Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3312551imu; Sun, 11 Nov 2018 12:08:48 -0800 (PST) X-Google-Smtp-Source: AJdET5dwgwS+wIKof29x1GON6ILOB1zHy8r3T1jzK2DYFSR5Gw+a1+cNmjzz1hTP5iUBeBBMl6GA X-Received: by 2002:aa7:8603:: with SMTP id p3-v6mr17497631pfn.247.1541966928532; Sun, 11 Nov 2018 12:08:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541966928; cv=none; d=google.com; s=arc-20160816; b=GxhLRdBtCNxtHxJfwb0t4+oUT0SBrbY/escu385WHVCYXio7mQYrqP4LOy6FpGOwNH 4ARPefBFjNiVke97zi7ySHJvBWmDrpc50HhDnYc2Hw/pBYgLjyfI/sVPIBwOTpZUl+AL tsX4N0Eza2q8ROslYpPLrAlVBrVmEIJeqMmP0fdEuqpIU+P7OAjBzWYBmpBQkTzxg34P 7XSMIFuIA0CpXJg6qa0r4I34DSyH2+JG31H8mrw3ngaBH9obelQ5zXffVCnYQp8qH1VB Fx9S8JU/5I/6wYz1W2yfkqT2F24RPOdlmN2H6OTORoymGDmU9roJFlNnS54yqh2Dg/nG iDVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=xKsZwaSgnAjEYESJ/2FSAPRz8yuEcwcSNabGTcNFqQQ=; b=KpKPg5GtLn5I9i/Xxi0rlA0Sw1mXlwFtrrRNfI0vqMc9Rc6WRzYZpqcP4Dc9FJJy0C xkahxbEBpJaIXbNQqpIm6ywQ90U/cUfB1pRszGHykow0iNqpyaiR3D9siV5mq0Wg+dgW fb84+AlZMUP+TtpwTdTNmbgWiX6TFvhqQGmRzTndHD46N3asKrhG7aEPPBh+5lYySMEw hqk2HcAuyFA0Y3mX+hvVkpF6MgQJh5wvB8aOEf4M9mIXx6jaPqd34VTEGbcn73EGkoat KtNK6/4fEcEvyPhCn2a6wpP/71CFRp5rOumBZXN3i+ly6gYXoaxIqkkRttZD2bXclHFu cFOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p82-v6si16232396pfi.12.2018.11.11.12.08.33; Sun, 11 Nov 2018 12:08:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731626AbeKLF5m (ORCPT + 99 others); Mon, 12 Nov 2018 00:57:42 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:52260 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730868AbeKLF5l (ORCPT ); Mon, 12 Nov 2018 00:57:41 -0500 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvt0-0000l8-Nm; Sun, 11 Nov 2018 19:59:10 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsS-0001YK-C4; Sun, 11 Nov 2018 19:58:36 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, b.a.t.m.a.n@lists.open-mesh.org, "Sven Eckelmann" , "Marcel Schmidt" , "Johannes Berg" , "Thomas Lauer" Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 142/366] cfg80211: initialize sinfo in cfg80211_get_station In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann commit 3c12d0486856b9eb89c2a9ac336713cba90813e3 upstream. Most of the implementations behind cfg80211_get_station will not initialize sinfo to zero before manipulating it. For example, the member "filled", which indicates the filled in parts of this struct, is often only modified by enabling certain bits in the bitfield while keeping the remaining bits in their original state. A caller without a preinitialized sinfo.filled can then no longer decide which parts of sinfo were filled in by cfg80211_get_station (or actually the underlying implementations). cfg80211_get_station must therefore take care that sinfo is initialized to zero. Otherwise, the caller may tries to read information which was not filled in and which must therefore also be considered uninitialized. In batadv_v_elp_get_throughput's case, an invalid "random" expected throughput may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may switch to non-optimal neighbors for certain destinations. Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API") Reported-by: Thomas Lauer Reported-by: Marcel Schmidt Cc: b.a.t.m.a.n@lists.open-mesh.org Signed-off-by: Sven Eckelmann Signed-off-by: Johannes Berg Signed-off-by: Ben Hutchings --- net/wireless/util.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -1566,6 +1566,8 @@ int cfg80211_get_station(struct net_devi if (!rdev->ops->get_station) return -EOPNOTSUPP; + memset(sinfo, 0, sizeof(*sinfo)); + return rdev_get_station(rdev, dev, mac_addr, sinfo); } EXPORT_SYMBOL(cfg80211_get_station);