Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp2833601pxv; Mon, 12 Jul 2021 03:05:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx902ao6Gixw75/1xWcNtKQqDe8V9xrJ81PlxvnCGWNH3Voe1q1AJ8XUp0VObtyrjbWEizE X-Received: by 2002:a05:6602:3404:: with SMTP id n4mr19757636ioz.19.1626084319328; Mon, 12 Jul 2021 03:05:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626084319; cv=none; d=google.com; s=arc-20160816; b=fSLjGZyNLTypIvUygZvqMgE1bloroAhkzfB4H8oFuXkw4rtgoi22RSMh8D2XLloDO1 PDmh+QNVVoEYOpkPH2gHj9a37lr8k9sIkVgvL6a1GTbTZLy8+i2xm422nE1q81lSbXRO 6ZAYpgjRnuZIBQfSI5ggphsz0MphvDtzs89ROTXee5aMT7c3azJsZYPnjaaciZdEERlO P+GIV0e9klNbIJHGukHcCfEAsZixJaCMfUcA93KuTG13zrS478vcUnIvuq6NisIlfcW7 9e3WlJ0Fw64uOhcLo/9EFkVyiImKhHRCPfLN0n0EHdKb9yCDdW+zLxxyE/ZFDlNFd1/d cKrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qKLCCr6Jtw4ozwFasxqRweCFafh1Iz2aXFx5U/G67CE=; b=xOdHmoZD4MTZnpVyDFevkhbvLGWlId3YqP8BWtQmXiXU+PvPAAAtcVE42CRqmGWu28 Ugd9DfCuY/8HfuAQeswefAbhhZwTNzyX7/DYr6JCPOtoxjtHJf5YmiMShNWumXRt2CEe jfyN2N3cgNKY2tdA4B+fjUGvrlC+Ocm8C4QnuNDGBee/sm3bHqbuXrbGVjedFPdAVNFk YFZ059frR6MO0vast4D1XVQwZ6Yo+Uzo+ItU8a6+Q2e8qsANwdE+eirr/nlqWWF1Y76c /YzflMUaXS3iQuIBYiuiNzDzbg7pWdV1fjdAJGVZA9lmbQMPOpN4Fm2355GnXSd5C05j PfJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aqi0PD5N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l12si17032744jaj.28.2021.07.12.03.05.07; Mon, 12 Jul 2021 03:05:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aqi0PD5N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345073AbhGLHYu (ORCPT + 99 others); Mon, 12 Jul 2021 03:24:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:59236 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239586AbhGLG6J (ORCPT ); Mon, 12 Jul 2021 02:58:09 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 37585613EC; Mon, 12 Jul 2021 06:55:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626072914; bh=Kuh6woRRTHxGDo2eMaqmBi9aEAcP8QHgJop9o5uz9Ak=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aqi0PD5NpMyiAyt+y+tIxlVnTvg3xZmAN467J03kqOxHHxRdEdDR3xaO7x2iyYfhB jgPxNUOcA9G2vI4LPHVO+NJavtXbDAcamnjqD4T5N5uQPC30jJ4VzVh5sb9PUO9wyq IVowiGWfMO4IwIaRwFAnJmy2aIziRE0B3z/hGU4w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Abinaya Kalaiselvan , Johannes Berg Subject: [PATCH 5.12 063/700] mac80211: fix NULL ptr dereference during mesh peer connection for non HE devices Date: Mon, 12 Jul 2021 08:02:26 +0200 Message-Id: <20210712060933.646898965@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210712060924.797321836@linuxfoundation.org> References: <20210712060924.797321836@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Abinaya Kalaiselvan commit 95f83ee8d857f006813755e89a126f1048b001e8 upstream. "sband->iftype_data" is not assigned with any value for non HE supported devices, which causes NULL pointer access during mesh peer connection in those devices. Fix this by accessing the pointer after HE capabilities condition check. Cc: stable@vger.kernel.org Fixes: 7f7aa94bcaf0 (mac80211: reduce peer HE MCS/NSS to own capabilities) Signed-off-by: Abinaya Kalaiselvan Link: https://lore.kernel.org/r/1624459244-4497-1-git-send-email-akalaise@codeaurora.org Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/he.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/mac80211/he.c +++ b/net/mac80211/he.c @@ -111,7 +111,7 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct struct sta_info *sta) { struct ieee80211_sta_he_cap *he_cap = &sta->sta.he_cap; - struct ieee80211_sta_he_cap own_he_cap = sband->iftype_data->he_cap; + struct ieee80211_sta_he_cap own_he_cap; struct ieee80211_he_cap_elem *he_cap_ie_elem = (void *)he_cap_ie; u8 he_ppe_size; u8 mcs_nss_size; @@ -123,6 +123,8 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct if (!he_cap_ie || !ieee80211_get_he_sta_cap(sband)) return; + own_he_cap = sband->iftype_data->he_cap; + /* Make sure size is OK */ mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap_ie_elem); he_ppe_size =