For hardware with IEEE80211_HW_HAS_RATE_CONTROL the rate controller is not
initialized. However, calling functions such as ieee80211_beacon_get result
in the rate_control_get_rate function getting called, which is accessing
(in this case uninitialized) rate control structures unconditionally.
Fix by exiting the function before setting the rates for HW with
IEEE80211_HW_HAS_RATE_CONTROL set. The initialization of the ieee80211_tx_info
struct is intentionally still executed.
Signed-off-by: Juuso Oikarinen <[email protected]>
Reviewed-by: Kalle Valo <[email protected]>
Cc: [email protected]
---
net/mac80211/rate.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 99ab24c..0b299d2 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -303,6 +303,9 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
info->control.rates[i].count = 1;
}
+ if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
+ return;
+
ref->ops->get_rate(ref->priv, ista, priv_sta, txrc);
/*
--
1.6.3.3
On Fri, 2010-02-12 at 08:57 +0100, ext Luis R. Rodriguez wrote:
> On Thu, Feb 11, 2010 at 11:52 PM, Juuso Oikarinen
> <[email protected]> wrote:
> > For hardware with IEEE80211_HW_HAS_RATE_CONTROL the rate controller is not
> > initialized. However, calling functions such as ieee80211_beacon_get result
> > in the rate_control_get_rate function getting called, which is accessing
> > (in this case uninitialized) rate control structures unconditionally.
> >
> > Fix by exiting the function before setting the rates for HW with
> > IEEE80211_HW_HAS_RATE_CONTROL set. The initialization of the ieee80211_tx_info
> > struct is intentionally still executed.
> >
> > Signed-off-by: Juuso Oikarinen <[email protected]>
> > Reviewed-by: Kalle Valo <[email protected]>
>
> I meant adding it on the commit log, below the Reviewed-by line.
>
> Luis
Sorry, I misunderstood.
I will resend it once again.
-Juuso
On Thu, Feb 11, 2010 at 11:52 PM, Juuso Oikarinen
<[email protected]> wrote:
> For hardware with IEEE80211_HW_HAS_RATE_CONTROL the rate controller is not
> initialized. However, calling functions such as ieee80211_beacon_get result
> in the rate_control_get_rate function getting called, which is accessing
> (in this case uninitialized) rate control structures unconditionally.
>
> Fix by exiting the function before setting the rates for HW with
> IEEE80211_HW_HAS_RATE_CONTROL set. The initialization of the ieee80211_tx_info
> struct is intentionally still executed.
>
> Signed-off-by: Juuso Oikarinen <[email protected]>
> Reviewed-by: Kalle Valo <[email protected]>
I meant adding it on the commit log, below the Reviewed-by line.
Luis