Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1130254iob; Wed, 4 May 2022 15:31:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxoSCrTU+U7WND3XRELsfafkJWA+EZDy4ebjFV3WiIjmwdRvePAGItdyjOXvgf5Cs7HP4Cz X-Received: by 2002:a05:6402:5253:b0:427:ed62:bb8b with SMTP id t19-20020a056402525300b00427ed62bb8bmr10214832edd.65.1651703461513; Wed, 04 May 2022 15:31:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651703461; cv=none; d=google.com; s=arc-20160816; b=UDjdZjuGo3FxX98seb8JNzLFUHaEnpN2UVLplaJViPDJ8pFjua6EwntqjIKoYPaSkI IcBHgmEhgSEgqCKXBjzLf0s4RvohaqWDGol7seGUPb0SMliCfTwF6djIHa79avXdT85n Dgi2IDl1bRxf3wprXCTnUPVzRaVY9Odf+2peMNOl3jXMgfYq63nN4PUDDwyk10EpXuTr Nf4taqMclG67xltp5cRatCeb55X7/033vTSuHz5t7GPzIVmhmNYnGMueZyRQhAfjYVYB ZNreMY9rfVcWIfZ9vsR6BY/x7K8vHldmwal5r2iQVUAWggerwIVLuWM2e6ytfd+ZZKyO vSwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=aWamwzX0FkF0yS1OimhK3VkimwTMBgQYFS/tQnaDkFs=; b=D9pDhC1avkYuBEts8W89uoFFiRJ6tSH24gXq2pByiorBmyPeL8XzPOK0e2Y47D16w5 WxqeaKH3hyqzrJ91xCeDbVF0pKvz18gVRBzgcnljzhR63MHiFz+FN3Z2NCkDJG1FMRIT cvLl05xMvrHvUfxT+jWzybhBKHuVQqqmsJCzKifz4SjSwu3d3TUY9WZ8rE/SpgqCKE3/ ytswjZQkVvKydmTZWznu5Kdw924d/gtlXyiLBKN/P5P9at9PZf4FBidiHmLZWSfNP1VW RwPYAKb0fO3e8MBluEX2RSlsUdeti9WgYCtgTzCxTuRd+i6piFnwuJTnUBk6vQpz5xI0 ktYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=dGpSWPjb; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h12-20020a1709060f4c00b006e7bf1f2e41si114078ejj.628.2022.05.04.15.30.35; Wed, 04 May 2022 15:31:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=dGpSWPjb; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230058AbiEDU6n (ORCPT + 68 others); Wed, 4 May 2022 16:58:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378414AbiEDU6l (ORCPT ); Wed, 4 May 2022 16:58:41 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D43D6517D1 for ; Wed, 4 May 2022 13:55:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=Content-Transfer-Encoding:MIME-Version: Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To: Resent-Cc:Resent-Message-ID; bh=aWamwzX0FkF0yS1OimhK3VkimwTMBgQYFS/tQnaDkFs=; t=1651697702; x=1652907302; b=dGpSWPjbYlHey7SVvBN9nzS0ICPiAUr1TqIXdXYQ70sqGXi 7QNMV3Fh/HIVyU3kepQmhEGDEbwvUT/pM/LyyjmXE/vui9tHdaDiyhuzPjO/d7XdLIfgrsvX6UnZq HBMnzBPpNWHeO/q9SAFFlIThJpgsur1Pf09cFn3HewYSrYGmI0qFTg/xpssjTslnYHPUyO/hr1YB+ hF8haA4ESYOZIh2wManDC5hU/V8oxm4Ul0SL1D5jkOWSqxQkTjzaIPy+Xljx1YLhf1Qd6Sf0V+Tq/ N7pJTA5ZQFzfYF8/0LUQ399ghCCt9qbgsXDBtZvD6ltZJQ7MvpiqYKDa/r/PFwmA==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.95) (envelope-from ) id 1nmM1U-002CYm-Dw; Wed, 04 May 2022 22:55:00 +0200 Message-ID: Subject: Re: [PATCH v2] cfg80211: Add support for sending more than two AKMs in crypto settings From: Johannes Berg To: Veerendranath Jakkam Cc: linux-wireless@vger.kernel.org Date: Wed, 04 May 2022 22:54:59 +0200 In-Reply-To: <1650344143-1615-1-git-send-email-quic_vjakkam@quicinc.com> References: <1650344143-1615-1-git-send-email-quic_vjakkam@quicinc.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 (3.42.4-2.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-malware-bazaar: not-scanned X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org I don't know why, but this patch seems to cause memory corruption and various issues when I run the hwsim tests. I did make a few minor changes, but I think those were OK. > --- a/include/net/cfg80211.h > +++ b/include/net/cfg80211.h > @@ -1112,7 +1112,7 @@ struct cfg80211_crypto_settings { > int n_ciphers_pairwise; > u32 ciphers_pairwise[NL80211_MAX_NR_CIPHER_SUITES]; > int n_akm_suites; > - u32 akm_suites[NL80211_MAX_NR_AKM_SUITES]; > + u32 *akm_suites; I made this const, that required a bit of juggling in the wext code, but it's probably still better overall. > > + /* > + * Maximum number of AKM suites allowed for NL80211_CMD_CONECT, > + * NL80211_CMD_ASSOCIATE and NL80211_CMD_START_AP, must be at least > + * NL80211_MAX_NR_AKM_SUITES to avoid issues with legacy userspace. > + */ > + if (WARN_ON(wiphy->max_num_akm_suites && > + wiphy->max_num_akm_suites < NL80211_MAX_NR_AKM_SUITES)) > + return -EINVAL; I made it so here if it's 0 we set it to NL80211_MAX_NR_AKM_SUITES, that way we don't need to have all the questions about it being 0 later. > + if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES, > + rdev->wiphy.max_num_akm_suites ? > + rdev->wiphy.max_num_akm_suites : > + NL80211_MAX_NR_AKM_SUITES)) > + goto nla_put_failure; e.g. here, that was then without the ternary operator > + int max_num_akm_suites = NL80211_MAX_NR_AKM_SUITES; > > data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); > len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); > @@ -10261,10 +10269,13 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, > if (len % sizeof(u32)) > return -EINVAL; > > - if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES) > + if (rdev->wiphy.max_num_akm_suites) > + max_num_akm_suites = rdev->wiphy.max_num_akm_suites; > + > + if (settings->n_akm_suites > max_num_akm_suites) > return -EINVAL; > > - memcpy(settings->akm_suites, data, len); > + settings->akm_suites = data; and all that complexity also goes away > + if (connect->crypto.n_akm_suites) { > + wdev->conn->params.crypto.akm_suites = > + kcalloc(connect->crypto.n_akm_suites, sizeof(u32), > + GFP_KERNEL); > + if (!wdev->conn->params.crypto.akm_suites) { > + cfg80211_sme_free(wdev); > + return -ENOMEM; > + } > + > + wdev->conn->params.crypto.n_akm_suites = > + connect->crypto.n_akm_suites; > + memcpy(wdev->conn->params.crypto.akm_suites, > + connect->crypto.akm_suites, > + sizeof(u32) * connect->crypto.n_akm_suites); I made this use kmemdup(), I don't think it makes a big difference. Anyway, it crashes. Perhaps an invalid free, because the middle of some netlink packet is being freed or so? Please check. johannes