It looks like mac80211 may try to send unicast frames to a STA that
does not have a STA entry. We need to make sure that that is caught in
the rate control code before dereferencing STA data.
Signed-off-by: Jouni Malinen <[email protected]>
---
drivers/net/wireless/ath9k/rc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- wireless-testing.orig/drivers/net/wireless/ath9k/rc.c 2008-12-17 12:37:50.000000000 +0200
+++ wireless-testing/drivers/net/wireless/ath9k/rc.c 2008-12-17 13:00:38.000000000 +0200
@@ -1498,7 +1498,8 @@ static void ath_get_rate(void *priv, str
__le16 fc = hdr->frame_control;
/* lowest rate for management and multicast/broadcast frames */
- if (!ieee80211_is_data(fc) || is_multicast_ether_addr(hdr->addr1)) {
+ if (!ieee80211_is_data(fc) || is_multicast_ether_addr(hdr->addr1) ||
+ !sta) {
tx_info->control.rates[0].idx = rate_lowest_index(sband, sta);
tx_info->control.rates[0].count =
is_multicast_ether_addr(hdr->addr1) ? 1 : ATH_MGT_TXMAXTRY;
--
Jouni Malinen PGP id EFC895FA
On Wednesday 17 December 2008 13:02:50 Jouni Malinen wrote:
> On Wed, Dec 17, 2008 at 12:30:56PM +0100, Johannes Berg wrote:
> > On Wed, 2008-12-17 at 13:30 +0200, Jouni Malinen wrote:
> > > It looks like mac80211 may try to send unicast frames to a STA that
> > > does not have a STA entry. We need to make sure that that is caught in
> > > the rate control code before dereferencing STA data.
> >
> > This should only happen for injected packets, can you verify? OTOH, AP
> > mode obviously has injected packets (auth response, ...)
>
> I did not check what the exact frame was, but this was indeed in AP mode
> and the frame was most likely from hostapd and as such, an injected
> packet.
>
hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: authenticated
kernel: [ 3130.431067] ------------[ cut here ]------------
kernel: [ 3130.431076] WARNING: at net/mac80211/rc80211_minstrel.c:69 minstrel_rate_init+0xb8/0x320 [mac80211]()
kernel: [ 3130.431081] Modules linked in: p54usb p54pci p54common [...]
kernel: [ 3130.431300] Pid: 16961, comm: hostapd2 Tainted: P 2.6.28-rc7-wl #3
[ 3130.431305] Call Trace:
[ 3130.431318] [<ffffffff802343c1>] warn_on_slowpath+0x51/0x75
[ 3130.431329] [<ffffffff803d74b0>] rb_insert_color+0xba/0xe2
[ 3130.431338] [<ffffffff802480ef>] __remove_hrtimer+0x7c/0x88
[ 3130.431375] [<ffffffffa00bd30e>] minstrel_rate_init+0xb8/0x320 [mac80211]
[ 3130.431417] [<ffffffffa00ae713>] ieee80211_add_station+0x145/0x17d [mac80211]
hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: associated (aid 1, accounting session 494187DD-00000000)
kernel: [ 3130.431440] [<ffffffffa00897af>] nl80211_new_station+0x1b3/0x20b [cfg80211]
kernel: [ 3130.431450] [<ffffffff80595691>] mutex_lock+0xd/0x1e
kernel: [ 3130.431459] [<ffffffff804f6f86>] nla_parse+0x4b/0xb2
yup, the Warning just happend right between auth and assoc
Regards,
Chr
On Wed, 2008-12-17 at 13:30 +0200, Jouni Malinen wrote:
> It looks like mac80211 may try to send unicast frames to a STA that
> does not have a STA entry. We need to make sure that that is caught in
> the rate control code before dereferencing STA data.
This should only happen for injected packets, can you verify? OTOH, AP
mode obviously has injected packets (auth response, ...)
johannes
On Wed, Dec 17, 2008 at 12:30:56PM +0100, Johannes Berg wrote:
> On Wed, 2008-12-17 at 13:30 +0200, Jouni Malinen wrote:
> > It looks like mac80211 may try to send unicast frames to a STA that
> > does not have a STA entry. We need to make sure that that is caught in
> > the rate control code before dereferencing STA data.
>
> This should only happen for injected packets, can you verify? OTOH, AP
> mode obviously has injected packets (auth response, ...)
I did not check what the exact frame was, but this was indeed in AP mode
and the frame was most likely from hostapd and as such, an injected
packet.
--
Jouni Malinen PGP id EFC895FA
On Wed, 2008-12-17 at 13:25 +0100, Christian Lamparter wrote:
> hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: authenticated
> kernel: [ 3130.431067] ------------[ cut here ]------------
> kernel: [ 3130.431076] WARNING: at net/mac80211/rc80211_minstrel.c:69 minstrel_rate_init+0xb8/0x320 [mac80211]()
> kernel: [ 3130.431081] Modules linked in: p54usb p54pci p54common [...]
> kernel: [ 3130.431300] Pid: 16961, comm: hostapd2 Tainted: P 2.6.28-rc7-wl #3
> [ 3130.431305] Call Trace:
> [ 3130.431318] [<ffffffff802343c1>] warn_on_slowpath+0x51/0x75
> [ 3130.431329] [<ffffffff803d74b0>] rb_insert_color+0xba/0xe2
> [ 3130.431338] [<ffffffff802480ef>] __remove_hrtimer+0x7c/0x88
> [ 3130.431375] [<ffffffffa00bd30e>] minstrel_rate_init+0xb8/0x320 [mac80211]
> [ 3130.431417] [<ffffffffa00ae713>] ieee80211_add_station+0x145/0x17d [mac80211]
> hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: associated (aid 1, accounting session 494187DD-00000000)
> kernel: [ 3130.431440] [<ffffffffa00897af>] nl80211_new_station+0x1b3/0x20b [cfg80211]
> kernel: [ 3130.431450] [<ffffffff80595691>] mutex_lock+0xd/0x1e
> kernel: [ 3130.431459] [<ffffffff804f6f86>] nla_parse+0x4b/0xb2
>
> yup, the Warning just happend right between auth and assoc
This, umm, seems totally unrelated since Jouni was fixing something in
ath9k's RC algorithm.
johannes
On Wednesday 17 December 2008 13:21:04 Johannes Berg wrote:
> On Wed, 2008-12-17 at 13:25 +0100, Christian Lamparter wrote:
>
> > hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: authenticated
> > kernel: [ 3130.431067] ------------[ cut here ]------------
> > kernel: [ 3130.431076] WARNING: at net/mac80211/rc80211_minstrel.c:69 minstrel_rate_init+0xb8/0x320 [mac80211]()
> > kernel: [ 3130.431081] Modules linked in: p54usb p54pci p54common [...]
> > kernel: [ 3130.431300] Pid: 16961, comm: hostapd2 Tainted: P 2.6.28-rc7-wl #3
> > [ 3130.431305] Call Trace:
> > [ 3130.431318] [<ffffffff802343c1>] warn_on_slowpath+0x51/0x75
> > [ 3130.431329] [<ffffffff803d74b0>] rb_insert_color+0xba/0xe2
> > [ 3130.431338] [<ffffffff802480ef>] __remove_hrtimer+0x7c/0x88
> > [ 3130.431375] [<ffffffffa00bd30e>] minstrel_rate_init+0xb8/0x320 [mac80211]
> > [ 3130.431417] [<ffffffffa00ae713>] ieee80211_add_station+0x145/0x17d [mac80211]
> > hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: associated (aid 1, accounting session 494187DD-00000000)
> > kernel: [ 3130.431440] [<ffffffffa00897af>] nl80211_new_station+0x1b3/0x20b [cfg80211]
> > kernel: [ 3130.431450] [<ffffffff80595691>] mutex_lock+0xd/0x1e
> > kernel: [ 3130.431459] [<ffffffff804f6f86>] nla_parse+0x4b/0xb2
> >
> > yup, the Warning just happend right between auth and assoc
>
> This, umm, seems totally unrelated since Jouni was fixing something in
> ath9k's RC algorithm.
>
hmm, I wanted to point out that not only ath9k's RC algorithm has problems with
uninitialized/dereferenced sta... as he said in his patch description:
"It looks like mac80211 may try to send unicast frames to a STA that does not have a STA entry. "
But if this is a unrelated problem... Sorry!!!
Regards,
Chr