Fix wiphy supported_band access in tx radiotap parsing. In particular,
info->band is always set to 0 (IEEE80211_BAND_2GHZ) since it has not
assigned yet. This cause a kernel crash on 5GHz only devices.
Move ieee80211_parse_tx_radiotap() after info->band assignment
Signed-off-by: Lorenzo Bianconi <[email protected]>
---
net/mac80211/tx.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 7bb67fa..b07d037 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1892,10 +1892,6 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
IEEE80211_TX_CTL_INJECTED;
- /* process and remove the injection radiotap header */
- if (!ieee80211_parse_tx_radiotap(local, skb))
- goto fail;
-
rcu_read_lock();
/*
@@ -1957,6 +1953,10 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
goto fail_rcu;
info->band = chandef->chan->band;
+ /* process and remove the injection radiotap header */
+ if (!ieee80211_parse_tx_radiotap(local, skb))
+ goto fail_rcu;
+
ieee80211_xmit(sdata, NULL, skb);
rcu_read_unlock();
--
2.5.0
On Wednesday 10 February 2016 16:08:17 Lorenzo Bianconi wrote:
> Fix wiphy supported_band access in tx radiotap parsing. In particular,
> info->band is always set to 0 (IEEE80211_BAND_2GHZ) since it has not
> assigned yet. This cause a kernel crash on 5GHz only devices.
> Move ieee80211_parse_tx_radiotap() after info->band assignment
>
> Signed-off-by: Lorenzo Bianconi <[email protected]>
Thanks for the patch. I really never tested with 5GHz only cards and
forgot to check when info->band is assigned.
Can you please add a line describing which patch this one fixes (I hope
the ids are stable in this tree):
Fixes: 5ec3aed9ba4c ("mac80211: Parse legacy and HT rate in injected frames")
And btw., I am happy about the VHT patches. I should really get some MT76
compatible hardware to test how well AC works with a less annoying firmware.
@Felix, I saw that you've added the original patch to OpenWrt. Can you also
check this patch and maybe add it as fix for OpenWrt? Thanks
Kind regards,
Sven
> ---
> net/mac80211/tx.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index 7bb67fa..b07d037 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -1892,10 +1892,6 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
> info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
> IEEE80211_TX_CTL_INJECTED;
>
> - /* process and remove the injection radiotap header */
> - if (!ieee80211_parse_tx_radiotap(local, skb))
> - goto fail;
> -
> rcu_read_lock();
>
> /*
> @@ -1957,6 +1953,10 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
> goto fail_rcu;
>
> info->band = chandef->chan->band;
> + /* process and remove the injection radiotap header */
> + if (!ieee80211_parse_tx_radiotap(local, skb))
> + goto fail_rcu;
> +
> ieee80211_xmit(sdata, NULL, skb);
> rcu_read_unlock();
>
>