linux/net/mac80211
Johannes Berg 2965c4cdf7 wifi: mac80211: fix use-after-free in chanctx code
In ieee80211_vif_use_reserved_context(), when we have an
old context and the new context's replace_state is set to
IEEE80211_CHANCTX_REPLACE_NONE, we free the old context
in ieee80211_vif_use_reserved_reassign(). Therefore, we
cannot check the old_ctx anymore, so we should set it to
NULL after this point.

However, since the new_ctx replace state is clearly not
IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do
anything else in this function and can just return to
avoid accessing the freed old_ctx.

Cc: stable@vger.kernel.org
Fixes: 5bcae31d9c ("mac80211: implement multi-vif in-place reservations")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220601091926.df419d91b165.I17a9b3894ff0b8323ce2afdb153b101124c821e5@changeid
2022-06-01 12:41:41 +03:00
..
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aead_api.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_ccm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_cmac.c mac80211: aes_cmac: check crypto_shash_setkey() return value 2021-04-19 12:01:40 +02:00
aes_cmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gcm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aes_gmac.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
agg-rx.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
agg-tx.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
airtime.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
cfg.c mac80211: refactor freeing the next_beacon 2022-05-17 13:03:34 +02:00
chan.c wifi: mac80211: fix use-after-free in chanctx code 2022-06-01 12:41:41 +03:00
debug.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_key.c mac80211: remove unused macros 2022-02-04 16:26:27 +01:00
debugfs_key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_netdev.c mac80211: use ifmgd->bssid instead of ifmgd->associated->bssid 2022-05-16 09:13:22 +02:00
debugfs_netdev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs_sta.c wireless-next patches for v5.19 2022-05-03 17:27:51 -07:00
debugfs_sta.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debugfs.c mac80211: introduce BSS color collision detection 2022-04-11 15:24:15 +02:00
debugfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
driver-ops.c mac80211: fix station rate table updates on assoc 2021-02-01 15:07:09 +01:00
driver-ops.h This time we have: 2021-12-21 07:41:52 -08:00
eht.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
ethtool.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
fils_aead.c mac80211: fils: use cfg80211_find_ext_elem() 2021-10-21 17:01:16 +02:00
fils_aead.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
he.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
ht.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
ibss.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
ieee80211_i.h mac80211: mlme: track assoc_bss/associated separately 2022-05-16 09:16:20 +02:00
iface.c mac80211: add support for .ndo_fill_forward_path 2021-11-26 11:47:26 +01:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-01-28 09:29:34 +02:00
key.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
key.h mac80211: prevent mixed key and fragment cache attacks 2021-05-11 20:12:51 +02:00
led.c mac80211: don't open-code LED manipulations 2021-06-23 11:29:12 +02:00
led.h mac80211: fix throughput LED trigger 2021-11-15 10:56:57 +01:00
main.c mac80211: remove unused argument to ieee80211_sta_connection_lost() 2022-05-16 09:15:04 +02:00
Makefile mac80211: Handle station association response with EHT 2022-02-16 15:44:09 +01:00
mesh_hwmp.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
mesh_pathtbl.c mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
mesh_plink.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
mesh_ps.c mac80211: mesh: fix potentially unaligned access 2021-09-23 13:25:09 +02:00
mesh_sync.c mac80211: mesh: clean up rx_bcn_presp API 2021-09-23 16:26:33 +02:00
mesh.c mac80211: Use GFP_KERNEL instead of GFP_ATOMIC when possible 2022-03-11 11:42:49 +01:00
mesh.h mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
michael.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
michael.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
mlme.c wireless-next patches for v5.19 2022-05-19 13:01:08 -07:00
ocb.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
offchannel.c mac80211: use ifmgd->bssid instead of ifmgd->associated->bssid 2022-05-16 09:13:22 +02:00
pm.c mac80211: Prevent AP probing during suspend 2021-10-21 17:27:51 +02:00
rate.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
rate.h mac80211: populate debugfs only after cfg80211 init 2020-04-24 11:30:13 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: show sampling rates in debugfs 2021-02-12 08:58:11 +01:00
rc80211_minstrel_ht.c mac80211: minstrel_ht: support ieee80211_rate_status 2022-05-16 10:07:58 +02:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: support ieee80211_rate_status 2022-05-16 10:07:58 +02:00
rx.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-12 16:15:30 -07:00
s1g.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
scan.c mac80211: upgrade passive scan to active scan on DFS channels after beacon rx 2022-05-04 22:49:38 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-01-21 13:39:11 +01:00
sta_info.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
sta_info.h mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
status.c mac80211: extend current rate control tx status API 2022-05-16 10:05:02 +02:00
tdls.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
tkip.c mac80211: Fix TKIP replay protection immediately after key setup 2020-01-15 09:52:12 +01:00
tkip.h Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
trace_msg.h mac80211: Increase MAX_MSG_LEN 2019-03-29 11:20:36 +01:00
trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace.h mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
tx.c mac80211: tx: delete a redundant if statement in ieee80211_check_fast_xmit() 2022-05-04 22:49:38 +02:00
util.c mac80211: mlme: move in RSSI reporting code 2022-05-16 09:12:34 +02:00
vht.c mac80211: prepare sta handling for MLO support 2022-04-11 16:42:03 +02:00
wep.c mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wep.h mac80211: make ieee80211_wep_init() return void 2020-02-07 12:40:34 +01:00
wme.c mac80211: drop check for DONT_REORDER in __ieee80211_select_queue 2021-11-15 10:55:40 +01:00
wme.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
wpa.c mac80211: unify CCMP/GCMP AAD construction 2022-05-16 09:10:38 +02:00
wpa.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00