1. 17 Jan, 2015 1 commit
    • Johannes Berg's avatar
      netlink: make nlmsg_end() and genlmsg_end() void · 053c095a
      Johannes Berg authored
      Contrary to common expectations for an "int" return, these functions
      return only a positive value -- if used correctly they cannot even
      return 0 because the message header will necessarily be in the skb.
      
      This makes the very common pattern of
      
        if (genlmsg_end(...) < 0) { ... }
      
      be a whole bunch of dead code. Many places also simply do
      
        return nlmsg_end(...);
      
      and the caller is expected to deal with it.
      
      This also commonly (at least for me) causes errors, because it is very
      common to write
      
        if (my_function(...))
          /* error condition */
      
      and if my_function() does "return nlmsg_end()" this is of course wrong.
      
      Additionally, there's not a single place in the kernel that actually
      needs the message length returned, and if anyone needs it later then
      it'll be very easy to just use skb->len there.
      
      Remove this, and make the functions void. This removes a bunch of dead
      code as described above. The patch adds lines because I did
      
      -	return nlmsg_end(...);
      +	nlmsg_end(...);
      +	return 0;
      
      I could have preserved all the function's return values by returning
      skb->len, but instead I've audited all the places calling the affected
      functions and found that none cared. A few places actually compared
      the return value with <= 0 in dump functionality, but that could just
      be changed to < 0 with no change in behaviour, so I opted for the more
      efficient version.
      
      One instance of the error I've made numerous times now is also present
      in net/phonet/pn_netlink.c in the route_dumpit() function - it didn't
      check for <0 or <=0 and thus broke out of the loop every single time.
      I've preserved this since it will (I think) have caused the messages to
      userspace to be formatted differently with just a single message for
      every SKB returned to userspace. It's possible that this isn't needed
      for the tools that actually use this, but I don't even know what they
      are so couldn't test that changing this behaviour would be acceptable.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      053c095a
  2. 14 Jan, 2015 1 commit
  3. 08 Jan, 2015 7 commits
  4. 06 Jan, 2015 2 commits
  5. 18 Dec, 2014 2 commits
  6. 17 Dec, 2014 3 commits
  7. 12 Dec, 2014 1 commit
    • Luciano Coelho's avatar
      nl80211: check matches array length before acessing it · f89f46cf
      Luciano Coelho authored
      If the userspace passes a malformed sched scan request (or a net
      detect wowlan configuration) by adding a NL80211_ATTR_SCHED_SCAN_MATCH
      attribute without any nested matchsets, a NULL pointer dereference
      will occur.  Fix this by checking that we do have matchsets in our
      array before trying to access it.
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000024
      IP: [<ffffffffa002fd69>] nl80211_parse_sched_scan.part.67+0x6e9/0x900 [cfg80211]
      PGD 865c067 PUD 865b067 PMD 0
      Oops: 0002 [#1] SMP
      Modules linked in: iwlmvm(O) iwlwifi(O) mac80211(O) cfg80211(O) compat(O) [last unloaded: compat]
      CPU: 2 PID: 2442 Comm: iw Tainted: G           O   3.17.2 #31
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
      task: ffff880013800790 ti: ffff880008d80000 task.ti: ffff880008d80000
      RIP: 0010:[<ffffffffa002fd69>]  [<ffffffffa002fd69>] nl80211_parse_sched_scan.part.67+0x6e9/0x900 [cfg80211]
      RSP: 0018:ffff880008d838d0  EFLAGS: 00010293
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
      RDX: 000000000000143c RSI: 0000000000000000 RDI: ffff880008ee8dd0
      RBP: ffff880008d83948 R08: 0000000000000002 R09: 0000000000000019
      R10: ffff88001d1b3c40 R11: 0000000000000002 R12: ffff880019e85e00
      R13: 00000000fffffed4 R14: ffff880009757800 R15: 0000000000001388
      FS:  00007fa3b6d13700(0000) GS:ffff88003e200000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000024 CR3: 0000000008670000 CR4: 00000000000006e0
      Stack:
       ffff880009757800 ffff880000000001 0000000000000000 ffff880008ee84e0
       0000000000000000 ffff880009757800 00000000fffffed4 ffff880008d83948
       ffffffff814689c9 ffff880009757800 ffff880008ee8000 0000000000000000
      Call Trace:
       [<ffffffff814689c9>] ? nla_parse+0xb9/0x120
       [<ffffffffa00306de>] nl80211_set_wowlan+0x75e/0x960 [cfg80211]
       [<ffffffff810bf3d5>] ? mark_held_locks+0x75/0xa0
       [<ffffffff8161a77b>] genl_family_rcv_msg+0x18b/0x360
       [<ffffffff810bf66d>] ? trace_hardirqs_on+0xd/0x10
       [<ffffffff8161a9d4>] genl_rcv_msg+0x84/0xc0
       [<ffffffff8161a950>] ? genl_family_rcv_msg+0x360/0x360
       [<ffffffff81618e79>] netlink_rcv_skb+0xa9/0xd0
       [<ffffffff81619458>] genl_rcv+0x28/0x40
       [<ffffffff816184a5>] netlink_unicast+0x105/0x180
       [<ffffffff8161886f>] netlink_sendmsg+0x34f/0x7a0
       [<ffffffff8105a097>] ? kvm_clock_read+0x27/0x40
       [<ffffffff815c644d>] sock_sendmsg+0x8d/0xc0
       [<ffffffff811a75c9>] ? might_fault+0xb9/0xc0
       [<ffffffff811a756e>] ? might_fault+0x5e/0xc0
       [<ffffffff815d5d26>] ? verify_iovec+0x56/0xe0
       [<ffffffff815c73e0>] ___sys_sendmsg+0x3d0/0x3e0
       [<ffffffff810a7be8>] ? sched_clock_cpu+0x98/0xd0
       [<ffffffff810611b4>] ? __do_page_fault+0x254/0x580
       [<ffffffff810bb39f>] ? up_read+0x1f/0x40
       [<ffffffff810611b4>] ? __do_page_fault+0x254/0x580
       [<ffffffff812146ed>] ? __fget_light+0x13d/0x160
       [<ffffffff815c7b02>] __sys_sendmsg+0x42/0x80
       [<ffffffff815c7b52>] SyS_sendmsg+0x12/0x20
       [<ffffffff81751f69>] system_call_fastpath+0x16/0x1b
      
      Fixes: ea73cbce ("nl80211: fix scheduled scan RSSI matchset attribute confusion")
      Cc: stable@vger.kernel.org [3.15+]
      Signed-off-by: default avatarLuciano Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      f89f46cf
  8. 28 Nov, 2014 1 commit
  9. 27 Nov, 2014 1 commit
  10. 26 Nov, 2014 2 commits
  11. 25 Nov, 2014 1 commit
  12. 19 Nov, 2014 7 commits
  13. 10 Nov, 2014 2 commits
  14. 04 Nov, 2014 2 commits
  15. 31 Oct, 2014 1 commit
  16. 29 Oct, 2014 1 commit
  17. 27 Oct, 2014 1 commit
  18. 22 Oct, 2014 1 commit
    • Johannes Berg's avatar
      cfg80211: make WMM TSPEC support flag an nl80211 feature flag · 723e73ac
      Johannes Berg authored
      During the review of the corresponding wpa_supplicant patches we
      noticed that the only way for it to detect that this functionality
      is supported currently is to check for the command support. This
      can be misleading though, as the command was also designed to, in
      the future, support pure 802.11 TSPECs.
      
      Expose the WMM-TSPEC feature flag to nl80211 so later we can also
      expose an 802.11-TSPEC feature flag (if needed) to differentiate
      the two cases.
      
      Note: this change isn't needed in 3.18 as there's no driver there
      yet that supports the functionality at all.
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      723e73ac
  19. 20 Oct, 2014 2 commits
  20. 09 Oct, 2014 1 commit