Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp2653240imj; Mon, 11 Feb 2019 06:31:08 -0800 (PST) X-Google-Smtp-Source: AHgI3IYoulIyZ2Qv1YrCr3/x58U/ByCjzSmYum6fKn2UGwc69VL+PTvtDZu/eKOtUQjLBhBRcOC7 X-Received: by 2002:a63:fc59:: with SMTP id r25mr18861697pgk.302.1549895468703; Mon, 11 Feb 2019 06:31:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549895468; cv=none; d=google.com; s=arc-20160816; b=lNmg92A/t9CQd1AW4V+PSLUQgGWMnwk48xKMG9kHxuskhwQqHKNK6g/hpMfLX1aC6W K4YfNtgw28m2qA6r1N3pdlxB+ZDuyTXViKOdjYwoi/flVk03xlT8mrOdq5o+UqEkr6fL iPOCIagw5GVIEWxFqWvK71j8dtUZulboTPCVUjJUWd8ikeVAjQ8TxcIfvQaTg9N2+Zfw ruRO4wXZMmHDbVs2m/NjgZNyPOK+9/x6c2+2s4YC6Khnze+CryU0jW2tXtgD2YRgw8iO hgBkXfYiDCz0Ub3ncmeqqkycLuKSlcD3I0fWuw+N6vCtVK8Mrd1yXE6miP6+vcBmxnlO Yo+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EHxPfoAUV/t1WlC9VyTO6jyC/pm36VW5Oulor3fj+GY=; b=A1AoLYgvRPLChDfoTFdRv8j4M5dJJwCuHoervJ4p5M7jQUlzAdWgc14hqckjDYKOhc 1R2z5GAljHTLsftnjaXquEyE2js37JdyCP9yMg9c/TbVRf627FxMIRwCYH19syOeSmGP tKj9nH1yQ9kH4lDU4vlZonwIvCov8O5WECen1H1dY4rj9cRIRXdxhd/daAa72qi9vHRb x4G9CLKuKwWx2h6ed+OppX0mjnUwddWlFRkhFgdV0bOrRV6GcwjHdOeyMkqjBvexRUix DYl32obyfrjVZkImZ1a/2YhBsRr+IJVdZr4vNxGrZ+xf9a/31jg73l53E5nnWrTRL+vd hOOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aLniGRnw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e15si9871547pgg.281.2019.02.11.06.30.52; Mon, 11 Feb 2019 06:31:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aLniGRnw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728644AbfBKOaT (ORCPT + 99 others); Mon, 11 Feb 2019 09:30:19 -0500 Received: from mail.kernel.org ([198.145.29.99]:36584 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729552AbfBKOaN (ORCPT ); Mon, 11 Feb 2019 09:30:13 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D940D20675; Mon, 11 Feb 2019 14:30:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549895412; bh=ejmSe/8NqA10huS4TsCJLWKtHcDJGmb31xrVEMwle84=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aLniGRnwzQWieFJHUFxTilsIuXz+gSMUcv6Q9lW4Bvy299Tdp1AaVQ4/2BLG6V0hI 7XmV8EiaSL3lIJTT1gzylQNCBaU8pDTQmYguEhCMnm1XCio3CR2lVmu9R41R+FfRCD 5FeT9xB0dcr4jv8QrZYtVD9EQw1aLh4Mhp7IpCa0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ilan Peer , Luca Coelho , Johannes Berg , Sasha Levin Subject: [PATCH 4.20 196/352] mac80211: Properly handle SKB with radiotap only Date: Mon, 11 Feb 2019 15:17:03 +0100 Message-Id: <20190211141859.608082806@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190211141846.543045703@linuxfoundation.org> References: <20190211141846.543045703@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 8020919a9b99d6c990dc6a50e8215e291fbbe5a6 ] The monitor interface Rx handling of SKBs that contain only radiotap information was buggy as it tried to access the SKB assuming it contains a frame. To fix this, check the RX_FLAG_NO_PSDU flag in the Rx status (indicting that the SKB contains only radiotap information), and do not perform data path specific processing when the flag is set. Signed-off-by: Ilan Peer Signed-off-by: Luca Coelho Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/rx.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 428f7ad5f9b5..77d996a60f12 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -753,6 +753,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, struct ieee80211_sub_if_data *monitor_sdata = rcu_dereference(local->monitor_sdata); bool only_monitor = false; + unsigned int min_head_len; if (status->flag & RX_FLAG_RADIOTAP_HE) rtap_space += sizeof(struct ieee80211_radiotap_he); @@ -766,6 +767,8 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, rtap_space += sizeof(*rtap) + rtap->len + rtap->pad; } + min_head_len = rtap_space; + /* * First, we may need to make a copy of the skb because * (1) we need to modify it for radiotap (if not present), and @@ -775,18 +778,23 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, * the SKB because it has a bad FCS/PLCP checksum. */ - if (ieee80211_hw_check(&local->hw, RX_INCLUDES_FCS)) { - if (unlikely(origskb->len <= FCS_LEN)) { - /* driver bug */ - WARN_ON(1); - dev_kfree_skb(origskb); - return NULL; + if (!(status->flag & RX_FLAG_NO_PSDU)) { + if (ieee80211_hw_check(&local->hw, RX_INCLUDES_FCS)) { + if (unlikely(origskb->len <= FCS_LEN + rtap_space)) { + /* driver bug */ + WARN_ON(1); + dev_kfree_skb(origskb); + return NULL; + } + present_fcs_len = FCS_LEN; } - present_fcs_len = FCS_LEN; + + /* also consider the hdr->frame_control */ + min_head_len += 2; } - /* ensure hdr->frame_control and vendor radiotap data are in skb head */ - if (!pskb_may_pull(origskb, 2 + rtap_space)) { + /* ensure that the expected data elements are in skb head */ + if (!pskb_may_pull(origskb, min_head_len)) { dev_kfree_skb(origskb); return NULL; } -- 2.19.1