Skip to content

Commit 5d1dbac

Browse files
davem330davem330
committed
Merge tag 'ieee802154-for-davem-2021-04-07' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan
Stefan Schmidt says: ==================== pull-request: ieee802154 for net 2021-04-07 An update from ieee802154 for your *net* tree. Most of these are coming from the flood of syzkaller reports lately got for the ieee802154 subsystem. There are likely to come more for this, but this is a good batch to get out for now. Alexander Aring created a patchset to avoid llsec handling on a monitor interface, which we do not support. Alex Shi removed a unused macro. Pavel Skripkin fixed another protection fault found by syzkaller. ==================== Signed-off-by: David S. Miller <[email protected]>
2 parents 107adc6 + 1165aff commit 5d1dbac

File tree

3 files changed

+65
-12
lines changed

3 files changed

+65
-12
lines changed

net/ieee802154/nl-mac.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -551,9 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
551551
desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
552552

553553
if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
554-
if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
555-
!(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
556-
info->attrs[IEEE802154_ATTR_HW_ADDR]))
554+
if (!info->attrs[IEEE802154_ATTR_PAN_ID])
557555
return -EINVAL;
558556

559557
desc->device_addr.pan_id = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_PAN_ID]);
@@ -562,6 +560,9 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
562560
desc->device_addr.mode = IEEE802154_ADDR_SHORT;
563561
desc->device_addr.short_addr = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_SHORT_ADDR]);
564562
} else {
563+
if (!info->attrs[IEEE802154_ATTR_HW_ADDR])
564+
return -EINVAL;
565+
565566
desc->device_addr.mode = IEEE802154_ADDR_LONG;
566567
desc->device_addr.extended_addr = nla_get_hwaddr(info->attrs[IEEE802154_ATTR_HW_ADDR]);
567568
}

net/ieee802154/nl802154.c

Lines changed: 60 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -820,8 +820,13 @@ nl802154_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
820820
goto nla_put_failure;
821821

822822
#ifdef CONFIG_IEEE802154_NL802154_EXPERIMENTAL
823+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
824+
goto out;
825+
823826
if (nl802154_get_llsec_params(msg, rdev, wpan_dev) < 0)
824827
goto nla_put_failure;
828+
829+
out:
825830
#endif /* CONFIG_IEEE802154_NL802154_EXPERIMENTAL */
826831

827832
genlmsg_end(msg, hdr);
@@ -1384,6 +1389,9 @@ static int nl802154_set_llsec_params(struct sk_buff *skb,
13841389
u32 changed = 0;
13851390
int ret;
13861391

1392+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1393+
return -EOPNOTSUPP;
1394+
13871395
if (info->attrs[NL802154_ATTR_SEC_ENABLED]) {
13881396
u8 enabled;
13891397

@@ -1490,6 +1498,11 @@ nl802154_dump_llsec_key(struct sk_buff *skb, struct netlink_callback *cb)
14901498
if (err)
14911499
return err;
14921500

1501+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
1502+
err = skb->len;
1503+
goto out_err;
1504+
}
1505+
14931506
if (!wpan_dev->netdev) {
14941507
err = -EINVAL;
14951508
goto out_err;
@@ -1544,7 +1557,11 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
15441557
struct ieee802154_llsec_key_id id = { };
15451558
u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
15461559

1547-
if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
1560+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1561+
return -EOPNOTSUPP;
1562+
1563+
if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
1564+
nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
15481565
return -EINVAL;
15491566

15501567
if (!attrs[NL802154_KEY_ATTR_USAGE_FRAMES] ||
@@ -1592,7 +1609,11 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
15921609
struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
15931610
struct ieee802154_llsec_key_id id;
15941611

1595-
if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
1612+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1613+
return -EOPNOTSUPP;
1614+
1615+
if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
1616+
nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
15961617
return -EINVAL;
15971618

15981619
if (ieee802154_llsec_parse_key_id(attrs[NL802154_KEY_ATTR_ID], &id) < 0)
@@ -1656,6 +1677,11 @@ nl802154_dump_llsec_dev(struct sk_buff *skb, struct netlink_callback *cb)
16561677
if (err)
16571678
return err;
16581679

1680+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
1681+
err = skb->len;
1682+
goto out_err;
1683+
}
1684+
16591685
if (!wpan_dev->netdev) {
16601686
err = -EINVAL;
16611687
goto out_err;
@@ -1742,6 +1768,9 @@ static int nl802154_add_llsec_dev(struct sk_buff *skb, struct genl_info *info)
17421768
struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
17431769
struct ieee802154_llsec_device dev_desc;
17441770

1771+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1772+
return -EOPNOTSUPP;
1773+
17451774
if (ieee802154_llsec_parse_device(info->attrs[NL802154_ATTR_SEC_DEVICE],
17461775
&dev_desc) < 0)
17471776
return -EINVAL;
@@ -1757,7 +1786,11 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
17571786
struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
17581787
__le64 extended_addr;
17591788

1760-
if (nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
1789+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1790+
return -EOPNOTSUPP;
1791+
1792+
if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
1793+
nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
17611794
return -EINVAL;
17621795

17631796
if (!attrs[NL802154_DEV_ATTR_EXTENDED_ADDR])
@@ -1825,6 +1858,11 @@ nl802154_dump_llsec_devkey(struct sk_buff *skb, struct netlink_callback *cb)
18251858
if (err)
18261859
return err;
18271860

1861+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
1862+
err = skb->len;
1863+
goto out_err;
1864+
}
1865+
18281866
if (!wpan_dev->netdev) {
18291867
err = -EINVAL;
18301868
goto out_err;
@@ -1882,6 +1920,9 @@ static int nl802154_add_llsec_devkey(struct sk_buff *skb, struct genl_info *info
18821920
struct ieee802154_llsec_device_key key;
18831921
__le64 extended_addr;
18841922

1923+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1924+
return -EOPNOTSUPP;
1925+
18851926
if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
18861927
nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack) < 0)
18871928
return -EINVAL;
@@ -1913,7 +1954,11 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
19131954
struct ieee802154_llsec_device_key key;
19141955
__le64 extended_addr;
19151956

1916-
if (nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
1957+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
1958+
return -EOPNOTSUPP;
1959+
1960+
if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
1961+
nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
19171962
return -EINVAL;
19181963

19191964
if (!attrs[NL802154_DEVKEY_ATTR_EXTENDED_ADDR])
@@ -1986,6 +2031,11 @@ nl802154_dump_llsec_seclevel(struct sk_buff *skb, struct netlink_callback *cb)
19862031
if (err)
19872032
return err;
19882033

2034+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) {
2035+
err = skb->len;
2036+
goto out_err;
2037+
}
2038+
19892039
if (!wpan_dev->netdev) {
19902040
err = -EINVAL;
19912041
goto out_err;
@@ -2070,6 +2120,9 @@ static int nl802154_add_llsec_seclevel(struct sk_buff *skb,
20702120
struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
20712121
struct ieee802154_llsec_seclevel sl;
20722122

2123+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
2124+
return -EOPNOTSUPP;
2125+
20732126
if (llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
20742127
&sl) < 0)
20752128
return -EINVAL;
@@ -2085,6 +2138,9 @@ static int nl802154_del_llsec_seclevel(struct sk_buff *skb,
20852138
struct wpan_dev *wpan_dev = dev->ieee802154_ptr;
20862139
struct ieee802154_llsec_seclevel sl;
20872140

2141+
if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR)
2142+
return -EOPNOTSUPP;
2143+
20882144
if (!info->attrs[NL802154_ATTR_SEC_LEVEL] ||
20892145
llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL],
20902146
&sl) < 0)
@@ -2098,11 +2154,7 @@ static int nl802154_del_llsec_seclevel(struct sk_buff *skb,
20982154
#define NL802154_FLAG_NEED_NETDEV 0x02
20992155
#define NL802154_FLAG_NEED_RTNL 0x04
21002156
#define NL802154_FLAG_CHECK_NETDEV_UP 0x08
2101-
#define NL802154_FLAG_NEED_NETDEV_UP (NL802154_FLAG_NEED_NETDEV |\
2102-
NL802154_FLAG_CHECK_NETDEV_UP)
21032157
#define NL802154_FLAG_NEED_WPAN_DEV 0x10
2104-
#define NL802154_FLAG_NEED_WPAN_DEV_UP (NL802154_FLAG_NEED_WPAN_DEV |\
2105-
NL802154_FLAG_CHECK_NETDEV_UP)
21062158

21072159
static int nl802154_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
21082160
struct genl_info *info)

net/mac802154/llsec.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
152152
crypto_free_sync_skcipher(key->tfm0);
153153
err_tfm:
154154
for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
155-
if (key->tfm[i])
155+
if (!IS_ERR_OR_NULL(key->tfm[i]))
156156
crypto_free_aead(key->tfm[i]);
157157

158158
kfree_sensitive(key);

0 commit comments

Comments
 (0)