Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp938230pxv; Fri, 9 Jul 2021 12:48:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwoQEZJHTrcTRkqq19je/FyFZJOFdGkodO1xdr3rHGdg+Eg2NHzX9XORV4hbBnm4fFkVbwN X-Received: by 2002:a05:6402:3454:: with SMTP id l20mr7697058edc.170.1625860128324; Fri, 09 Jul 2021 12:48:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625860128; cv=none; d=google.com; s=arc-20160816; b=bZI4NR1I23q4IcAMA0yiBLzveNhAqWh5MBRljJhSHTYy0j0aVTjiKI14MTFz0sNMdX i1DuE3zucS4Zx8vO5qgmft2vV8m86mI0AdxLF1W04/eg6YSIAHHFvQwR2jzMwFJzI/Jt puEmPOHbm/XRDFy2xlirK6hV7h4Z5P3XW6Eg3Mu1q3OY3ZcuRhUq88jyKgQW+JiTKR6S CHsKKyE7nkm8x1k+UIWs5Juju76WlpSsJtF+sDcmtmDbHJahBt2NiB8uEYJJ3Sq8JYkq ejWhoQvmAMSDKmlGtV6tKnFrrBCZEzLE3S0FEZZxWd6bJF9er2Li47q0EX/45gYC81BU Dk+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=zFraQTlxIKOC9rWgqvN4Foc42UQD7O8NHfZ+X7Ngn7w=; b=FN/GacuvDxAZXw4D2Twj42fXN+7i49mPGTKJbgwQPLGzSJEqfKFYaZxba1fzqg5vjn KrFp0JFHwXG2x3Pg9XQ1oNRWZESAgpdbZw3Lsq2X7cyn5ln0FfTHN930OmTJZjhtpc6b xP9TVu8hbWHaRI4PBd699GS1EXmRmKvm3mshA7Ok9sQ9LNwF3E3rUSUffs2SKeba27PL JDR1IVMojVP7i5DQuCezgSWlMKP9vFS4npGXC2PmTbQ1IdMck/cNwN6BFGJZCrf2xIyZ ROPq3Y/uJ083X3ikUBo4/UbK0wiYq30PMVbpnBROIUnkk8bXmo+K9yuF3eBjHAhY2Stf yCSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZXzaINna; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cw17si8245720ejc.348.2021.07.09.12.48.24; Fri, 09 Jul 2021 12:48:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZXzaINna; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229542AbhGITvE (ORCPT + 99 others); Fri, 9 Jul 2021 15:51:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229459AbhGITvE (ORCPT ); Fri, 9 Jul 2021 15:51:04 -0400 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 708EBC0613DD; Fri, 9 Jul 2021 12:48:19 -0700 (PDT) Received: by mail-pf1-x436.google.com with SMTP id m83so2015282pfd.0; Fri, 09 Jul 2021 12:48:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zFraQTlxIKOC9rWgqvN4Foc42UQD7O8NHfZ+X7Ngn7w=; b=ZXzaINnaIl6OF7u6G9n7DO5c7cT2Xpc30+Cp5CyvLS2VEeHDjjfQOldFaUu1QzrVS+ 4dVUazGpvY3HzMPWv1HtSfukiiojTqGqby6PL0QqTHO+8yIIgOO12CvQB35Cb9eMN62a LTytVq7QzBr3fsoPCFhtvoZljdUFepTL/Se7bRCaLazkiNwyXektGGSYBFiXDbjtMtRX g4xAehs3m0RV0bQ3F/j0/IaD8f9+kp0w9xWPsFkbuBoX6JfECeui7U3kDpQhgJyFd4G6 NxnKPY+Vtm38G4xVFO+IJgAH9NAdmTqyApbSM/jN72XQOA5xDgsV5OpUyNVWevw1M5At gq4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zFraQTlxIKOC9rWgqvN4Foc42UQD7O8NHfZ+X7Ngn7w=; b=SOZIbx8z1FPxkULFLOchPIYN6dv6W2SrFlrLuYFKqPMtcuhEr/Eh0eqt+QwCC74hTN bKmrZX5vHLR/3jKHfpVTAp2LEKqiyzRFqh70eShECzph+CYWm5pWv6Ne+AF1tpdLgMOE f1Mtj9dBQBOP/VuzaxLAwkBCfoJq1TRJoYowD7Za5Ti+n/OpXqcIjPUwb91LDiAm7qDw meUovZKg3Uo5CmwOanJ/IksC+FHWCv4Pc49r4hYO1U6aI7h4upy3MAfHwBKVYZKOQt0g 2V9yxB5nmzcNeZaT5/B6Q6SLpN7LHYLnft0U7nKbMisNRi8vFs0WdNezbsQIeUS3nS25 xG4Q== X-Gm-Message-State: AOAM532dncJpeo4yQSoONkeR6TeQH2H+gvHeA5shP8ChswosvvG9rE2y BhfxKxez3Zu2kidlJTHabUIOqdfA2wCtHx2XxYX5fOaJee4= X-Received: by 2002:a63:f65:: with SMTP id 37mr39838066pgp.367.1625860098775; Fri, 09 Jul 2021 12:48:18 -0700 (PDT) MIME-Version: 1.0 References: <872e3ea6-bbdf-f67c-58f9-4c2dafc2023a@nbd.name> <56afa72ef9addbf759ffb130be103a21138712f9.camel@sipsolutions.net> In-Reply-To: <56afa72ef9addbf759ffb130be103a21138712f9.camel@sipsolutions.net> From: Davis Mosenkovs Date: Fri, 9 Jul 2021 22:48:06 +0300 Message-ID: Subject: Re: Posible memory corruption from "mac80211: do not accept/forward invalid EAPOL frames" To: Johannes Berg Cc: Felix Fietkau , Greg Kroah-Hartman , linux-wireless@vger.kernel.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 2021-07-02 at 09:54 Johannes Berg () wrote: > > > If testing procedure mentioned in my first email is sufficient (and > > using skb->data is the correct solution in kernel trees where current > > code doesn't work properly), I can make and test the patches. > > Should I do that? > > Yes, please do. > > Thanks, > johannes > I have done the testing on kernel versions 4.4.274, 4.9.274, 4.14.238, 4.19.196, 5.4.130, 5.10.48, 5.12.15 and 5.13.1. Only kernels 4.4.274, 4.9.274 and 4.14.238 are affected. On kernels 4.19.196, 5.4.130, 5.10.48, 5.12.15 and 5.13.1 current code works properly (and skb->data produces incorrect pointer when used instead of skb_mac_header()). I have submitted patches for the affected kernel versions: https://lore.kernel.org/r/20210707213800.1087974-1-davis@mosenkovs.lv https://lore.kernel.org/r/20210707213820.1088026-1-davis@mosenkovs.lv https://lore.kernel.org/r/20210707213834.1088078-1-davis@mosenkovs.lv Best regards, Davis