linux-next: manual merge of the wireless-next tree with the wireless tree

From: Stephen Rothwell
Date: Mon Sep 25 2023 - 22:20:24 EST

Next message: Muchun Song: "Re: [PATCH v6 8/8] hugetlb: batch TLB flushes when restoring vmemmap"
Previous message: Yikebaer Aizezi: "WARNING in btrfs_space_info_update_bytes_may_use"
In reply to: Johannes Berg: "Re: linux-next: manual merge of the wireless-next tree with the wireless tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

Today's linux-next merge of the wireless-next tree got a conflict in:

net/mac80211/key.c

between commits:

31db78a4923e ("wifi: mac80211: fix potential key use-after-free")
d097ae01ebd4 ("wifi: mac80211: fix potential key leak")

from the wireless tree and commit:

2a8b665e6bcc ("wifi: mac80211: remove key_mtx")

from the wireless-next tree.

I fixed it up (I think - see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging. You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.

--
Cheers,
Stephen Rothwell

diff --cc net/mac80211/key.c
index 0665ff5e456e,ac410f6632b5..000000000000
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@@ -881,21 -875,20 +880,22 @@@ int ieee80211_key_link(struct ieee80211

if (link_id >= 0) {
link_sta = rcu_dereference_protected(sta->link[link_id],
- lockdep_is_held(&sta->local->sta_mtx));
+ lockdep_is_held(&sta->local->hw.wiphy->mtx));
- if (!link_sta)
- return -ENOLINK;
+ if (!link_sta) {
+ ret = -ENOLINK;
+ goto out;
+ }
}

- old_key = key_mtx_dereference(sdata->local, link_sta->gtk[idx]);
+ old_key = wiphy_dereference(sdata->local->hw.wiphy,
+ link_sta->gtk[idx]);
} else {
if (idx < NUM_DEFAULT_KEYS)
- old_key = key_mtx_dereference(sdata->local,
- sdata->keys[idx]);
+ old_key = wiphy_dereference(sdata->local->hw.wiphy,
+ sdata->keys[idx]);
if (!old_key)
- old_key = key_mtx_dereference(sdata->local,
- link->gtk[idx]);
+ old_key = wiphy_dereference(sdata->local->hw.wiphy,
+ link->gtk[idx]);
}

/* Non-pairwise keys must also not switch the cipher on rekey */
@@@ -910,10 -901,10 +910,8 @@@
* Silently accept key re-installation without really installing the
* new version of the key to avoid nonce reuse or replay issues.
*/
-- if (ieee80211_key_identical(sdata, old_key, key)) {
- ret = -EALREADY;
- goto unlock;
- ieee80211_key_free_unused(key);
- return 0;
-- }
++ if (ieee80211_key_identical(sdata, old_key, key))
++ return -EALREADY;

key->local = sdata->local;
key->sdata = sdata;
@@@ -936,13 -927,6 +934,10 @@@
ieee80211_key_free(key, delay_tailroom);
}

+ key = NULL;
+
+ out:
+ ieee80211_key_free_unused(key);
- unlock:
- mutex_unlock(&sdata->local->key_mtx);
-
return ret;
}

Attachment: pgpzpoWMdNhFY.pgp
Description: OpenPGP digital signature

Next message: Muchun Song: "Re: [PATCH v6 8/8] hugetlb: batch TLB flushes when restoring vmemmap"
Previous message: Yikebaer Aizezi: "WARNING in btrfs_space_info_update_bytes_may_use"
In reply to: Johannes Berg: "Re: linux-next: manual merge of the wireless-next tree with the wireless tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]