Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5890741ybp; Tue, 8 Oct 2019 09:45:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqw1lwjiSA34mIyD7zdsYrlUK96kxYE+il7XwIz//9kNXHsmYUQL2RMKbPE9bDFYGR4NvoBm X-Received: by 2002:aa7:cd18:: with SMTP id b24mr34708655edw.181.1570553113511; Tue, 08 Oct 2019 09:45:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570553113; cv=none; d=google.com; s=arc-20160816; b=m8eydgQ7EMRy2OEEbChCIHSgExynsMz0GwhB8yBSdEysQA1DCfNTbzFeJsmRxaZESE tiLSxeXmdSds+ZfmFSgTUpTAB9JUqyneC/8/rRlljhBoF8yE9q/ms7/3gVCYcK+Eub11 qD//ODeE0dTQOn6/HOm43k+GgrO6UNIOVFQgFLOi4QMzH8tv8hp6LDDbAs7cdq0QD0um b1aLn7VNtgzUlIz41fm5KgGPTWprP73CuulBX2MTINdbPB/sryRBKPBC4qr/EefDyLex BB9DWVJ0xUMzKQde/L/DX5alOPCM+MH5HP5fJy9wPGJuYaAFxc1C+RUVQ/9wTbHR/AC+ oqUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=vS/5fB54XstU4rdvgpJKZPrhcUUHcFJDqzPvMYzq7Aw=; b=C8K2VAcZYZJ+wpRMPECVpDPFWdCf8h1OVpIjpXIy0znEVnlrBFQPOj9KMNCieABN4t FBNLghmOGsN4COQhLky9fsbUW+rXZmqWkS41pu3LfOWwBkbtiG9qS5ii/IKpMgK5qGwL fu0VyXqgv+zw9h2xpC/zo/CU2iyyMhob50qcMFGNKHf5UXyXVxZ8A0V2qO4ne4jO92SN fxU4UA+FCZ3+Yfkq7jR7nL7F3Isg93QrGRdcrC1nhmzwP8lxDWXG7JgRvKo0j0rlA7dm /8bPckOLtQ64meKQppTnR19M3IG/pdKKkquXpzBia+n42IgvKJ62HzrwmyJI7ITqrqs/ Ag1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dmqKzUE9; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id qn13si9082712ejb.114.2019.10.08.09.44.44; Tue, 08 Oct 2019 09:45:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dmqKzUE9; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729206AbfJHQnd (ORCPT + 99 others); Tue, 8 Oct 2019 12:43:33 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:36983 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727514AbfJHQnd (ORCPT ); Tue, 8 Oct 2019 12:43:33 -0400 Received: by mail-ot1-f66.google.com with SMTP id k32so14583436otc.4; Tue, 08 Oct 2019 09:43:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vS/5fB54XstU4rdvgpJKZPrhcUUHcFJDqzPvMYzq7Aw=; b=dmqKzUE9oRZZBh7/aqQoqcQw7cmx9ZH8reWN0u5DAQ1yhGtTTDAfVtLTtDVQk3kZ71 FLDy/oU/nkBnpvRU2nNbRHRbk8khRAwLeJ9frv/61Vhp8Mc7OuFpkxPBWeXkmieiOQfn Vjzoga+VgBNxrsz2HzB9o9wHPb2Irhnw6QyFqN5us7cXz5dUswzmrZwr4V9cf5Aimigz ftWa/J98qlgoDbr+mxKh8j3cqPiR6oHame+DRdEQ4nE9UDzE4qLQ/eT7rkBgCDU6gg0l vAT1P9j7awYGpupDYnYx+OtrmlhysiaCmsKrTHn9rMDgz+cUiuqHVU1yCO0zyzIvqxL9 1L8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vS/5fB54XstU4rdvgpJKZPrhcUUHcFJDqzPvMYzq7Aw=; b=JzWP3vYJs7HW3FNJZOozUQBP2UJSX0KiijxJEXHVjo/TOesnDTDHB9xmpSsKzjjDhl wyVfB9XU6bx4cGiFnHSc1oyp3mY+qYrOHlhWCye/QF/0ebRu5bCWQsOzcUGctlZVnHCj yB066udb4eBnaUl9hKEcTK/muyVzyzUqKuBVCjXgi+6jTHfjkWJEg8gaTGa5KIBa3KSr tOaAnQiajx8H5G5AevvUO6gH3xsiigjANd1Gip2qIhdAcRv2nr9PYJKT29/gmath62hJ jRGyhD2Ryim69bAHwXhngTqZadbHqdpvbwgC7zv7jV2emSl9vaYkqiQVMmnkZMSRNJz9 Yc/A== X-Gm-Message-State: APjAAAUMmnwReKUB5Noz7IeCYlgHrq19foZlSESAC4kMJeEpumZEUA6X 7o2WQ3HLUJByKurZdPc2q+NlhQJS X-Received: by 2002:a9d:6155:: with SMTP id c21mr16819491otk.370.1570553010857; Tue, 08 Oct 2019 09:43:30 -0700 (PDT) Received: from localhost.localdomain (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242]) by smtp.gmail.com with ESMTPSA id j31sm5680961ota.13.2019.10.08.09.43.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 08 Oct 2019 09:43:30 -0700 (PDT) From: Denis Kenzior To: linux-wireless@vger.kernel.org, johannes@sipsolutions.net Cc: Denis Kenzior , stable@vger.kernel.org Subject: [PATCH] mac80211: More strictly validate .abort_scan Date: Tue, 8 Oct 2019 11:33:24 -0500 Message-Id: <20191008163324.2614-1-denkenz@gmail.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org nl80211 requires NL80211_CMD_ABORT_SCAN to have a wdev or netdev attribute present and checks that if netdev is provided it is UP. However, mac80211 does not check that an ongoing scan actually belongs to the netdev/wdev provided by the user. In other words, it is possible for an application to cancel scans on an interface it doesn't manage. Signed-off-by: Denis Kenzior Cc: stable@vger.kernel.org --- net/mac80211/cfg.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 70739e746c13..ece344f9e9ca 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2333,7 +2333,13 @@ static int ieee80211_scan(struct wiphy *wiphy, static void ieee80211_abort_scan(struct wiphy *wiphy, struct wireless_dev *wdev) { - ieee80211_scan_cancel(wiphy_priv(wiphy)); + struct ieee80211_local *local = wiphy_priv(wiphy); + struct ieee80211_sub_if_data *sdata = + IEEE80211_WDEV_TO_SUB_IF(wdev); + bool cancel_scan = rcu_access_pointer(local->scan_sdata) == sdata; + + if (cancel_scan) + ieee80211_scan_cancel(local); } static int -- 2.21.0