wifi: cfg80211: update hidden BSSes to avoid WARN_ON

When updating beacon elements in a non-transmitted BSS,
also update the hidden sub-entries to the same beacon
elements, so that a future update through other paths
won't trigger a WARN_ON().

The warning is triggered because the beacon elements in
the hidden BSSes that are children of the BSS should
always be the same as in the parent.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb8235b ("cfg80211: Parsing of Multiple BSSID information in scanning")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg 2022-10-05 23:11:43 +02:00
Родитель b2d03cabe2
Коммит c90b93b5b7
1 изменённых файлов: 20 добавлений и 11 удалений

Просмотреть файл

@ -1607,6 +1607,23 @@ struct cfg80211_non_tx_bss {
u8 bssid_index; u8 bssid_index;
}; };
static void cfg80211_update_hidden_bsses(struct cfg80211_internal_bss *known,
const struct cfg80211_bss_ies *new_ies,
const struct cfg80211_bss_ies *old_ies)
{
struct cfg80211_internal_bss *bss;
/* Assign beacon IEs to all sub entries */
list_for_each_entry(bss, &known->hidden_list, hidden_list) {
const struct cfg80211_bss_ies *ies;
ies = rcu_access_pointer(bss->pub.beacon_ies);
WARN_ON(ies != old_ies);
rcu_assign_pointer(bss->pub.beacon_ies, new_ies);
}
}
static bool static bool
cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, cfg80211_update_known_bss(struct cfg80211_registered_device *rdev,
struct cfg80211_internal_bss *known, struct cfg80211_internal_bss *known,
@ -1630,7 +1647,6 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev,
kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
} else if (rcu_access_pointer(new->pub.beacon_ies)) { } else if (rcu_access_pointer(new->pub.beacon_ies)) {
const struct cfg80211_bss_ies *old; const struct cfg80211_bss_ies *old;
struct cfg80211_internal_bss *bss;
if (known->pub.hidden_beacon_bss && if (known->pub.hidden_beacon_bss &&
!list_empty(&known->hidden_list)) { !list_empty(&known->hidden_list)) {
@ -1658,16 +1674,7 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev,
if (old == rcu_access_pointer(known->pub.ies)) if (old == rcu_access_pointer(known->pub.ies))
rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies); rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies);
/* Assign beacon IEs to all sub entries */ cfg80211_update_hidden_bsses(known, new->pub.beacon_ies, old);
list_for_each_entry(bss, &known->hidden_list, hidden_list) {
const struct cfg80211_bss_ies *ies;
ies = rcu_access_pointer(bss->pub.beacon_ies);
WARN_ON(ies != old);
rcu_assign_pointer(bss->pub.beacon_ies,
new->pub.beacon_ies);
}
if (old) if (old)
kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
@ -2360,6 +2367,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy,
} else { } else {
old = rcu_access_pointer(nontrans_bss->beacon_ies); old = rcu_access_pointer(nontrans_bss->beacon_ies);
rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies); rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies);
cfg80211_update_hidden_bsses(bss_from_pub(nontrans_bss),
new_ies, old);
rcu_assign_pointer(nontrans_bss->ies, new_ies); rcu_assign_pointer(nontrans_bss->ies, new_ies);
if (old) if (old)
kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);