linux/net/mac80211
Pavel Skripkin 8b5cb7e41d mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
Syzbot hit NULL deref in rhashtable_free_and_destroy(). The problem was
in mesh_paths and mpp_paths being NULL.

mesh_pathtbl_init() could fail in case of memory allocation failure, but
nobody cared, since ieee80211_mesh_init_sdata() returns void. It led to
leaving 2 pointers as NULL. Syzbot has found null deref on exit path,
but it could happen anywhere else, because code assumes these pointers are
valid.

Since all ieee80211_*_setup_sdata functions are void and do not fail,
let's embedd mesh_paths and mpp_paths into parent struct to avoid
adding error handling on higher levels and follow the pattern of others
setup_sdata functions

Fixes: 60854fd945 ("mac80211: mesh: convert path table to rhashtable")
Reported-and-tested-by: syzbot+860268315ba86ea6b96b@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: https://lore.kernel.org/r/20211230195547.23977-1-paskripkin@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-01-04 15:11:49 +01:00
..
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aead_api.h
aes_ccm.h
aes_cmac.c mac80211: aes_cmac: check crypto_shash_setkey() return value 2021-04-19 12:01:40 +02:00
aes_cmac.h
aes_gcm.h
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-03-16 21:20:41 +01:00
aes_gmac.h
agg-rx.c mac80211: fix lookup when adding AddBA extension element 2021-12-14 11:21:05 +01:00
agg-tx.c mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock 2021-12-14 11:19:43 +01:00
airtime.c mac80211: add AQL support for VHT160 tx rates 2020-09-18 11:36:03 +02:00
cfg.c mac80211: fix locking in ieee80211_start_ap error path 2021-12-20 11:33:23 +00:00
chan.c mac80211: handle rate control (RC) racing with chanctx definition 2021-06-23 11:29:14 +02:00
debug.h
debugfs_key.c mac80211: remove trailing semicolon in macro definitions 2020-12-11 12:51:55 +01:00
debugfs_key.h mac80211: Support BIGTK configuration for Beacon protection 2020-02-24 10:35:57 +01:00
debugfs_netdev.c mac80211: Switch to a virtual time-based airtime scheduler 2021-06-23 18:12:00 +02:00
debugfs_netdev.h
debugfs_sta.c mac80211: debugfs: calculate free buffer size correctly 2021-10-21 16:46:02 +02:00
debugfs_sta.h
debugfs.c mac80211: Switch to a virtual time-based airtime scheduler 2021-06-23 18:12:00 +02:00
debugfs.h
driver-ops.c mac80211: fix station rate table updates on assoc 2021-02-01 15:07:09 +01:00
driver-ops.h mac80211: mark TX-during-stop for TX in in_reconfig 2021-12-14 11:22:02 +01:00
ethtool.c
fils_aead.c mac80211: fils: use cfg80211_find_ext_elem() 2021-10-21 17:01:16 +02:00
fils_aead.h
he.c mac80211: fix NULL ptr dereference during mesh peer connection for non HE devices 2021-06-23 18:06:44 +02:00
ht.c mac80211: allow SMPS requests only in client mode 2021-06-23 11:29:13 +02:00
ibss.c mac80211: fix memory leaks with element parsing 2021-10-21 16:54:04 +02:00
ieee80211_i.h mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
iface.c mac80211: fix monitor_sdata RCU/locking assertions 2021-11-15 10:55:55 +01:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-01-28 09:29:34 +02:00
key.c mac80211: prevent mixed key and fragment cache attacks 2021-05-11 20:12:51 +02:00
key.h mac80211: prevent mixed key and fragment cache attacks 2021-05-11 20:12:51 +02:00
led.c mac80211: don't open-code LED manipulations 2021-06-23 11:29:12 +02:00
led.h mac80211: fix throughput LED trigger 2021-11-15 10:56:57 +01:00
main.c Minor updates: 2021-08-20 10:09:22 -07:00
Makefile mac80211: remove legacy minstrel rate control 2021-01-22 09:11:37 +01:00
mesh_hwmp.c mac80211: always allocate struct ieee802_11_elems 2021-09-23 16:27:07 +02:00
mesh_pathtbl.c mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
mesh_plink.c mac80211: always allocate struct ieee802_11_elems 2021-09-23 16:27:07 +02:00
mesh_ps.c mac80211: mesh: fix potentially unaligned access 2021-09-23 13:25:09 +02:00
mesh_sync.c mac80211: mesh: clean up rx_bcn_presp API 2021-09-23 16:26:33 +02:00
mesh.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-10-28 10:43:58 -07:00
mesh.h mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh 2022-01-04 15:11:49 +01:00
michael.c
michael.h
mlme.c mac80211: initialize variable have_higher_than_11mbit 2022-01-04 15:02:52 +01:00
ocb.c
offchannel.c mac80211: Inform AP when returning operating channel 2020-09-28 13:18:53 +02:00
pm.c mac80211: Prevent AP probing during suspend 2021-10-21 17:27:51 +02:00
rate.c Revert "mac80211: do not use low data rates for data frames with no ack flag" 2021-09-23 12:59:29 +02:00
rate.h mac80211: populate debugfs only after cfg80211 init 2020-04-24 11:30:13 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel_ht: show sampling rates in debugfs 2021-02-12 08:58:11 +01:00
rc80211_minstrel_ht.c mac80211: fix some spelling mistakes 2021-06-23 12:36:32 +02:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: remove sample rate switching code for constrained devices 2021-02-12 08:58:22 +01:00
rx.c mac80211: set up the fwd_skb->dev for mesh forwarding 2021-11-26 11:36:31 +01:00
s1g.c mac80211: twt: don't use potentially unaligned pointer 2021-09-27 13:02:51 +02:00
scan.c mac80211: always allocate struct ieee802_11_elems 2021-09-23 16:27:07 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-01-21 13:39:11 +01:00
sta_info.c mac80211: update channel context before station state 2021-12-14 11:21:39 +01:00
sta_info.h mac80211: add docs for ssn in struct tid_ampdu_tx 2021-11-29 09:31:17 +01:00
status.c mac80211: introduce individual TWT support in AP mode 2021-08-24 10:30:43 +02:00
tdls.c mac80211: always allocate struct ieee802_11_elems 2021-09-23 16:27:07 +02:00
tkip.c
tkip.h
trace_msg.h
trace.c
trace.h mac80211: introduce individual TWT support in AP mode 2021-08-24 10:30:43 +02:00
tx.c mac80211: fix rate control for retransmitted frames 2021-11-26 11:35:32 +01:00
util.c mac80211: do drv_reconfig_complete() before restarting all 2021-12-14 11:22:20 +01:00
vht.c mac80211: remove NSS number of 160MHz if not support 160MHz for HE 2021-01-21 13:45:13 +01:00
wep.c
wep.h
wme.c mac80211: drop check for DONT_REORDER in __ieee80211_select_queue 2021-11-15 10:55:40 +01:00
wme.h
wpa.c mac80211: fix use-after-free in CCMP/GCMP RX 2021-09-27 11:59:49 +02:00
wpa.h