When IEEE80211_HW_SIGNAL_UNSPEC is set, mac80211 will perform a
division by max_signal in ieee80211_bss_info_update. If max_signal
is not properly set by the driver (for example it is zero) this
leads to a divide error and crash.
Thanks to Larry Finger, who pointed me to this.
This patch adds in ieee80211_register_hw one more check to detect
this condition and eventually returns -EINVAL, as already done for
other checks already performed there.
Signed-off-by: andrea merello <[email protected]>
---
net/mac80211/main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index d767cfb..913307a 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -758,6 +758,9 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
local->hw.offchannel_tx_hw_queue >= local->hw.queues))
return -EINVAL;
+ if (hw->flags & IEEE80211_HW_SIGNAL_UNSPEC && hw->max_signal <= 0)
+ return -EINVAL;
+
#ifdef CONFIG_PM
if (hw->wiphy->wowlan && (!local->ops->suspend || !local->ops->resume))
return -EINVAL;
--
1.8.3.2
On Sun, 2014-01-19 at 22:21 +0100, andrea merello wrote:
> When IEEE80211_HW_SIGNAL_UNSPEC is set, mac80211 will perform a
> division by max_signal in ieee80211_bss_info_update. If max_signal
> is not properly set by the driver (for example it is zero) this
> leads to a divide error and crash.
> Thanks to Larry Finger, who pointed me to this.
> This patch adds in ieee80211_register_hw one more check to detect
> this condition and eventually returns -EINVAL, as already done for
> other checks already performed there.
Applied.
johannes
On Mon, Jan 20, 2014 at 2:51 AM, andrea merello
<[email protected]> wrote:
>
> + if (hw->flags &
> IEEE80211_HW_SIGNAL_UNSPEC && hw->max_signal <= 0)
> + return -EINVAL;
> +
Should we add a check for > 100 as well, similar to cfg?