• Jouni Malinen's avatar
    mac80211: Fix debugfs union misuse and pointer corruption · 2b58b209
    Jouni Malinen authored
    debugfs union in struct ieee80211_sub_if_data is misused by including a
    common default_key dentry as a union member. This ends occupying the same
    memory area with the first dentry in other union members (structures;
    usually drop_unencrypted). Consequently, debugfs operations on
    default_key symlinks and drop_unencrypted entry are using the same
    dentry pointer even though they are supposed to be separate ones. This
    can lead to removing entries incorrectly or potentially leaving
    something behind since one of the dentry pointers gets lost.
    
    Fix this by moving the default_key dentry to a new struct
    (common_debugfs) that contains dentries (more to be added in future)
    that are shared by all vif types. The debugfs union must only be used
    for vif type-specific entries to avoid this type of pointer corruption.
    Signed-off-by: default avatarJouni Malinen <jouni.malinen@atheros.com>
    Acked-by: default avatarJohannes Berg <johannes@sipsolutions.net>
    Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    2b58b209
ieee80211_i.h 27.8 KB