aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2014-07-22 19:05:19 +0000
committerFelix Fietkau <nbd@openwrt.org>2014-07-22 19:05:19 +0000
commit1413678b0717fa8b5b598f0c55a8f42b9f983094 (patch)
treec3ae92cd27b95dd19018a24838f821d6523a5331
parentea7c3bba1bce4364fb395d0b7fff0c1492209602 (diff)
downloadmaster-187ad058-1413678b0717fa8b5b598f0c55a8f42b9f983094.tar.gz
master-187ad058-1413678b0717fa8b5b598f0c55a8f42b9f983094.tar.bz2
master-187ad058-1413678b0717fa8b5b598f0c55a8f42b9f983094.zip
mac80211: fix a null pointer deref when querying station info when rate control is not initialized (#17061)
Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41801 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/kernel/mac80211/patches/300-pending_work.patch22
1 files changed, 20 insertions, 2 deletions
diff --git a/package/kernel/mac80211/patches/300-pending_work.patch b/package/kernel/mac80211/patches/300-pending_work.patch
index d6687b762d..ba05bde005 100644
--- a/package/kernel/mac80211/patches/300-pending_work.patch
+++ b/package/kernel/mac80211/patches/300-pending_work.patch
@@ -1,3 +1,18 @@
+commit 38695a6e5a940e6a524523b88a33916b016fb2a1
+Author: Felix Fietkau <nbd@openwrt.org>
+Date: Fri Jul 11 12:06:18 2014 +0200
+
+ mac80211: fix crash on getting sta info with uninitialized rate control
+
+ If the expected throughput is queried before rate control has been
+ initialized, the minstrel op for it will crash while trying to access
+ the rate table.
+ Check for WLAN_STA_RATE_CONTROL before attempting to use the rate
+ control op.
+
+ Reported-by: Jean-Pierre Tosoni <jp.tosoni@acksys.fr>
+ Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
commit c0ee7fa4c0da824ccccc172bf175fb1f86540921
Author: Felix Fietkau <nbd@openwrt.org>
Date: Wed Jul 16 18:00:31 2014 +0200
@@ -660,7 +675,7 @@ Date: Mon May 19 21:20:49 2014 +0200
}
EXPORT_SYMBOL(ieee80211_sta_block_awake);
-@@ -1703,3 +1723,137 @@ u8 sta_info_tx_streams(struct sta_info *
+@@ -1703,3 +1723,140 @@ u8 sta_info_tx_streams(struct sta_info *
return ((ht_cap->mcs.tx_params & IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK)
>> IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT) + 1;
}
@@ -669,12 +684,15 @@ Date: Mon May 19 21:20:49 2014 +0200
+{
+ struct ieee80211_sub_if_data *sdata = sta->sdata;
+ struct ieee80211_local *local = sdata->local;
-+ struct rate_control_ref *ref = local->rate_ctrl;
++ struct rate_control_ref *ref = NULL;
+ struct timespec uptime;
+ u64 packets = 0;
+ u32 thr = 0;
+ int i, ac;
+
++ if (test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
++ ref = local->rate_ctrl;
++
+ sinfo->generation = sdata->local->sta_generation;
+
+ sinfo->filled = STATION_INFO_INACTIVE_TIME |