From patchwork Tue Aug 27 22:41:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 11117603 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5B64A174A for ; Tue, 27 Aug 2019 22:46:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 39FD222CBB for ; Tue, 27 Aug 2019 22:46:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aCPKU9PZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726363AbfH0Wqo (ORCPT ); Tue, 27 Aug 2019 18:46:44 -0400 Received: from mail-oi1-f195.google.com ([209.85.167.195]:45379 "EHLO mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725992AbfH0Wqo (ORCPT ); Tue, 27 Aug 2019 18:46:44 -0400 Received: by mail-oi1-f195.google.com with SMTP id v12so546643oic.12; Tue, 27 Aug 2019 15:46:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=NRN9jDgZzBZ969hO8AcW+KEvnXMsADWSJP11xMrYntw=; b=aCPKU9PZaiCMIp8KlGaLbwABbNDg0quQmiEUZ54F8QCVpaBDMnSdm6i5C2dyp/7vxO NKl1n+kxWU0P79j6IHsJ8yICJatXJ+DumGLBIY/gJwntJJyak+6U286UmfpLyBDLGTt6 EQtA+Mhtl8lr4j8+IMJRLSzEFnYDXegAnS0RqO/I05DpWERBcIqHy5JzQE4tr2x5IwFE 6XBt+uoQLbfPBNTXnZj2RCyCI2CYOib3JWVMQ33s81k+UPu2SewyWtadKXSHMPMsOxtz IiSnQiM4+EJHiwQ7CZg1lbG7iCQD83GBRJSAUft/HaDhb9/xrE8W+Se8Dqs5NLr/B9G8 GnHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NRN9jDgZzBZ969hO8AcW+KEvnXMsADWSJP11xMrYntw=; b=FiO0EnSvGAN5mR2WMXKIaP/dN0wrMM3Odsd0AzPLmOBj5wGs0dJAxa+MBHCLdYugXd xT5NF3LoT2RCkNqC6nexCVqcnWphmkT/uePqVq7zj4FJ8J9Ib6P6s85GIGB6UPf9iPJ/ jVfiSruf9jx5jm/KHvX4wShlYT8/56ori0LGt2lVbhWN8meeXJ1oDZA1w2Jn3Yj0DORv FFNGCaajSRPx0gPi7dbahc7r3xruYNwx4yleqXLwOVxBsnIQ3T6EvNhkgECZ990ayX+O ImFMew3rDL5qgNUPy60JZiTcqdM6cUSv0P8lisjLy2CFxnJZCIKoibQwtqf8vLL+QbaG IaQw== X-Gm-Message-State: APjAAAVawP3mzzfnzVkG/VenYRJKRcxWvVoWU6+qU17oi9VavaJZQQOa rHqq/j/AkruKLVjOviRxVgmXMg8z X-Google-Smtp-Source: APXvYqxrvia+LyRjTnvSEJ/Fx2E2BP9YNGRaJxlritExaIbyOTqdSL8powTJv7g80+39roTHAeDysg== X-Received: by 2002:aca:55d8:: with SMTP id j207mr792591oib.38.1566946003153; Tue, 27 Aug 2019 15:46:43 -0700 (PDT) Received: from localhost.localdomain (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242]) by smtp.gmail.com with ESMTPSA id a94sm289911otb.15.2019.08.27.15.46.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2019 15:46:42 -0700 (PDT) From: Denis Kenzior To: linux-wireless@vger.kernel.org Cc: Denis Kenzior , stable@vger.kernel.org Subject: [PATCH 1/2] mac80211: Don't memset RXCB prior to PAE intercept Date: Tue, 27 Aug 2019 17:41:19 -0500 Message-Id: <20190827224120.14545-2-denkenz@gmail.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20190827224120.14545-1-denkenz@gmail.com> References: <20190827224120.14545-1-denkenz@gmail.com> MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org In ieee80211_deliver_skb_to_local_stack intercepts EAPoL frames if mac80211 is configured to do so and forwards the contents over nl80211. During this process some additional data is also forwarded, including whether the frame was received encrypted or not. Unfortunately just prior to the call to ieee80211_deliver_skb_to_local_stack, skb->cb is cleared, resulting in incorrect data being exposed over nl80211. Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211") Cc: stable@vger.kernel.org Signed-off-by: Denis Kenzior --- net/mac80211/rx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 3c1ab870fefe..7c4aeac006fb 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2452,6 +2452,8 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb, cfg80211_rx_control_port(dev, skb, noencrypt); dev_kfree_skb(skb); } else { + memset(skb->cb, 0, sizeof(skb->cb)); + /* deliver to local stack */ if (rx->napi) napi_gro_receive(rx->napi, skb); @@ -2546,8 +2548,6 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx) if (skb) { skb->protocol = eth_type_trans(skb, dev); - memset(skb->cb, 0, sizeof(skb->cb)); - ieee80211_deliver_skb_to_local_stack(skb, rx); } From patchwork Tue Aug 27 22:41:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 11117605 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2ABDC14D5 for ; Tue, 27 Aug 2019 22:46:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0BBF922CF4 for ; Tue, 27 Aug 2019 22:46:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AaNy3pDQ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726371AbfH0Wqp (ORCPT ); Tue, 27 Aug 2019 18:46:45 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:44554 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725989AbfH0Wqo (ORCPT ); Tue, 27 Aug 2019 18:46:44 -0400 Received: by mail-ot1-f68.google.com with SMTP id w4so789213ote.11; Tue, 27 Aug 2019 15:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X+nREUwlvZXeg9X1aSX0ROEww5kCvuINCgrBH5wkbvw=; b=AaNy3pDQEz4qKUspyqPvb/jUVpmOatG2OMB/sfCKSylcXVoApZPklZVchlOZQfRE1L p87wAnWdZeR9RrlOY/7xFUk1jZiRYmq7mfSIyyUjifWPyO2omyXEBvMto5xpnUJz0os3 ghIOSBq74gba7SFTuZx9cVEi7JYSmiKwJuxTA6hSN4Y5ugyyhUffNddvx5/Yohz89slD 1xcVm9nT5tYkGauj/wFH0fm6aIzRR7kF0exOObDrIbtNMb3QwxCvqA7xSEfIV16QtdT1 KHn2PcY/df0l14EGlt40Bw+NoBK7csYul9oSCyjVx33TZ2e9xgQcKpR4ZW2mLNTe+o9k sRLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X+nREUwlvZXeg9X1aSX0ROEww5kCvuINCgrBH5wkbvw=; b=ju8Yf13Ony7IlPXYTzqXNyEQsFuXQr67DUD/kVW6A2ydazXeURxX7iNjsLaJbS1790 5BMwZfTQgA2/tgiN3q+HtKlHBt/GQ6NktVEZQB37vzXMutOk3yPFDkKiGi4QTNuSVeiK NJejZWuJHZQ6wRuiRrxYOvLnuo54DcNov2ljnJUUkmbQLCgCB6JuXEC0ZWQt4cWXHAvF 1U+P9FIUUiA5JgAj87JcQQ5wHXo+o/n87Ibbnp2LIKnILD9OxgQvDa6ZTcied1JbBn9Y 6kJulL9al+k/7qqGNie+IG/AzUBb/mXLMkmwz9gJ2qAWnJ1HrqA/dBF+NwRKrICftEJq +Gnw== X-Gm-Message-State: APjAAAU4XpHLwIs8Tc925wr1+7CtSGQC8mKMy0lLJ2sDLqJr7YBlNM9H WrbBjK68yJ5zYnGGdMwBeK32zsCY X-Google-Smtp-Source: APXvYqyC9uItvFTAEkvyjpaI4wJtSJfSyQOnYnSFOkp2/pG8b3xd6J1sDqIVmRQNwC5EVuwRNRed2Q== X-Received: by 2002:a9d:70cf:: with SMTP id w15mr849477otj.320.1566946003753; Tue, 27 Aug 2019 15:46:43 -0700 (PDT) Received: from localhost.localdomain (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242]) by smtp.gmail.com with ESMTPSA id a94sm289911otb.15.2019.08.27.15.46.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2019 15:46:43 -0700 (PDT) From: Denis Kenzior To: linux-wireless@vger.kernel.org Cc: Denis Kenzior , stable@vger.kernel.org Subject: [PATCH 2/2] mac80211: Correctly set noencrypt for PAE frames Date: Tue, 27 Aug 2019 17:41:20 -0500 Message-Id: <20190827224120.14545-3-denkenz@gmail.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20190827224120.14545-1-denkenz@gmail.com> References: <20190827224120.14545-1-denkenz@gmail.com> MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org The noencrypt flag was intended to be set if the "frame was received unencrypted" according to include/uapi/linux/nl80211.h. However, the current behavior is opposite of this. Cc: stable@vger.kernel.org Fixes: 018f6fbf540d ("mac80211: Send control port frames over nl80211") Signed-off-by: Denis Kenzior --- net/mac80211/rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 7c4aeac006fb..8514c1f4ca90 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -2447,7 +2447,7 @@ static void ieee80211_deliver_skb_to_local_stack(struct sk_buff *skb, skb->protocol == cpu_to_be16(ETH_P_PREAUTH)) && sdata->control_port_over_nl80211)) { struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); - bool noencrypt = status->flag & RX_FLAG_DECRYPTED; + bool noencrypt = (status->flag & RX_FLAG_DECRYPTED) == 0; cfg80211_rx_control_port(dev, skb, noencrypt); dev_kfree_skb(skb);