diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-07-22 19:05:19 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-07-22 19:05:19 +0000 |
commit | 1413678b0717fa8b5b598f0c55a8f42b9f983094 (patch) | |
tree | c3ae92cd27b95dd19018a24838f821d6523a5331 /package/kernel | |
parent | ea7c3bba1bce4364fb395d0b7fff0c1492209602 (diff) | |
download | master-187ad058-1413678b0717fa8b5b598f0c55a8f42b9f983094.tar.gz master-187ad058-1413678b0717fa8b5b598f0c55a8f42b9f983094.tar.bz2 master-187ad058-1413678b0717fa8b5b598f0c55a8f42b9f983094.zip |
mac80211: fix a null pointer deref when querying station info when rate control is not initialized (#17061)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41801 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/kernel')
-rw-r--r-- | package/kernel/mac80211/patches/300-pending_work.patch | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/package/kernel/mac80211/patches/300-pending_work.patch b/package/kernel/mac80211/patches/300-pending_work.patch index d6687b762d..ba05bde005 100644 --- a/package/kernel/mac80211/patches/300-pending_work.patch +++ b/package/kernel/mac80211/patches/300-pending_work.patch @@ -1,3 +1,18 @@ +commit 38695a6e5a940e6a524523b88a33916b016fb2a1 +Author: Felix Fietkau <nbd@openwrt.org> +Date: Fri Jul 11 12:06:18 2014 +0200 + + mac80211: fix crash on getting sta info with uninitialized rate control + + If the expected throughput is queried before rate control has been + initialized, the minstrel op for it will crash while trying to access + the rate table. + Check for WLAN_STA_RATE_CONTROL before attempting to use the rate + control op. + + Reported-by: Jean-Pierre Tosoni <jp.tosoni@acksys.fr> + Signed-off-by: Felix Fietkau <nbd@openwrt.org> + commit c0ee7fa4c0da824ccccc172bf175fb1f86540921 Author: Felix Fietkau <nbd@openwrt.org> Date: Wed Jul 16 18:00:31 2014 +0200 @@ -660,7 +675,7 @@ Date: Mon May 19 21:20:49 2014 +0200 } EXPORT_SYMBOL(ieee80211_sta_block_awake); -@@ -1703,3 +1723,137 @@ u8 sta_info_tx_streams(struct sta_info * +@@ -1703,3 +1723,140 @@ u8 sta_info_tx_streams(struct sta_info * return ((ht_cap->mcs.tx_params & IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK) >> IEEE80211_HT_MCS_TX_MAX_STREAMS_SHIFT) + 1; } @@ -669,12 +684,15 @@ Date: Mon May 19 21:20:49 2014 +0200 +{ + struct ieee80211_sub_if_data *sdata = sta->sdata; + struct ieee80211_local *local = sdata->local; -+ struct rate_control_ref *ref = local->rate_ctrl; ++ struct rate_control_ref *ref = NULL; + struct timespec uptime; + u64 packets = 0; + u32 thr = 0; + int i, ac; + ++ if (test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) ++ ref = local->rate_ctrl; ++ + sinfo->generation = sdata->local->sta_generation; + + sinfo->filled = STATION_INFO_INACTIVE_TIME | |