2017-09-18 06:58:47

by Ganapathi Bhat

[permalink] [raw]
Subject: [PATCH] mwifiex: avoid storing random_mac in private

Application will keep track of whether MAC address randomization
is enabled or not during scan. But at present driver is storing
'random_mac' in mwifiex_private which implies even after scan is
done driver has some reference to the earlier 'scan request'. To
avoid this, make use of 'mac_addr' variable in 'scan_request' to
store 'random_mac'. This structure will be freed by cfg80211 once
scan is done.

Signed-off-by: Ganapathi Bhat <[email protected]>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 11 ++++-------
drivers/net/wireless/marvell/mwifiex/main.h | 1 -
drivers/net/wireless/marvell/mwifiex/scan.c | 3 ++-
3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index ad1ebd8..84c1518 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -2529,15 +2529,12 @@ static int mwifiex_set_ibss_params(struct mwifiex_private *priv,
priv->scan_request = request;

if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
- ether_addr_copy(priv->random_mac, request->mac_addr);
for (i = 0; i < ETH_ALEN; i++) {
- priv->random_mac[i] &= request->mac_addr_mask[i];
- priv->random_mac[i] |= get_random_int() &
- ~(request->mac_addr_mask[i]);
+ request->mac_addr[i] &= request->mac_addr_mask[i];
+ request->mac_addr[i] |=
+ get_random_int() & ~(request->mac_addr_mask[i]);
}
- ether_addr_copy(user_scan_cfg->random_mac, priv->random_mac);
- } else {
- eth_zero_addr(priv->random_mac);
+ ether_addr_copy(user_scan_cfg->random_mac, request->mac_addr);
}

user_scan_cfg->num_ssids = request->n_ssids;
diff --git a/drivers/net/wireless/marvell/mwifiex/main.h b/drivers/net/wireless/marvell/mwifiex/main.h
index a76bd79..a34de85 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.h
+++ b/drivers/net/wireless/marvell/mwifiex/main.h
@@ -680,7 +680,6 @@ struct mwifiex_private {
struct mwifiex_user_scan_chan hidden_chan[MWIFIEX_USER_SCAN_CHAN_MAX];
u8 assoc_resp_ht_param;
bool ht_param_present;
- u8 random_mac[ETH_ALEN];
};


diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index c9d41ed..cddf412 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -1948,7 +1948,8 @@ static void mwifiex_complete_scan(struct mwifiex_private *priv)

adapter->active_scan_triggered = true;
if (priv->scan_request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
- ether_addr_copy(user_scan_cfg->random_mac, priv->random_mac);
+ ether_addr_copy(user_scan_cfg->random_mac,
+ priv->scan_request->mac_addr);
user_scan_cfg->num_ssids = priv->scan_request->n_ssids;
user_scan_cfg->ssid_list = priv->scan_request->ssids;

--
1.9.1


2017-09-20 12:48:24

by Kalle Valo

[permalink] [raw]
Subject: Re: mwifiex: avoid storing random_mac in private

Ganapathi Bhat <[email protected]> wrote:

> Application will keep track of whether MAC address randomization
> is enabled or not during scan. But at present driver is storing
> 'random_mac' in mwifiex_private which implies even after scan is
> done driver has some reference to the earlier 'scan request'. To
> avoid this, make use of 'mac_addr' variable in 'scan_request' to
> store 'random_mac'. This structure will be freed by cfg80211 once
> scan is done.
>
> Signed-off-by: Ganapathi Bhat <[email protected]>
> Reviewed-by: Brian Norris <[email protected]>

Patch applied to wireless-drivers-next.git, thanks.

e251a882c0ba mwifiex: avoid storing random_mac in private

--
https://patchwork.kernel.org/patch/9955573/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

2017-09-18 16:27:04

by Brian Norris

[permalink] [raw]
Subject: Re: [PATCH] mwifiex: avoid storing random_mac in private

On Mon, Sep 18, 2017 at 12:25:02PM +0530, Ganapathi Bhat wrote:
> Application will keep track of whether MAC address randomization
> is enabled or not during scan. But at present driver is storing
> 'random_mac' in mwifiex_private which implies even after scan is
> done driver has some reference to the earlier 'scan request'. To
> avoid this, make use of 'mac_addr' variable in 'scan_request' to
> store 'random_mac'. This structure will be freed by cfg80211 once
> scan is done.
>
> Signed-off-by: Ganapathi Bhat <[email protected]>

Reviewed-by: Brian Norris <[email protected]>