Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp664743pxb; Thu, 15 Apr 2021 03:48:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz3D1DBnuswrBE6lBADllQIG8zfMMAnOd86Ti4HCHuaohVKa8czxEY2IWXmeCM9V0ry+Jcf X-Received: by 2002:a17:906:3018:: with SMTP id 24mr2812007ejz.186.1618483685263; Thu, 15 Apr 2021 03:48:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618483685; cv=none; d=google.com; s=arc-20160816; b=ThpzBDDQmSDOuDgZvm/DeDUtkBIbNpMviRd8C+lh8b+GDoy+JajCuAZRhofh+UTSue IwOmQPZoJr+xwADnMuX/g0i4iGwBn6xwvylAlMfbYLMpenW3sZxB3T+/79rkALlwNc88 Bg9JHi0f3l8xK26szEEkekQZfu6xBcVl/ltMPbn69TrYr8Jv42ol0jr28DhraERQhGvg 6l21ZURT8ej0rDofRnAlv8xhlvH64bmjSMkvNGIAgM3v+z2JXzkk1Ul9f7dJY6uD9yW7 zuQLXP6+dmcjkX0errpURwY7u9kQMgQ3mLgCrbtyDCg+1qoVFLfURO5rgNMnd0a7Y/cQ UXLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from:dmarc-filter :sender:dkim-signature; bh=mQQJUPxZs7yfFkf2/bSTHoSyrWyZL7nJGUBXycQz390=; b=bDBHV2Zg0sE83OkF6/W4Lu61O+IM/Hq+vp/IrM9g59f9q/sxlveAe/nJzbfcKMiYPB Ewl90b88bZGv/nXBHT5WyFc+LucxXeWKIN4cud8esD/y9/qKCKRlEhguZRMq5qxhPXxB cBy1K9nZGVn7j+Q/nVGCFewIbdpC9vq1Yfk5zYs4kaSaDci+ADjqaqFMYmAwmRuTiZbd WeRZYVN4pTJxB9ivhWK1UAKqAGsvVm10Hu25MM/I9oZUMyrIlMR8p8HXMxg+3kHH3M+w ZdcpXDxdzI45U2O1h/RgIL8G/rPRJUFt24+CUQk1TL66bm1NrT/XCNJZ3m5VTleG5XKd vkjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=FkaYfJPy; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y7si2078833edu.114.2021.04.15.03.47.38; Thu, 15 Apr 2021 03:48:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=FkaYfJPy; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232342AbhDOKru (ORCPT + 99 others); Thu, 15 Apr 2021 06:47:50 -0400 Received: from m43-7.mailgun.net ([69.72.43.7]:50637 "EHLO m43-7.mailgun.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230056AbhDOKru (ORCPT ); Thu, 15 Apr 2021 06:47:50 -0400 DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt; s=smtp; t=1618483647; h=Message-Id: Date: Subject: Cc: To: From: Sender; bh=mQQJUPxZs7yfFkf2/bSTHoSyrWyZL7nJGUBXycQz390=; b=FkaYfJPyw8x+QuT3bn49jFQ0P1cjod8anPIoIjx6sKOEQxBApKcsSy/yFveU5mIlfBmg5Zw9 wUoXONAbrhH7EjrgfuVOhbOauksZQQKhhXPYO0GfaRZsG4GdGYR6DQfIbvlMq1UBxir8bT7k f/O1bOL4BTHMrkHpPoAfbnSFvZk= X-Mailgun-Sending-Ip: 69.72.43.7 X-Mailgun-Sid: WyI3YTAwOSIsICJsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5vcmciLCAiYmU5ZTRhIl0= Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by smtp-out-n04.prod.us-east-1.postgun.com with SMTP id 607819b68166b7eff7da9af8 (version=TLS1.2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Thu, 15 Apr 2021 10:47:18 GMT Sender: akalaise=codeaurora.org@mg.codeaurora.org Received: by smtp.codeaurora.org (Postfix, from userid 1001) id E891AC433ED; Thu, 15 Apr 2021 10:47:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=ALL_TRUSTED,BAYES_00,SPF_FAIL, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from akalaise-linux.qualcomm.com (blr-c-bdr-fw-01_GlobalNAT_AllZones-Outside.qualcomm.com [103.229.19.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: akalaise) by smtp.codeaurora.org (Postfix) with ESMTPSA id 2C60CC433CA; Thu, 15 Apr 2021 10:47:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 2C60CC433CA Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: aws-us-west-2-caf-mail-1.web.codeaurora.org; spf=fail smtp.mailfrom=akalaise@codeaurora.org From: Abinaya Kalaiselvan To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Abinaya Kalaiselvan Subject: [PATCHv2] mac80211: fix NULL ptr dereference during mesh peer connection for non HE devices Date: Thu, 15 Apr 2021 16:17:05 +0530 Message-Id: <1618483625-31097-1-git-send-email-akalaise@codeaurora.org> X-Mailer: git-send-email 2.7.4 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org "sband->iftype_data" is not assigned with any value for non HE supported devices, which causes NULL pointer access during mesh peer connection in those devices. Fix this by accessing the pointer after HE capabilities condition check. Fixes: 7f7aa94bcaf0 (mac80211: reduce peer HE MCS/NSS to own capabilities) Signed-off-by: Abinaya Kalaiselvan --- v2: * ieee80211_sta_he_cap structure instance is initialized. net/mac80211/he.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/mac80211/he.c b/net/mac80211/he.c index 0c0b970..96a47b0 100644 --- a/net/mac80211/he.c +++ b/net/mac80211/he.c @@ -111,7 +111,7 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct ieee80211_sub_if_data *sdata, struct sta_info *sta) { struct ieee80211_sta_he_cap *he_cap = &sta->sta.he_cap; - struct ieee80211_sta_he_cap own_he_cap = sband->iftype_data->he_cap; + struct ieee80211_sta_he_cap own_he_cap = {0}; struct ieee80211_he_cap_elem *he_cap_ie_elem = (void *)he_cap_ie; u8 he_ppe_size; u8 mcs_nss_size; @@ -123,6 +123,8 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct ieee80211_sub_if_data *sdata, if (!he_cap_ie || !ieee80211_get_he_sta_cap(sband)) return; + own_he_cap = sband->iftype_data->he_cap; + /* Make sure size is OK */ mcs_nss_size = ieee80211_he_mcs_nss_size(he_cap_ie_elem); he_ppe_size = -- 2.7.4