From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: YueHaibing <yuehaibing@huawei.com>,
Johannes Berg <johannes.berg@intel.com>,
Sasha Levin <sashal@kernel.org>,
johannes@sipsolutions.net, davem@davemloft.net, kuba@kernel.org,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.14 21/40] mac80211: Drop frames from invalid MAC address in ad-hoc mode
Date: Tue, 5 Oct 2021 09:50:00 -0400 [thread overview]
Message-ID: <20211005135020.214291-21-sashal@kernel.org> (raw)
In-Reply-To: <20211005135020.214291-1-sashal@kernel.org>
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit a6555f844549cd190eb060daef595f94d3de1582 ]
WARNING: CPU: 1 PID: 9 at net/mac80211/sta_info.c:554
sta_info_insert_rcu+0x121/0x12a0
Modules linked in:
CPU: 1 PID: 9 Comm: kworker/u8:1 Not tainted 5.14.0-rc7+ #253
Workqueue: phy3 ieee80211_iface_work
RIP: 0010:sta_info_insert_rcu+0x121/0x12a0
...
Call Trace:
ieee80211_ibss_finish_sta+0xbc/0x170
ieee80211_ibss_work+0x13f/0x7d0
ieee80211_iface_work+0x37a/0x500
process_one_work+0x357/0x850
worker_thread+0x41/0x4d0
If an Ad-Hoc node receives packets with invalid source MAC address,
it hits a WARN_ON in sta_info_insert_check(), this can spam the log.
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Link: https://lore.kernel.org/r/20210827144230.39944-1-yuehaibing@huawei.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mac80211/rx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 2563473b5cf1..e023e307c0c3 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4053,7 +4053,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
if (!bssid)
return false;
if (ether_addr_equal(sdata->vif.addr, hdr->addr2) ||
- ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2))
+ ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2) ||
+ !is_valid_ether_addr(hdr->addr2))
return false;
if (ieee80211_is_beacon(hdr->frame_control))
return true;
--
2.33.0
next prev parent reply other threads:[~2021-10-05 13:51 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 13:49 [PATCH AUTOSEL 5.14 01/40] ext4: check and update i_disksize properly Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 02/40] ext4: correct the error path of ext4_write_inline_data_end() Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 03/40] ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 04/40] ext4: enforce buffer head state assertion in ext4_da_map_blocks Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 05/40] ALSA: oxfw: fix transmission method for Loud models based on OXFW971 Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 06/40] dt-bindings: interconnect: sdm660: Add missing a2noc qos clocks Sasha Levin
2021-10-05 19:11 ` Georgi Djakov
2021-10-06 15:12 ` Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 07/40] interconnect: qcom: " Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 08/40] ALSA: usb-audio: Unify mixer resume and reset_resume procedure Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 09/40] netfilter: ipset: Fix oversized kvmalloc() calls Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 10/40] HID: betop: fix slab-out-of-bounds Write in betop_probe Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 11/40] HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 12/40] netfilter: ip6_tables: zero-initialize fragment offset Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 13/40] HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 14/40] HID: amd_sfh: Fix potential NULL pointer dereference Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 15/40] ASoC: SOF: loader: release_firmware() on load failure to avoid batching Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 16/40] KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 17/40] netfilter: nf_tables: Fix oversized kvmalloc() calls Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 18/40] netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 19/40] netfilter: nf_nat_masquerade: defer conntrack walk to work queue Sasha Levin
2021-10-05 13:49 ` [PATCH AUTOSEL 5.14 20/40] netfilter: conntrack: serialize hash resizes and cleanups Sasha Levin
2021-10-05 13:50 ` Sasha Levin [this message]
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 22/40] pinctrl: qcom: sc7280: Add PM suspend callbacks Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 23/40] m68k: Handle arrivals of multiple signals correctly Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 24/40] hwmon: (ltc2947) Properly handle errors when looking for the external clock Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 25/40] net: prevent user from passing illegal stab size Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 26/40] mac80211: check return value of rhashtable_init Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 27/40] net: bgmac-platform: handle mac-address deferral Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 28/40] net: mdiobus: Fix memory leak in __mdiobus_register Sasha Levin
2021-10-05 14:02 ` Andrew Lunn
2021-10-06 15:12 ` Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 29/40] nvme: add command id quirk for apple controllers Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 30/40] vboxfs: fix broken legacy mount signature checking Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 31/40] net: sun: SUNVNET_COMMON should depend on INET Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 32/40] drm/amdgpu: fix gart.bo pin_count leak Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 33/40] scsi: ses: Fix unsigned comparison with less than zero Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 34/40] scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 35/40] scsi: qla2xxx: Fix excessive messages during device logout Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 36/40] perf/x86: Reset destroy callback on event init failure Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 37/40] perf/core: fix userpage->time_enabled of inactive events Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 38/40] sched: Always inline is_percpu_thread() Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 39/40] io_uring: kill fasync Sasha Levin
2021-10-05 13:50 ` [PATCH AUTOSEL 5.14 40/40] hwmon: (pmbus/ibm-cffps) max_power_out swap changes Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211005135020.214291-21-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox