cfg80211: size various nl80211 messages correctly

Ilan reported that sometimes nl80211 messages weren't working if the frames being transported got very large, which was really a problem for userspace-to-kernel messages, but prompted me to look at the code. Upon review, I found various places where variable-length data is transported in an nl80211 message but the message isn't allocated taking that into account. This shouldn't cause any problems since the frames aren't really that long, apart in one place where two (possibly very long frames) might not fit. Fix all the places (that I found) that get variable length data from the driver and put it into a message to take the length of the variable data into account. The 100 there is just a safe constant for the remaining message overhead (it's usually around 50 for most messages.) Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2017-01-09 05:10:42 -0500
committer: Johannes Berg <johannes.berg@intel.com> 2017-01-09 07:08:21 -0500
commit: 4ef8c1c93f848e360754f10eb2e7134c872b6597 (patch)
tree: 660da7459953039341b3a597618f7a7e483f6f18 /net/wireless
parent: 9b8e34e211b15af429b72388a8f2b3b1823d172e (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 23692658fe98..fed33ec20a71 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -13018,7 +13018,7 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
        struct sk_buff *msg;
        void *hdr;
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+        msg = nlmsg_new(100 + len, gfp);
        if (!msg)
                return;
@@ -13170,7 +13170,7 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
        struct sk_buff *msg;
        void *hdr;
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+        msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
        if (!msg)
                return;
@@ -13212,7 +13212,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
        struct sk_buff *msg;
        void *hdr;
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+        msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
        if (!msg)
                return;
@@ -13249,7 +13249,7 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
        struct sk_buff *msg;
        void *hdr;
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+        msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
        if (!msg)
                return;
@@ -13325,7 +13325,7 @@ void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
        trace_cfg80211_notify_new_peer_candidate(dev, addr);
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+        msg = nlmsg_new(100 + ie_len, gfp);
        if (!msg)
                return;
@@ -13696,7 +13696,7 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
        struct sk_buff *msg;
        void *hdr;
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+        msg = nlmsg_new(100 + len, gfp);
        if (!msg)
                return -ENOMEM;
@@ -13740,7 +13740,7 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
        trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+        msg = nlmsg_new(100 + len, gfp);
        if (!msg)
                return;
@@ -14551,7 +14551,7 @@ void cfg80211_ft_event(struct net_device *netdev,
        if (!ft_event->target_ap)
                return;
-        msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+        msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
        if (!msg)
                return;
author	Johannes Berg <johannes.berg@intel.com>	2017-01-09 05:10:42 -0500
committer	Johannes Berg <johannes.berg@intel.com>	2017-01-09 07:08:21 -0500
commit	4ef8c1c93f848e360754f10eb2e7134c872b6597 (patch)
tree	660da7459953039341b3a597618f7a7e483f6f18 /net/wireless
parent	9b8e34e211b15af429b72388a8f2b3b1823d172e (diff)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 23692658fe98..fed33ec20a71 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c
@@ -13018,7 +13018,7 @@ static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
13018	struct sk_buff *msg;	13018	struct sk_buff *msg;
13019	void *hdr;	13019	void *hdr;
13020		13020
13021	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);	13021	msg = nlmsg_new(100 + len, gfp);
13022	if (!msg)	13022	if (!msg)
13023	return;	13023	return;
13024		13024
@@ -13170,7 +13170,7 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
13170	struct sk_buff *msg;	13170	struct sk_buff *msg;
13171	void *hdr;	13171	void *hdr;
13172		13172
13173	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);	13173	msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
13174	if (!msg)	13174	if (!msg)
13175	return;	13175	return;
13176		13176
@@ -13212,7 +13212,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
13212	struct sk_buff *msg;	13212	struct sk_buff *msg;
13213	void *hdr;	13213	void *hdr;
13214		13214
13215	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);	13215	msg = nlmsg_new(100 + req_ie_len + resp_ie_len, gfp);
13216	if (!msg)	13216	if (!msg)
13217	return;	13217	return;
13218		13218
@@ -13249,7 +13249,7 @@ void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
13249	struct sk_buff *msg;	13249	struct sk_buff *msg;
13250	void *hdr;	13250	void *hdr;
13251		13251
13252	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);	13252	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
13253	if (!msg)	13253	if (!msg)
13254	return;	13254	return;
13255		13255
@@ -13325,7 +13325,7 @@ void cfg80211_notify_new_peer_candidate(struct net_device dev, const u8 addr,
13325		13325
13326	trace_cfg80211_notify_new_peer_candidate(dev, addr);	13326	trace_cfg80211_notify_new_peer_candidate(dev, addr);
13327		13327
13328	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);	13328	msg = nlmsg_new(100 + ie_len, gfp);
13329	if (!msg)	13329	if (!msg)
13330	return;	13330	return;
13331		13331
@@ -13696,7 +13696,7 @@ int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
13696	struct sk_buff *msg;	13696	struct sk_buff *msg;
13697	void *hdr;	13697	void *hdr;
13698		13698
13699	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);	13699	msg = nlmsg_new(100 + len, gfp);
13700	if (!msg)	13700	if (!msg)
13701	return -ENOMEM;	13701	return -ENOMEM;
13702		13702
@@ -13740,7 +13740,7 @@ void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
13740		13740
13741	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);	13741	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
13742		13742
13743	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);	13743	msg = nlmsg_new(100 + len, gfp);
13744	if (!msg)	13744	if (!msg)
13745	return;	13745	return;
13746		13746
@@ -14551,7 +14551,7 @@ void cfg80211_ft_event(struct net_device *netdev,
14551	if (!ft_event->target_ap)	14551	if (!ft_event->target_ap)
14552	return;	14552	return;
14553		14553
14554	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);	14554	msg = nlmsg_new(100 + ft_event->ric_ies_len, GFP_KERNEL);
14555	if (!msg)	14555	if (!msg)
14556	return;	14556	return;
14557		14557