linux/net/wireless
Johannes Berg 3a5a423bb9 nl80211: fix attrbuf access race by allocating a separate one
Since my commit 3713b4e364 ("nl80211: allow splitting wiphy
information in dumps"), nl80211_dump_wiphy() uses the global
nl80211_fam.attrbuf for parsing the incoming data. This wouldn't
be a problem if it only did so on the first dump iteration which
is locked against other commands in generic netlink, but due to
space constraints in cb->args (the needed state doesn't fit) I
decided to always parse the original message. That's racy though
since nl80211_fam.attrbuf could be used by some other parsing in
generic netlink concurrently.

For now, fix this by allocating a separate parse buffer (it's a
bit too big for the stack, currently 1448 bytes on 64-bit). For
-next, I'll change the code to parse into the global buffer in
the first round only and then allocate a smaller buffer to keep
the data in cb->args.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-06-19 18:31:20 +02:00
..
.gitignore wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
ap.c cfg80211: move exported event functions into nl80211 2013-03-06 16:35:46 +01:00
chan.c cfg80211: allow drivers to selectively disable 80/160 MHz 2013-02-15 09:41:38 +01:00
core.c cfg80211: fix interface down/disconnect state handling 2013-05-16 22:38:08 +02:00
core.h cfg80211: introduce critical protocol indication from user-space 2013-04-22 15:48:00 +02:00
db.txt wireless: support internal statically compiled regulatory database 2009-12-21 18:56:10 -05:00
debugfs.c simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
debugfs.h
ethtool.c ethtool: fix drvinfo strings set in drivers 2013-01-06 21:06:31 -08:00
ethtool.h
genregdb.awk cfg80211: relicense reg.c reg.h and genregdb.awk to ISC 2012-01-04 14:30:41 -05:00
ibss.c cfg80211: pass wiphy to cfg80211_ref_bss/put_bss 2013-02-11 18:44:52 +01:00
Kconfig lib80211: hide Kconfig symbol 2012-11-16 14:29:09 -05:00
lib80211_crypt_ccmp.c hostap: Don't use create_proc_read_entry() 2013-04-29 15:41:56 -04:00
lib80211_crypt_tkip.c hostap: Don't use create_proc_read_entry() 2013-04-29 15:41:56 -04:00
lib80211_crypt_wep.c hostap: Don't use create_proc_read_entry() 2013-04-29 15:41:56 -04:00
lib80211.c lib80211: remove exports for functions not called by other modules 2011-08-09 15:42:36 -04:00
Makefile cfg80211: add tracing to rdev-ops 2012-10-18 10:53:37 +02:00
mesh.c nl80211: explicit userspace MPM 2013-03-06 16:36:11 +01:00
mlme.c cfg80211: introduce critical protocol indication from user-space 2013-04-22 15:48:00 +02:00
nl80211.c nl80211: fix attrbuf access race by allocating a separate one 2013-06-19 18:31:20 +02:00
nl80211.h cfg80211: move exported event functions into nl80211 2013-03-06 16:35:46 +01:00
radiotap.c wireless: add radiotap A-MPDU status field 2012-08-20 13:53:09 +02:00
rdev-ops.h cfg80211: introduce critical protocol indication from user-space 2013-04-22 15:48:00 +02:00
reg.c wireless: regulatory: fix channel disabling race condition 2013-04-16 15:25:46 +02:00
reg.h regulatory: use RCU to protect global and wiphy regdomains 2013-01-03 13:01:29 +01:00
regdb.h cfg80211: relicense reg.c reg.h and genregdb.awk to ISC 2012-01-04 14:30:41 -05:00
scan.c cfg80211: always check for scan end on P2P device 2013-03-24 11:15:58 +01:00
sme.c cfg80211: check wdev->netdev in connection work 2013-05-23 18:12:38 +02:00
sysfs.c cfg80211/mac80211: disconnect on suspend 2013-03-06 16:35:55 +01:00
sysfs.h
trace.c cfg80211: add tracing to rdev-ops 2012-10-18 10:53:37 +02:00
trace.h cfg80211: fix WoWLAN wakeup tracing 2013-05-16 22:38:03 +02:00
util.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem 2013-04-24 10:54:20 -04:00
wext-compat.c wext: explicitly cast -110 to u8 2012-12-07 11:58:26 +01:00
wext-compat.h cfg80211: remove unused wext handler exports 2011-08-08 14:26:29 -04:00
wext-core.c wext: include wireless event id when it has a size problem 2012-09-05 16:12:44 +02:00
wext-priv.c wext: fix potential private ioctl memory content leak 2010-09-20 13:41:40 -04:00
wext-proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
wext-sme.c cfg80211: always check for scan end on P2P device 2013-03-24 11:15:58 +01:00
wext-spy.c wireless: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:19 -04:00