For hardware with IEEE80211_HW_HAS_RATE_CONTROL the rate controller is not
initialized. However, calling functions such as ieee80211_beacon_get result
in the rate_control_get_rate function getting called, which is accessing
(in this case uninitialized) rate control structures unconditionally.
Fix by exiting the function before setting the rates for HW with
IEEE80211_HW_HAS_RATE_CONTROL set. The initialization of the ieee80211_tx_info
struct is intentionally still executed.
Signed-off-by: Juuso Oikarinen <[email protected]>
Reviewed-by: Kalle Valo <[email protected]>
---
net/mac80211/rate.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index c74b7c8..7f366d8 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -303,6 +303,9 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
info->control.rates[i].count = 1;
}
+ if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
+ return;
+
ref->ops->get_rate(ref->priv, ista, priv_sta, txrc);
/*
--
1.6.3.3
On Thu, Feb 11, 2010 at 11:35 PM, Juuso Oikarinen
<[email protected]> wrote:
> For hardware with IEEE80211_HW_HAS_RATE_CONTROL the rate controller is not
> initialized. However, calling functions such as ieee80211_beacon_get result
> in the rate_control_get_rate function getting called, which is accessing
> (in this case uninitialized) rate control structures unconditionally.
>
> Fix by exiting the function before setting the rates for HW with
> IEEE80211_HW_HAS_RATE_CONTROL set. The initialization of the ieee80211_tx_info
> struct is intentionally still executed.
>
> Signed-off-by: Juuso Oikarinen <[email protected]>
> Reviewed-by: Kalle Valo <[email protected]>
I think this has been a bug for a while so can you resend with Cc:
[email protected]
Luis