2015-09-28 18:58:43

by Christian Lamparter

[permalink] [raw]
Subject: [PATCH] mac80211: fix oops in ieee80211_beacon_get_tim

This patch fixes a crash which is triggered
by __ieee80211_beacon_get returning NULL.
This causes sky_copy to crash later unless
the hardware supports BEACON_TX_STATUS
feature.

Signed-off-by: Christian Lamparter <[email protected]>
---
"mac80211: Copy tx'ed beacons to monitor mode" added the skb_copy.
There are few other possibilities to do this. This is just one.
---
net/mac80211/tx.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index f7317a7..666e46b 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3530,6 +3530,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
struct ieee80211_supported_band *sband;
int shift;

+ if (!bcn)
+ return bcn;
+
if (tim_offset)
*tim_offset = offs.tim_offset;

--
2.5.3



2015-09-28 19:04:26

by Helmut Schaa

[permalink] [raw]
Subject: Re: [PATCH] mac80211: fix oops in ieee80211_beacon_get_tim





Christian Lamparter <[email protected]> schrieb:
>This patch fixes a crash which is triggered
>by __ieee80211_beacon_get returning NULL.

Ouch, thanks for catching this!
Helmut

>This causes sky_copy to crash later unless
>the hardware supports BEACON_TX_STATUS
>feature.
>
>Signed-off-by: Christian Lamparter <[email protected]>
>---
>"mac80211: Copy tx'ed beacons to monitor mode" added the skb_copy.
>There are few other possibilities to do this. This is just one.
>---
> net/mac80211/tx.c | 3 +++
> 1 file changed, 3 insertions(+)
>
>diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
>index f7317a7..666e46b 100644
>--- a/net/mac80211/tx.c
>+++ b/net/mac80211/tx.c
>@@ -3530,6 +3530,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct
>ieee80211_hw *hw,
> struct ieee80211_supported_band *sband;
> int shift;
>
>+ if (!bcn)
>+ return bcn;
>+
> if (tim_offset)
> *tim_offset = offs.tim_offset;
>


2015-09-29 13:58:53

by Johannes Berg

[permalink] [raw]
Subject: Re: [PATCH] mac80211: fix oops in ieee80211_beacon_get_tim

On Mon, 2015-09-28 at 20:58 +0200, Christian Lamparter wrote:
> This patch fixes a crash which is triggered
> by __ieee80211_beacon_get returning NULL.
> This causes sky_copy to crash later unless
> the hardware supports BEACON_TX_STATUS
> feature.
>
> Signed-off-by: Christian Lamparter <[email protected]>
> ---
> "mac80211: Copy tx'ed beacons to monitor mode" added the skb_copy.
> There are few other possibilities to do this. This is just one.

Thanks, I rebased this in ...

johannes