Please check whether an unlock is missing on line 3009-3013.
[shafi] thanks Julia for catching it early, disappointed with myself for missing
the straight forward unlock :-(
if (WARN_ON(!sta)) {
mutex_unlock(&sdata->local->sta_mtx);
ret = false;
goto out;
}
sband = ieee80211_get_sband(sdata);
if (!sband) {
ret = false;
goto out;
}
---------- Forwarded message ----------
Date: Fri, 28 Apr 2017 14:04:47 +0800
From: kbuild test robot <fengguang.wu@xxxxxxxxx>
To: kbuild@xxxxxx
Cc: Julia Lawall <julia.lawall@xxxxxxx>
Subject: Re: [PATCH] mac80211: Fix possible sband related NULL pointer
de-reference
In-Reply-To: <1493277338-25726-1-git-send-email-mohammed@xxxxxxxxxxxxxxxx>
Hi Mohammed,
[auto build test WARNING on mac80211/master]
[also build test WARNING on v4.11-rc8 next-20170427]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Mohammed-Shafi-Shajakhan/mac80211-Fix-possible-sband-related-NULL-pointer-de-reference/20170428-120425
base: https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git master
:::::: branch date: 2 hours ago
:::::: commit date: 2 hours ago
>> net/mac80211/mlme.c:3120:1-7: preceding lock on line 2997
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 4b2b8c708017f5d2569fc5d9e7a76c6c1b08dd8c
vim +3120 net/mac80211/mlme.c
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 2991 sdata_info(sdata,
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 2992 "VHT AP is missing VHT capability/operation\n");
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 2993 ret = false;
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 2994 goto out;
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 2995 }
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 2996
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 @2997 mutex_lock(&sdata->local->sta_mtx);
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 2998 /*
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 2999 * station info was already allocated and inserted before
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 3000 * the association and should be available to us
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 3001 */
7852e3618 net/mac80211/mlme.c Johannes Berg 2012-01-20 3002 sta = sta_info_get(sdata, cbss->bssid);
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 3003 if (WARN_ON(!sta)) {
2a33bee27 net/mac80211/mlme.c Guy Eilam 2011-08-17 3004 mutex_unlock(&sdata->local->sta_mtx);
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3005 ret = false;
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3006 goto out;
f0706e828 net/mac80211/ieee80211_sta.c Jiri Benc 2007-05-05 3007 }
f0706e828 net/mac80211/ieee80211_sta.c Jiri Benc 2007-05-05 3008
4b2b8c708 net/mac80211/mlme.c Mohammed Shafi Shajakhan 2017-04-27 3009 sband = ieee80211_get_sband(sdata);
4b2b8c708 net/mac80211/mlme.c Mohammed Shafi Shajakhan 2017-04-27 3010 if (!sband) {
4b2b8c708 net/mac80211/mlme.c Mohammed Shafi Shajakhan 2017-04-27 3011 ret = false;
4b2b8c708 net/mac80211/mlme.c Mohammed Shafi Shajakhan 2017-04-27 3012 goto out;
4b2b8c708 net/mac80211/mlme.c Mohammed Shafi Shajakhan 2017-04-27 3013 }
f709fc696 net/mac80211/ieee80211_sta.c Luis Carlos Cobo 2008-02-23 3014
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3015 /* Set up internal HT/VHT capabilities */
a8243b724 net/mac80211/mlme.c Johannes Berg 2012-11-22 3016 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
ef96a8420 net/mac80211/mlme.c Ben Greear 2011-11-18 3017 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
e1a0c6b3a net/mac80211/mlme.c Johannes Berg 2013-02-07 3018 elems.ht_cap_elem, sta);
64f68e5d1 net/mac80211/mlme.c Johannes Berg 2012-03-28 3019
818255ea4 net/mac80211/mlme.c Mahesh Palivela 2012-10-10 3020 if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
818255ea4 net/mac80211/mlme.c Mahesh Palivela 2012-10-10 3021 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
4a34215ef net/mac80211/mlme.c Johannes Berg 2013-02-07 3022 elems.vht_cap_elem, sta);
818255ea4 net/mac80211/mlme.c Mahesh Palivela 2012-10-10 3023
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3024 /*
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3025 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3026 * in their association response, so ignore that data for our own
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3027 * configuration. If it changed since the last beacon, we'll get the
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3028 * next beacon and update then.
30eb1dc2c net/mac80211/mlme.c Johannes Berg 2013-02-08 3029 */
1128958dc net/mac80211/mlme.c Johannes Berg 2013-02-07 3030
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3031 /*
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3032 * If an operating mode notification IE is present, override the
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3033 * NSS calculation (that would be done in rate_control_rate_init())
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3034 * and use the # of streams from that element.
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3035 */
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3036 if (elems.opmode_notif &&
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3037 !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3038 u8 nss;
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3039
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3040 nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3041 nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3042 nss += 1;
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3043 sta->sta.rx_nss = nss;
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3044 }
bee7f5869 net/mac80211/mlme.c Johannes Berg 2013-02-07 3045
4b7679a56 net/mac80211/mlme.c Johannes Berg 2008-09-18 3046 rate_control_rate_init(sta);
f0706e828 net/mac80211/ieee80211_sta.c Jiri Benc 2007-05-05 3047
93f0490e5 net/mac80211/mlme.c Tamizh chelvam 2015-10-07 3048 if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED) {
c2c98fdeb net/mac80211/mlme.c Johannes Berg 2011-09-29 3049 set_sta_flag(sta, WLAN_STA_MFP);
93f0490e5 net/mac80211/mlme.c Tamizh chelvam 2015-10-07 3050 sta->sta.mfp = true;
93f0490e5 net/mac80211/mlme.c Tamizh chelvam 2015-10-07 3051 } else {
93f0490e5 net/mac80211/mlme.c Tamizh chelvam 2015-10-07 3052 sta->sta.mfp = false;
93f0490e5 net/mac80211/mlme.c Tamizh chelvam 2015-10-07 3053 }
5394af4d8 net/mac80211/mlme.c Jouni Malinen 2009-01-08 3054
527871d72 net/mac80211/mlme.c Johannes Berg 2015-03-21 3055 sta->sta.wme = elems.wmm_param && local->hw.queues >= IEEE80211_NUM_ACS;
ddf4ac53f net/mac80211/mlme.c Johannes Berg 2008-10-22 3056
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3057 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3058 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3059 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3060 if (err) {
bdcbd8e0e net/mac80211/mlme.c Johannes Berg 2012-06-22 3061 sdata_info(sdata,
bdcbd8e0e net/mac80211/mlme.c Johannes Berg 2012-06-22 3062 "failed to move station %pM to desired state\n",
bdcbd8e0e net/mac80211/mlme.c Johannes Berg 2012-06-22 3063 sta->sta.addr);
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3064 WARN_ON(__sta_info_destroy(sta));
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3065 mutex_unlock(&sdata->local->sta_mtx);
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3066 ret = false;
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3067 goto out;
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3068 }
c8987876e net/mac80211/mlme.c Johannes Berg 2012-01-20 3069
7852e3618 net/mac80211/mlme.c Johannes Berg 2012-01-20 3070 mutex_unlock(&sdata->local->sta_mtx);
ddf4ac53f net/mac80211/mlme.c Johannes Berg 2008-10-22 3071
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3072 /*
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3073 * Always handle WMM once after association regardless
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3074 * of the first value the AP uses. Setting -1 here has
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3075 * that effect because the AP values is an unsigned
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3076 * 4-bit value.
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3077 */
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3078 ifmgd->wmm_last_param_set = -1;
f2176d724 net/mac80211/mlme.c Juuso Oikarinen 2010-09-28 3079
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3080 if (ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
cec662835 net/mac80211/mlme.c Johannes Berg 2015-10-22 3081 ieee80211_set_wmm_default(sdata, false, false);
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3082 } else if (!ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3083 elems.wmm_param_len)) {
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3084 /* still enable QoS since we might have HT/VHT */
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3085 ieee80211_set_wmm_default(sdata, false, true);
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3086 /* set the disable-WMM flag in this case to disable
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3087 * tracking WMM parameter changes in the beacon if
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3088 * the parameters weren't actually valid. Doing so
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3089 * avoids changing parameters very strangely when
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3090 * the AP is going back and forth between valid and
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3091 * invalid parameters.
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3092 */
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3093 ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
2ed77ea69 net/mac80211/mlme.c Johannes Berg 2015-10-22 3094 }
3abead59f net/mac80211/mlme.c Johannes Berg 2012-03-02 3095 changed |= BSS_CHANGED_QOS;
f0706e828 net/mac80211/ieee80211_sta.c Jiri Benc 2007-05-05 3096
60f8b39c9 net/mac80211/mlme.c Johannes Berg 2008-09-08 3097 /* set AID and assoc capability,
60f8b39c9 net/mac80211/mlme.c Johannes Berg 2008-09-08 3098 * ieee80211_set_associated() will tell the driver */
60f8b39c9 net/mac80211/mlme.c Johannes Berg 2008-09-08 3099 bss_conf->aid = aid;
60f8b39c9 net/mac80211/mlme.c Johannes Berg 2008-09-08 3100 bss_conf->assoc_capability = capab_info;
0c1ad2cac net/mac80211/mlme.c Johannes Berg 2009-12-23 3101 ieee80211_set_associated(sdata, cbss, changed);
a607268a0 net/mac80211/ieee80211_sta.c Bruno Randolf 2008-02-18 3102
15b7b0629 net/mac80211/mlme.c Kalle Valo 2009-03-22 3103 /*
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3104 * If we're using 4-addr mode, let the AP know that we're
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3105 * doing so, so that it can create the STA VLAN on its side
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3106 */
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3107 if (ifmgd->use_4addr)
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3108 ieee80211_send_4addr_nullfunc(local, sdata);
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3109
d524215f6 net/mac80211/mlme.c Felix Fietkau 2010-01-08 3110 /*
b291ba111 net/mac80211/mlme.c Johannes Berg 2009-07-10 3111 * Start timer to probe the connection to the AP now.
b291ba111 net/mac80211/mlme.c Johannes Berg 2009-07-10 3112 * Also start the timer that will detect beacon loss.
15b7b0629 net/mac80211/mlme.c Kalle Valo 2009-03-22 3113 */
b291ba111 net/mac80211/mlme.c Johannes Berg 2009-07-10 3114 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
d3a910a8e net/mac80211/mlme.c Luis R. Rodriguez 2010-09-16 3115 ieee80211_sta_reset_beacon_monitor(sdata);
15b7b0629 net/mac80211/mlme.c Kalle Valo 2009-03-22 3116
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3117 ret = true;
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3118 out:
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 3119 kfree(bss_ies);
35d865afb net/mac80211/mlme.c Johannes Berg 2013-05-28 @3120 return ret;
a607268a0 net/mac80211/ieee80211_sta.c Bruno Randolf 2008-02-18 3121 }
a607268a0 net/mac80211/ieee80211_sta.c Bruno Randolf 2008-02-18 3122
8d61ffa5e net/mac80211/mlme.c Johannes Berg 2013-05-10 3123 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
:::::: The code at line 3120 was first introduced by commit
:::::: 35d865afbbdf79e492f7d61df92b1a9e1d93d26f mac80211: work around broken APs not including HT info
:::::: TO: Johannes Berg <johannes.berg@xxxxxxxxx>
:::::: CC: Johannes Berg <johannes.berg@xxxxxxxxx>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
