Received: by 2002:a17:90a:1609:0:0:0:0 with SMTP id n9csp836992pja; Wed, 1 Apr 2020 09:35:30 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuRz+JAiRjAACkLhnifH7lLAFohcxHhsEKb7QoUNKdVQBayMit/b7oYKOii5eg5DpgXcysI X-Received: by 2002:a9d:4102:: with SMTP id o2mr7427679ote.98.1585758930502; Wed, 01 Apr 2020 09:35:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585758930; cv=none; d=google.com; s=arc-20160816; b=WJVUjnfur/HxTdifedqKn5N4h/bYsJhgWsHenruY31jDcGliSqkPsClZYnO7alriKi vE8eui8VL1BLSwfI6wZ0Rttaj5crqDc1qWNJN2tDoYt88BCVU5WQczuhEqk+v7bgc+rK KpmvLKVtclbEZ3TDQz7+53UcnN4n4SBCe9bHkO4SrwITHdTt2G/flWUYWKV2riAaSNyk Xb/nZA3dVew4SkxilOxbwbSuph/tIl1m0m8zqim4HGCiQvwQoHxM48s4F9C/3p5p+PW3 Ns7qIgtWayiEjt7qYX9WRExxOqbh3YeOCsbJmPbZulbk/Yhv8gY6jmFTgaxEHq9s4EnP aJiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=sLhM6uatOaomjtvK1kC/jMrIWJawi+/wTlpQdih0qLI=; b=IEzxfCoGWvqlPBnnrDESxKwhKsqX91yGThxLf5bEwekIkXX7GjgDWfjfK8miFD7dXS 9aHfGQ5yWl+F0xvWEIMfbgadEIpAISPtE+qxIWOTjx96vLDF/9x/8dP2og+z3Js78nji hBHgteUS4Xj7JedJGLI8ztp+2xj9tW9+IywCzYtzWuHSrmelpIVe1kZKjE3Roa6Kb/4c D69VssObwrBicQtpeCzQ683rsl58BwDqCr2drgpyu/nveOq0hBoEOxaRBLMxUx9gCskw Hp76aWfZxIHw7yUH74ggfp8OR8wVkcd0eIw4lV97svMrjmjFnrKd9Skqw31/+jOy2oCG aZqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=o9aHwxHe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l10si1119274otn.132.2020.04.01.09.35.18; Wed, 01 Apr 2020 09:35:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=o9aHwxHe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388669AbgDAQed (ORCPT + 99 others); Wed, 1 Apr 2020 12:34:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:33044 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388456AbgDAQea (ORCPT ); Wed, 1 Apr 2020 12:34:30 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8F4732063A; Wed, 1 Apr 2020 16:34:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585758870; bh=EHPeh3/HEfGb5wb72riPyFo6xa6/CpxZftTAu6tRUDU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o9aHwxHekxwTLbmUO1oiHHcIUzr4UWMtLe6SpGawMGNkSSxLECMSPi0PtH4hKrQq5 bzpbQz2fUSueq/lC0h+Q34uJPaKHE1T+1sDpeHdm1TtBfTDMG/nD7YsFwKCvApaAjw j5mAF4nDsNSqzCqEppogz4ARU+ysCg9brJtwdGi0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg Subject: [PATCH 4.4 59/91] mac80211: mark station unauthorized before key removal Date: Wed, 1 Apr 2020 18:17:55 +0200 Message-Id: <20200401161533.422920304@linuxfoundation.org> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200401161512.917494101@linuxfoundation.org> References: <20200401161512.917494101@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream. If a station is still marked as authorized, mark it as no longer so before removing its keys. This allows frames transmitted to it to be rejected, providing additional protection against leaking plain text data during the disconnection flow. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/sta_info.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -2,6 +2,7 @@ * Copyright 2002-2005, Instant802 Networks, Inc. * Copyright 2006-2007 Jiri Benc * Copyright 2013-2014 Intel Mobile Communications GmbH + * Copyright (C) 2018-2020 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -904,6 +905,11 @@ static void __sta_info_destroy_part2(str might_sleep(); lockdep_assert_held(&local->sta_mtx); + while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); + WARN_ON_ONCE(ret); + } + /* now keys can no longer be reached */ ieee80211_free_sta_keys(local, sta);