Skip to content
Snippets Groups Projects
Select Git revision
  • 6.6/linux default protected
  • lts-pre-prod-v5.15.161-android_u-cve-241018T060950Z
  • lts-v5.15.161-android_t-cve-241017T225452Z
  • lts-pre-prod-v5.15.161-android_u-241018T060950Z
  • lts-v5.15.161-android_t-241017T225452Z
  • lts-v6.6.53-rt44-preempt-rt-241016T031527Z
  • lts-v6.6.53-linux-241016T015643Z
  • lts-v6.6.53-linux-cve-241016T015643Z
  • lts-v6.6.52-rt43-preempt-rt-241011T142630Z
  • lts-v6.6.52-linux-241011T090312Z
  • lts-v6.6.52-linux-cve-241011T090312Z
  • lts-pre-prod-v5.15.161-android_u-cve-241009T230053Z
  • lts-v6.6.50-rt42-preempt-rt-241002T180333Z
  • lts-v5.15.161-android_t-cve-240930T120437Z
  • lts-v6.6.50-linux-240930T011355Z
  • lts-v6.6.50-linux-cve-240930T011355Z
  • lts-pre-prod-v5.15.161-android_u-241009T230053Z
  • lts-v5.15.161-android_t-240930T120437Z
  • lts-v6.6.50-rt42-preempt-rt-240925T173613Z
  • lts-v6.6.50-linux-240925T091328Z
  • lts-v6.6.50-linux-cve-240925T091328Z
21 results
Search by author
  • Any Author
  • Nicola Sparnacci Nicola Sparnacci nicola.sparnacci
1 author
  1. Jun 07, 2023
  3. Jun 06, 2023
  5. Aug 25, 2022
  7. Jul 15, 2022
  9. Jul 01, 2022
  11. Jun 20, 2022
    • Johannes Berg's avatar
      wifi: cfg80211: do some rework towards MLO link APIs · 7b0a0e3c
      Johannes Berg authored 
      
In order to support multi-link operation with multiple links,
start adding some APIs. The notable addition here is to have
the link ID in a new nl80211 attribute, that will be used to
differentiate the links in many nl80211 operations.

So far, this patch adds the netlink NL80211_ATTR_MLO_LINK_ID
attribute (as well as the NL80211_ATTR_MLO_LINKS attribute)
and plugs it through the system in some places, checking the
validity etc. along with other infrastructure needed for it.

For now, I've decided to include only the over-the-air link
ID in the API. I know we discussed that we eventually need to
have to have other ways of identifying a link, but for local
AP mode and auth/assoc commands as well as set_key etc. we'll
use the OTA ID.

Also included in this patch is some refactoring of the data
structures in struct wireless_dev, splitting for the first
time the data into type dependent pieces, to make reasoning
about these things easier.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      7b0a0e3c
  13. Feb 04, 2022
  15. Dec 20, 2021
  17. Nov 19, 2021
  19. Oct 25, 2021
  21. Sep 27, 2021
  23. Jun 23, 2021
  25. Jun 09, 2021
  27. Apr 27, 2021
    • Johannes Berg's avatar
      cfg80211: fix locking in netlink owner interface destruction · ea6b2098
      Johannes Berg authored 
      Harald Arnesen reported [1] a deadlock at reboot time, and after
he captured a stack trace a picture developed of what's going on:

The distribution he's using is using iwd (not wpa_supplicant) to
manage wireless. iwd will usually use the "socket owner" option
when it creates new interfaces, so that they're automatically
destroyed when it quits (unexpectedly or otherwise). This is also
done by wpa_supplicant, but it doesn't do it for the normal one,
only for additional ones, which is different with iwd.

Anyway, during shutdown, iwd quits while the netdev is still UP,
i.e. IFF_UP is set. This causes the stack trace that Linus so
nicely transcribed from the pictures:

cfg80211_destroy_iface_wk() takes wiphy_lock
 -> cfg80211_destroy_ifaces()
  ->ieee80211_del_iface
    ->ieeee80211_if_remove
      ->cfg80211_unregister_wdev
        ->unregister_netdevice_queue
          ->dev_close_many
            ->__dev_close_many
              ->raw_notifier_call_chain
                ->cfg80211_netdev_notifier_call
and that last call tries to take wiphy_lock again.

In commit a05829a7 ("cfg80211: avoid holding the RTNL when
calling the driver") I had taken into account the possibility of
recursing from cfg80211 into cfg80211_netdev_notifier_call() via
the network stack, but only for NETDEV_UNREGISTER, not for what
happens here, NETDEV_GOING_DOWN and NETDEV_DOWN notifications.

Additionally, while this worked still back in commit 78f22b6a
("cfg80211: allow userspace to take ownership of interfaces"), it
missed another corner case: unregistering a netdev will cause
dev_close() to be called, and thus stop wireless operations (e.g.
disconnecting), but there are some types of virtual interfaces in
wifi that don't have a netdev - for that we need an additional
call to cfg80211_leave().

So, to fix this mess, change cfg80211_destroy_ifaces() to not
require the wiphy_lock(), but instead make it acquire it, but
only after it has actually closed all the netdevs on the list,
and then call cfg80211_leave() as well before removing them
from the driver, to fix the second issue. The locking change in
this requires modifying the nl80211 call to not get the wiphy
lock passed in, but acquire it by itself after flushing any
potentially pending destruction requests.

[1] https://lore.kernel.org/r/09464e67-f3de-ac09-28a3-e27b7914ee7d@skogtun.org



Cc: stable@vger.kernel.org # 5.12
Reported-by: default avatarHarald Arnesen <harald@skogtun.org>
Fixes: 776a39b8 ("cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held")
Fixes: 78f22b6a ("cfg80211: allow userspace to take ownership of interfaces")
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Tested-by: default avatarHarald Arnesen <harald@skogtun.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ea6b2098
  29. Apr 08, 2021
  31. Apr 07, 2021
  33. Apr 05, 2021
  35. Feb 01, 2021
  37. Jan 28, 2021
  39. Jan 26, 2021
    • Johannes Berg's avatar
      cfg80211: avoid holding the RTNL when calling the driver · a05829a7
      Johannes Berg authored 
      Currently, _everything_ in cfg80211 holds the RTNL, and if you
have a slow USB device (or a few) you can get some bad lock
contention on that.

Fix that by re-adding a mutex to each wiphy/rdev as we had at
some point, so we have locking for the wireless_dev lists and
all the other things in there, and also so that drivers still
don't have to worry too much about it (they still won't get
parallel calls for a single device).

Then, we can restrict the RTNL to a few cases where we add or
remove interfaces and really need the added protection. Some
of the global list management still also uses the RTNL, since
we need to have it anyway for netdev management, but we only
hold the RTNL for very short periods of time here.

Link: https://lore.kernel.org/r/20210122161942.81df9f5e047a.I4a8e1a60b18863ea8c5e6d3a0faeafb2d45b2f40@changeid


Tested-by: Marek Szyprowski <m.szyprowski@samsung.com> [marvell driver issues]
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      a05829a7
  41. Jan 22, 2021
    • Johannes Berg's avatar
      cfg80211: change netdev registration/unregistration semantics · 2fe8ef10
      Johannes Berg authored 
      We used to not require anything in terms of registering netdevs
with cfg80211, using a netdev notifier instead. However, in the
next patch reducing RTNL locking, this causes big problems, and
the simplest way is to just require drivers to do things better.

Change the registration/unregistration semantics to require the
drivers to call cfg80211_(un)register_netdevice() when this is
happening due to a cfg80211 request, i.e. add_virtual_intf() or
del_virtual_intf() (or if it somehow has to happen in any other
cfg80211 callback).

Otherwise, in other contexts, drivers may continue to use the
normal netdev (un)registration functions as usual.

Internally, we still use the netdev notifier and track (by the
new wdev->registered bool) if the wdev had already been added
to cfg80211 or not.

Link: https://lore.kernel.org/r/20210122161942.cf2f4b65e4e9.Ida8234e50da13eb675b557bac52a713ad4eddf71@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      2fe8ef10
  43. Nov 11, 2020
  45. Oct 30, 2020
    • Johannes Berg's avatar
      cfg80211: initialize wdev data earlier · 9bdaf3b9
      Johannes Berg authored 
      
There's a race condition in the netdev registration in that
NETDEV_REGISTER actually happens after the netdev is available,
and so if we initialize things only there, we might get called
with an uninitialized wdev through nl80211 - not using a wdev
but using a netdev interface index.

I found this while looking into a syzbot report, but it doesn't
really seem to be related, and unfortunately there's no repro
for it (yet). I can't (yet) explain how it managed to get into
cfg80211_release_pmsr() from nl80211_netlink_notify() without
the wdev having been initialized, as the latter only iterates
the wdevs that are linked into the rdev, which even without the
change here happened after init.

However, looking at this, it seems fairly clear that the init
needs to be done earlier, otherwise we might even re-init on a
netns move, when data might still be pending.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20201009135821.fdcbba3aad65.Ie9201d91dbcb7da32318812effdc1561aeaf4cdc@changeid


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      9bdaf3b9
  47. Sep 28, 2020
  49. Aug 07, 2020
    • Waiman Long's avatar
      mm, treewide: rename kzfree() to kfree_sensitive() · 453431a5
      Waiman Long authored 
      
As said by Linus:

  A symmetric naming is only helpful if it implies symmetries in use.
  Otherwise it's actively misleading.

  In "kzalloc()", the z is meaningful and an important part of what the
  caller wants.

  In "kzfree()", the z is actively detrimental, because maybe in the
  future we really _might_ want to use that "memfill(0xdeadbeef)" or
  something. The "zero" part of the interface isn't even _relevant_.

The main reason that kzfree() exists is to clear sensitive information
that should not be leaked to other future users of the same memory
objects.

Rename kzfree() to kfree_sensitive() to follow the example of the recently
added kvfree_sensitive() and make the intention of the API more explicit.
In addition, memzero_explicit() is used to clear the memory to make sure
that it won't get optimized away by the compiler.

The renaming is done by using the command sequence:

  git grep -w --name-only kzfree |\
  xargs sed -i 's/kzfree/kfree_sensitive/'

followed by some editing of the kfree_sensitive() kerneldoc and adding
a kzfree backward compatibility macro in slab.h.

[akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
[akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]

Suggested-by: default avatarJoe Perches <joe@perches.com>
Signed-off-by: default avatarWaiman Long <longman@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Acked-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarMichal Hocko <mhocko@suse.com>
Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>
Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com


Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      453431a5
  51. Jul 31, 2020
  53. Jun 05, 2020
  55. May 31, 2020
  57. May 25, 2020
  59. Apr 24, 2020
  61. Mar 20, 2020