2023-09-26 04:35:12

by Stephen Rothwell

[permalink] [raw]
Subject: linux-next: manual merge of the wireless-next tree with the wireless tree

Hi all,

Today's linux-next merge of the wireless-next tree got a conflict in:

net/mac80211/key.c

between commits:

31db78a4923e ("wifi: mac80211: fix potential key use-after-free")
d097ae01ebd4 ("wifi: mac80211: fix potential key leak")

from the wireless tree and commit:

2a8b665e6bcc ("wifi: mac80211: remove key_mtx")

from the wireless-next tree.

I fixed it up (I think - see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging. You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.

--
Cheers,
Stephen Rothwell

diff --cc net/mac80211/key.c
index 0665ff5e456e,ac410f6632b5..000000000000
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@@ -881,21 -875,20 +880,22 @@@ int ieee80211_key_link(struct ieee80211

if (link_id >= 0) {
link_sta = rcu_dereference_protected(sta->link[link_id],
- lockdep_is_held(&sta->local->sta_mtx));
+ lockdep_is_held(&sta->local->hw.wiphy->mtx));
- if (!link_sta)
- return -ENOLINK;
+ if (!link_sta) {
+ ret = -ENOLINK;
+ goto out;
+ }
}

- old_key = key_mtx_dereference(sdata->local, link_sta->gtk[idx]);
+ old_key = wiphy_dereference(sdata->local->hw.wiphy,
+ link_sta->gtk[idx]);
} else {
if (idx < NUM_DEFAULT_KEYS)
- old_key = key_mtx_dereference(sdata->local,
- sdata->keys[idx]);
+ old_key = wiphy_dereference(sdata->local->hw.wiphy,
+ sdata->keys[idx]);
if (!old_key)
- old_key = key_mtx_dereference(sdata->local,
- link->gtk[idx]);
+ old_key = wiphy_dereference(sdata->local->hw.wiphy,
+ link->gtk[idx]);
}

/* Non-pairwise keys must also not switch the cipher on rekey */
@@@ -910,10 -901,10 +910,8 @@@
* Silently accept key re-installation without really installing the
* new version of the key to avoid nonce reuse or replay issues.
*/
-- if (ieee80211_key_identical(sdata, old_key, key)) {
- ret = -EALREADY;
- goto unlock;
- ieee80211_key_free_unused(key);
- return 0;
-- }
++ if (ieee80211_key_identical(sdata, old_key, key))
++ return -EALREADY;

key->local = sdata->local;
key->sdata = sdata;
@@@ -936,13 -927,6 +934,10 @@@
ieee80211_key_free(key, delay_tailroom);
}

+ key = NULL;
+
+ out:
+ ieee80211_key_free_unused(key);
- unlock:
- mutex_unlock(&sdata->local->key_mtx);
-
return ret;
}


Attachments:
(No filename) (499.00 B)
OpenPGP digital signature