element 2024-07-05 09:12:21 +02:00
ht.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
ibss.c wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected 2022-09-08 11:11:40 +02:00
ieee80211_i.h wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc 2024-05-17 11:48:02 +02:00
iface.c kcov: Remove kcov include from sched.h and move it to its users. 2024-05-17 11:48:07 +02:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-02-17 11:02:25 +01:00
key.c mac80211: prevent mixed key and fragment cache attacks 2021-06-03 09:00:29 +02:00
key.h mac80211: prevent mixed key and fragment cache attacks 2021-06-03 09:00:29 +02:00
led.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
led.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
main.c wifi: mac80211: fix memory free error when registering wiphy fail 2022-12-02 17:39:57 +01:00
Makefile mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
mesh_hwmp.c mac80211: fix potential overflow when multiplying to u32 integers 2021-03-04 11:37:32 +01:00
mesh_pathtbl.c wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects 2024-07-05 09:12:20 +02:00
mesh_plink.c wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-05 15:12:23 +01:00
mesh_ps.c mac80211: mesh: fix potentially unaligned access 2021-10-06 15:55:52 +02:00
mesh_sync.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mesh.c wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata 2024-07-27 10:40:17 +02:00
mesh.h mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2023-02-25 11:55:03 +01:00
michael.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
michael.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mlme.c wifi: mac80211: fix MBSSID parsing use-after-free 2022-10-17 17:26:07 +02:00
ocb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
offchannel.c mac80211: Inform AP when returning operating channel 2020-09-28 13:18:53 +02:00
pm.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rate.c mac80211: fix station rate table updates on assoc 2021-02-10 09:29:16 +01:00
rate.h mac80211: populate debugfs only after cfg80211 init 2020-04-24 11:30:13 +02:00
rc80211_minstrel_debugfs.c mac80211: minstrel_ht: rename prob_ewma to prob_avg, use it for the new average 2019-10-11 10:31:45 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: rename prob_ewma to prob_avg, use it for the new average 2019-10-11 10:31:45 +02:00
rc80211_minstrel_ht.c One batch of changes, containing: 2020-05-26 20:17:35 -07:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: rename prob_ewma to prob_avg, use it for the new average 2019-10-11 10:31:45 +02:00
rc80211_minstrel.c mac80211: minstrel: fix tx status processing corner case 2020-11-12 11:25:09 +01:00
rc80211_minstrel.h mac80211: minstrel: remove deferred sampling code 2020-11-12 11:24:43 +01:00
rx.c kcov: Remove kcov include from sched.h and move it to its users. 2024-05-17 11:48:07 +02:00
s1g.c mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
scan.c wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() 2024-07-27 10:40:17 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-02-13 13:55:04 +01:00
sta_info.c wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() 2024-07-05 09:12:20 +02:00
sta_info.h mac80211: fix regression in SSN handling of addba tx 2021-12-22 09:30:50 +01:00
status.c mac80211: fix memory leak on filtered powersave frames 2020-11-12 11:23:58 +01:00
tdls.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
tkip.c mac80211: Fix TKIP replay protection immediately after key setup 2020-01-15 09:52:12 +01:00
tkip.h Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
trace_msg.h mac80211: Increase MAX_MSG_LEN 2019-03-29 11:20:36 +01:00
trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.h wifi: mac80211: fix min center freq offset tracing 2023-05-30 12:57:53 +01:00
tx.c wifi: mac80211: fix race condition on enabling fast-xmit 2024-03-01 13:16:43 +01:00
util.c wifi: mac80211: fix MBSSID parsing use-after-free 2022-10-17 17:26:07 +02:00
vht.c mac80211: don't set set TDLS STA bandwidth wider than possible 2020-12-30 11:53:50 +01:00
wep.c mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wep.h mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wme.c wifi: mac80211: fix qos on mesh interfaces 2023-04-05 11:23:41 +02:00
wme.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wpa.c mac80211: fix use-after-free in CCMP/GCMP RX 2021-10-06 15:55:48 +02:00
wpa.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00