From patchwork Wed Jan 30 10:54:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siva Rebbagondla X-Patchwork-Id: 1035798 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="BBTLoMh9"; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43tNrN1vcZz9sDL; Mon, 4 Feb 2019 21:15:31 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gqbHe-0001vr-Pb; Mon, 04 Feb 2019 10:15:22 +0000 Received: from mail-pf1-f196.google.com ([209.85.210.196]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1gonW3-0004u5-Ug for kernel-team@lists.ubuntu.com; Wed, 30 Jan 2019 10:54:48 +0000 Received: by mail-pf1-f196.google.com with SMTP id w73so11228913pfk.10 for ; Wed, 30 Jan 2019 02:54:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Uh1L69tjtX1SEAtqRmWcivCMZYE5nNXmFbFkrT9AcVg=; b=BBTLoMh9W4Equ175bfJh2mB+ZzXalOKSLuNxz/kOrSJRTN6dtPWtqYoPQICMiDaY8Y cPYBWv29hwlVr8aTBy+aWRFGL2HsE2bNTd9ClZYR8Zo6ffh7Q73jDWHiyHGLqifxatDW t/6wQR4VAf++ysFRsWZ2D/MAACu+qb+N3og7RLyf0mLB6wAK+d8w5N23t82LREXmACVy JBWp9Ggae9oLr20zLBQ4khpPHVldgbIVIUOf1INwTuSciG57VF5W4MKOj9SZ8Nnclk06 wwoZN89Qn1lKOZdfLUBV9Jai2w2x2BOU7O577qxk7tTnjv1cJXmGm1ZteRLNntfDiOxS KAsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Uh1L69tjtX1SEAtqRmWcivCMZYE5nNXmFbFkrT9AcVg=; b=hYad26RQedMhKw3zKySUHQuZqCiMVH7NDTSIB14qhFcPDYXvVeVD0ilvECTHTTYURo t2YFCC96m7w5Twud8c5kQmSIc7EoloSsgW+zAdCRl5pc27twUtk5iDL64vi+yM6X2vWs jTStHOLDBthtU4uyesG6G8K3Llg4182NpeEsFEM0r2DYUD52ah3RgtTMXMJD6CWXYNpg QER+XSLub/npGXgYgwR9VraemzC2Ehy2teFRIoToyjHqRMP1iBZJejoOZLTDiS+k3UxD PW03tdjETFDS4o6jnDnucI/vt+QTJBqjWQ3tk/tIgDjiGiLZePLUnDoz4vQcdFNDTTOY qa0Q== X-Gm-Message-State: AJcUukehV1ENM+cilGkDMeVwDvXjJNOBa1TfBOPODSkvEHnBc6gg0Jx9 t9HTdCQjZ1GD2r0St0YodhMD12FSKVk1pQ== X-Google-Smtp-Source: ALg8bN7d1ZSpZnnfmSaqDfdeAk3EGY2uklvVoqU9om94blJuTJkOP8R3oalnXFkKb0kiofJvUSQ6FA== X-Received: by 2002:a62:d148:: with SMTP id t8mr30728780pfl.52.1548845685853; Wed, 30 Jan 2019 02:54:45 -0800 (PST) Received: from cpu459.localdomain ([203.196.161.90]) by smtp.gmail.com with ESMTPSA id r12sm1610881pgv.83.2019.01.30.02.54.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Jan 2019 02:54:45 -0800 (PST) From: Siva Rebbagondla To: kernel-team@lists.ubuntu.com Subject: [SRU Xenial] UBUNTU: SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash Date: Wed, 30 Jan 2019 16:24:17 +0530 Message-Id: <1548845657-7793-1-git-send-email-siva8118@gmail.com> X-Mailer: git-send-email 2.5.5 X-Mailman-Approved-At: Mon, 04 Feb 2019 10:15:22 +0000 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: krishna.pedda@redpinesignals.com, ganapathi.kondraju@redpinesignals.com, amol.hanwate@redpinesignals.com, Siva Rebbagondla , rishikesh.basu@redpinesignals.com MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Siva Rebbagondla BugLink: https://bugs.launchpad.net/bugs/1813869 When mac spoof is enabled in userspace and scan gets triggered with custom mac address, driver is not handling custom mac addresses properly and causing kernel crash. This could be fixed by copying custom mac addess to mac address. ...skipping... [ 49.130185] BUG: unable to handle kernel NULL pointer dereference at 0000000000000134 [ 49.138969] IP: [] rsi_prepare_mgmt_desc+0xd3/0x2d0 [ven_rsi_91x] [ 49.147555] PGD 0 [ 49.149799] Oops: 0000 [#1] SMP [ 49.244030] CPU: 0 PID: 31 Comm: kworker/u4:1 Not tainted 4.4.0-139-generic #165-Ubuntu [ 49.252988] Hardware name: Dell Inc. Edge Gateway 3001/, BIOS 01.00.00 04/17/2017 [ 49.261374] Workqueue: rsi_scan_worker rsi_scan_start [ven_rsi_91x] [ 49.357435] Stack: [ 49.359675] ffff88007542d7c0 ffff88005c290dd8 ffff880077894000 0000000000000000 [ 49.367971] ffff8800747aa640 ffff88006928a500 ffff8800785e7d78 ffffffffc0516457 [ 49.376267] 00000046785e7d48 ffff8800778950e0 ffff8800747aa640 ffff880075438000 [ 49.384561] Call Trace: [ 49.387307] [] rsi_send_probe_request+0x2c7/0x350 [ven_rsi_91x] [ 49.395784] [] rsi_scan_start+0x222/0x380 [ven_rsi_91x] [ 49.403486] [] ? __schedule+0x301/0x7f0 [ 49.409633] [] process_one_work+0x16b/0x490 [ 49.416164] [] worker_thread+0x4b/0x4d0 [ 49.422306] [] ? process_one_work+0x490/0x490 [ 49.429032] [] kthread+0xe7/0x100 [ 49.434589] [] ? __schedule+0x301/0x7f0 [ 49.440731] [] ? kthread_create_on_node+0x1e0/0x1e0 [ 49.448042] [] ret_from_fork+0x55/0x80 [ 49.454086] [] ? kthread_create_on_node+0x1e0/0x1e0 Signed-off-by: Siva Rebbagondla Acked-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza --- ubuntu/rsi/rsi_91x_mac80211.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ubuntu/rsi/rsi_91x_mac80211.c b/ubuntu/rsi/rsi_91x_mac80211.c index 78702ff24532..f6a075824e60 100644 --- a/ubuntu/rsi/rsi_91x_mac80211.c +++ b/ubuntu/rsi/rsi_91x_mac80211.c @@ -216,6 +216,19 @@ static struct reg_map rsi_caracalla_reg_db[MAX_REG_COUNTRIES] = { }; #endif +static int rsi_validate_mac_addr(struct rsi_common *common, u8 *addr_t) +{ + u8 addr[ETH_ALEN] = {0}; + + if (!memcmp(addr, addr_t, ETH_ALEN)) { + ven_rsi_dbg(ERR_ZONE, "%s: MAC addr is NULL\n", __func__); + return -1; + } else if (memcmp(common->mac_addr, addr_t, ETH_ALEN)) { + memcpy(common->mac_addr, addr_t, ETH_ALEN); + } + return 0; +} + struct ieee80211_vif *rsi_get_vif(struct rsi_hw *adapter, u8 *mac) { u8 i; @@ -375,6 +388,8 @@ static int rsi_mac80211_hw_scan_start(struct ieee80211_hw *hw, /* Scan already in progress. So return */ if (common->bgscan_en || common->scan_in_prog) return -EBUSY; + if (rsi_validate_mac_addr(common, vif->addr)) + return -ENODEV; cancel_work_sync(&common->scan_work); mutex_lock(&common->mutex); @@ -554,6 +569,13 @@ static void rsi_mac80211_tx(struct ieee80211_hw *hw, struct ieee80211_vif *vif = adapter->vifs[adapter->sc_nvifs - 1]; struct ieee80211_bss_conf *bss = &adapter->vifs[0]->bss_conf; +#ifndef CONFIG_VEN_RSI_P2P + if (rsi_validate_mac_addr(common, wlh->addr2)) { + ieee80211_free_txskb(common->priv->hw, skb); + return; + } +#endif + #ifdef CONFIG_VEN_RSI_WOW if (common->wow_flags & RSI_WOW_ENABLED) { ieee80211_free_txskb(common->priv->hw, skb);