Received: by 2002:a17:90a:1609:0:0:0:0 with SMTP id n9csp847104pja; Wed, 1 Apr 2020 09:46:02 -0700 (PDT) X-Google-Smtp-Source: ADFU+vukpgXs/Vt9da7UBYFq1YfF8uvGZghom11qdddnjH04I4U23XionlMtNSZzRZDuCgS9XlNs X-Received: by 2002:a9d:4f0:: with SMTP id 103mr17210573otm.336.1585759562103; Wed, 01 Apr 2020 09:46:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585759562; cv=none; d=google.com; s=arc-20160816; b=SADixrH91xHvS09cd3HQ8NtBb6Y3GNTwwEHlLr+eUne4/JCYNMuoyfYl7xmpgFxL7O LpCRfZ3Rrf8QfiCLMkE99kFSy9Y8RV8/BZx1szTX2aBguKOXsvh0ocW0pz14g+1CtWNs KjnP4glNHUWrMtOcB4MUuefFkoIJVdFx3uoW2NJhDkCMhDzS29ZS9OS6mHVZPeuZQnww 2UC6aNKIlU1Rdc7bM1BKEHPT1n92e8z+7f2Y+TQG/GchaxFWP75FIGP4VViRLiRr3R3P w8bFh97ONK63s6Mia+wCor5U/Ub1j/NvJKI65gn5JblAPZQQF/p8+/oq/gFJkgjs+Crz n87w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=mFGXScXErRmReKtjSDPuJ7/qVDsHOb2PXwy3DyS8ftw=; b=dHFHlwxXsUht1MuC8VLAS4i2jZ4J3BrlpqjTpuNfJm0FJtz7BWKOfhjx3Q7GykbBmO NXoyriSxXYMmpx9SD0cafnBBnty/ZcUE5nsIGrm52/bPlwIWLRhzeCnXMFcRgRRFy73p zJTYaI4/fr7fjudPIUGkCcJQEXQRws9Q2da2MRr56jXNrrMerJhp+DYVwVMiQBM5u8NP WQaLRCa+eAgVJxKL5jxSf6PCILMICyDIP2LQesoRyeFLFVVRjv/Y6xRFI6v34mTV8ZFV AEopyKfNq1uAnuL4o9PG5fOm9wlTZeBFRG4bC/JOtj6Kj8OOJ9J/iKvgeHhcn9k6PrwP PhyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FmAWbIV5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u8si1002473ote.311.2020.04.01.09.45.49; Wed, 01 Apr 2020 09:46:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FmAWbIV5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389790AbgDAQo4 (ORCPT + 99 others); Wed, 1 Apr 2020 12:44:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:46026 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389786AbgDAQoy (ORCPT ); Wed, 1 Apr 2020 12:44:54 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C32C120719; Wed, 1 Apr 2020 16:44:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585759494; bh=XvHQyiQydphPefD+h6BTBcAHzrhmw4kWpystoqDYjlw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FmAWbIV539yb03C0gxJmVm/xyCKPHR9hgXcKZ0oCxiGe1ZbrQGIi+V0ADJfK0xj0k j19MFhTA5EkCjZC2EM1fkUY2Ewl06b/4yI6e5u1SECuNe2IbS5CzPRXdpbqOEkQhl0 VRKOP0/U1lVL+wZw0KAKOM9Gntj8sgW8Zww8vZl8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Johannes Berg Subject: [PATCH 4.14 097/148] mac80211: mark station unauthorized before key removal Date: Wed, 1 Apr 2020 18:18:09 +0200 Message-Id: <20200401161602.187233939@linuxfoundation.org> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200401161552.245876366@linuxfoundation.org> References: <20200401161552.245876366@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Johannes Berg commit b16798f5b907733966fd1a558fca823b3c67e4a1 upstream. If a station is still marked as authorized, mark it as no longer so before removing its keys. This allows frames transmitted to it to be rejected, providing additional protection against leaking plain text data during the disconnection flow. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200326155133.ccb4fb0bb356.If48f0f0504efdcf16b8921f48c6d3bb2cb763c99@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/sta_info.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -3,6 +3,7 @@ * Copyright 2006-2007 Jiri Benc * Copyright 2013-2014 Intel Mobile Communications GmbH * Copyright (C) 2015 - 2017 Intel Deutschland GmbH + * Copyright (C) 2018-2020 Intel Corporation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -951,6 +952,11 @@ static void __sta_info_destroy_part2(str might_sleep(); lockdep_assert_held(&local->sta_mtx); + while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); + WARN_ON_ONCE(ret); + } + /* now keys can no longer be reached */ ieee80211_free_sta_keys(local, sta);