From patchwork Sat Mar 19 02:11:28 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bob Copeland X-Patchwork-Id: 8624621 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id BEC42C0553 for ; Sat, 19 Mar 2016 02:11:57 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id E401520429 for ; Sat, 19 Mar 2016 02:11:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 17ABF20425 for ; Sat, 19 Mar 2016 02:11:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754439AbcCSCLs (ORCPT ); Fri, 18 Mar 2016 22:11:48 -0400 Received: from mail-qg0-f65.google.com ([209.85.192.65]:33967 "EHLO mail-qg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754062AbcCSCLm (ORCPT ); Fri, 18 Mar 2016 22:11:42 -0400 Received: by mail-qg0-f65.google.com with SMTP id j92so6595932qgj.1 for ; Fri, 18 Mar 2016 19:11:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bobcopeland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jaHHQetqzG7iKIJOqiYRZb+iNgNlXdwKqu3oJshjij8=; b=X45bbMk0P9J29VgCv8puWB6hyOskdiqz3TwvXMTssYcm8HztZXAD74tPrUGNnPBFfb S23+r5D6zlbVCjRaNgvMK4IG3aXwhnZt6BxzTUfBMib/txW3/2Z6z74XddfXvJepTxFp vz62VuOqJoKA5aXveijQ9pRnsOhaIIXgsxOF9vmUsx7Eb+8bssjhbOdJ6Vt91hn5ycel 4aEi+u80qqMxSxa8YyN7E/0pin0YmuE8ESNoQn84bTsW7URISBi7Vg/Kmtyrlam4m80f t8Wo1dHkafn0PNoJ85UYuVZ4FAUYMvnLsd0zighiPuRUEzvB2GGV45zciC1JXjdzu4cx HDaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jaHHQetqzG7iKIJOqiYRZb+iNgNlXdwKqu3oJshjij8=; b=GNBfDXrqvFdfm5qwngnZmDVP96vc7KJu8mlAoDbj8w5vCRPytjLLnt1aDyfbjzLDnY GQTXijzHb2rqAJSWfW3B181eehyF5IeA9vt03n1zYYbp2IZ+exp4Vo9IFn45sv4NYc5A 8xkuwry0LaKLBEn2/alznok4v5X2hFKdWpa27m74XFq2OGwphQ1TDN2B78bl18Vsz7fa H10KzGli9gMoqCIMoRNkiAaJP2jpou4YTjVmieA6Ztd0BqGRAbA4OxdJB0qpbjhvKBhk QFmalkjy/fLsHCslrH7EhEDuyo1xQTRVeDlpN5iO73WCVp9HsZtpnOzZCOV68mMPw6GF NVKA== X-Gm-Message-State: AD7BkJKHRqyM/06kEOlaCzP8qRPvEnAdcPNXjfPLOAbnL4+kcO8+SEWd86PJl78yf53ARg== X-Received: by 10.140.101.238 with SMTP id u101mr26485387qge.33.1458353501576; Fri, 18 Mar 2016 19:11:41 -0700 (PDT) Received: from hash ([2001:470:1d:6db:230:48ff:fe9d:9c89]) by smtp.gmail.com with ESMTPSA id v74sm7305239qkl.36.2016.03.18.19.11.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Mar 2016 19:11:41 -0700 (PDT) Received: from glass.lan ([192.168.1.51] helo=glass) by hash with esmtp (Exim 4.84_2) (envelope-from ) id 1ah6MS-00053w-GB; Fri, 18 Mar 2016 22:11:28 -0400 Received: from bob by glass with local (Exim 4.86) (envelope-from ) id 1ah6Md-0002GO-Kh; Fri, 18 Mar 2016 22:11:39 -0400 From: Bob Copeland To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Bob Copeland Subject: [PATCH 1/5] mac80211: mesh: handle failed alloc for rmc cache Date: Fri, 18 Mar 2016 22:11:28 -0400 Message-Id: <1458353492-8654-2-git-send-email-me@bobcopeland.com> X-Mailer: git-send-email 2.6.1 In-Reply-To: <1458353492-8654-1-git-send-email-me@bobcopeland.com> References: <1458353492-8654-1-git-send-email-me@bobcopeland.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the unlikely case that mesh_rmc_init() fails with -ENOMEM, the rmc pointer will be left as NULL but the interface is still operational because ieee80211_mesh_init_sdata() is not allowed to fail. If this happens, we would blindly dereference rmc when checking whether a multicast frame is in the cache. Instead just drop the frames in the forwarding path. Signed-off-by: Bob Copeland --- net/mac80211/mesh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index a216c439b6f2..d0d8eeaa8129 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -220,6 +220,9 @@ int mesh_rmc_check(struct ieee80211_sub_if_data *sdata, u8 idx; struct rmc_entry *p, *n; + if (!rmc) + return -1; + /* Don't care about endianness since only match matters */ memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum)); idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;