lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251206173345.356068-1-dkarn@redhat.com>
Date: Sat,  6 Dec 2025 23:03:45 +0530
From: Deepakkumar Karn <dkarn@...hat.com>
To: johannes@...solutions.net
Cc: dkarn@...hat.com,
	linux-kernel@...r.kernel.org,
	linux-wireless@...r.kernel.org,
	shaul.triebitz@...el.com,
	syzbot+5bb5f06f99924ea0cf86@...kaller.appspotmail.com
Subject: Re: [PATCH] mac80211_hwsim: fix divide error in mac80211_hwsim_link_info_changed

> On Sat, 2025-12-06 at 04:33 +0530, Deepakkumar Karn wrote:
> > On Fri, 05 Dec 2025 18:39:49 +0100, Johannes Berg wrote:
> > > Seems like we should not let userspace do that, to protect all other
> > > drivers too, not just hwsim.
> >  
> > As suggested, we should provide a zero-value division check for other 
> > drivers as well. I will investigate other places where divide errors can 
> > occur due to edge cases.

> What, no no.

> > Please let me know if you meant something different. In the meantime,
> > I will analyze other drivers for similar cases.

> I did. My point is we shouldn't _have_ to check any drivers for this at
> all, it's nonsense and higher layers (here cfg80211) should reject it.

Thank you for your response Johannes. cfg80211 already have validation 
in cfg80211_validate_beacon_int(). The problem seems to occur in 
case of interface shutdown which calls ieee80211_do_stop() that makes 
beacon_int = 0 or set_tsf which causes divides by zero.

What if we:
1. Handle off-channel operation:

diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index ae82533e3c02..14a103d320e3 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -156,10 +156,12 @@ void ieee80211_offchannel_return(struct ieee80211_local *local)
 
                if (test_and_clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
                                       &sdata->state)) {
-                       sdata->vif.bss_conf.enable_beacon = true;
-                       ieee80211_link_info_change_notify(
-                               sdata, &sdata->deflink,
-                               BSS_CHANGED_BEACON_ENABLED);
+                       if (sdata->vif.bss_conf.beacon_int) {
+                               sdata->vif.bss_conf.enable_beacon = true;
+                               ieee80211_link_info_change_notify(
+                                       sdata, &sdata->deflink,
+                                       BSS_CHANGED_BEACON_ENABLED);
+                       }
                }
        }

2. Handle case where debugfs is written after shutdown or any race condition during disable beaconing:

diff --git a/drivers/net/wireless/virtual/mac80211_hwsim.c b/drivers/net/wireless/virtual/mac80211_hwsim.c
index 551f5eb4e747..8363cdd17a97 100644
--- a/drivers/net/wireless/virtual/mac80211_hwsim.c
+++ b/drivers/net/wireless/virtual/mac80211_hwsim.c
@@ -1242,7 +1242,7 @@ static void mac80211_hwsim_set_tsf(struct ieee80211_hw *hw,
        struct ieee80211_bss_conf *conf;
 
        conf = link_conf_dereference_protected(vif, data->link_data[0].link_id);
-       if (conf && !conf->enable_beacon)
+       if ((conf && !conf->enable_beacon) || !bcn_int)
                return;
 
        /* adjust after beaconing with new timestamp at old TBTT */

3. As other drivers already have beacon_int 0 value validation, consider 
   earlier patch along with above 2 points?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ