lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7d2a4fa708a6681fb5c17ae8420ccf762b3e83bb.camel@sipsolutions.net>
Date: Mon, 19 Jan 2026 14:20:18 +0100
From: Johannes Berg <johannes@...solutions.net>
To: Arnav Kapoor <kapoorarnav43@...il.com>
Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, 
	syzbot+15f88dfa580000@...kaller.appspotmail.com, Arnav Rawat
	 <arnavrawat2000@...il.com>
Subject: Re: [PATCH] mac80211: Fix WARNING in drv_get_tsf debugfs access

On Mon, 2026-01-19 at 03:03 +0530, Arnav Kapoor wrote:
> The debugfs tsf read function was calling drv_get_tsf() even when the
> interface was not registered with the driver, causing a WARN_ON to be
> triggered. This is inappropriate for debugfs access.
> 
> Fix this by checking the IEEE80211_SDATA_IN_DRIVER flag in the debugfs
> read function and returning -1ULL directly when the interface is not
> in the driver, avoiding the warning.
> 
> Reported-by: syzbot+15f88dfa580000@...kaller.appspotmail.com
> Signed-off-by: Arnav Rawat <arnavrawat2000@...il.com>
> ---
>  net/mac80211/debugfs_netdev.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
> index 30a5a978a..669e7c519 100644
> --- a/net/mac80211/debugfs_netdev.c
> +++ b/net/mac80211/debugfs_netdev.c
> @@ -656,7 +656,10 @@ static ssize_t ieee80211_if_fmt_tsf(
>  	struct ieee80211_local *local = sdata->local;
>  	u64 tsf;
>  
> -	tsf = drv_get_tsf(local, (struct ieee80211_sub_if_data *)sdata);
> +	if (!(sdata->flags & IEEE80211_SDATA_IN_DRIVER))
> +		tsf = -1ULL;
> +	else
> +		tsf = drv_get_tsf(local, (struct ieee80211_sub_if_data *)sdata);


Seems like we could get rid of the pointless cast, while changing it
anyway.

Also seems we should do it for all the debugfs files?

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ