Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp176153rdg; Tue, 10 Oct 2023 07:22:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHU1xKtx/8L+oRKVogbTGd2n+1Pmra3bQ3JPTZcNwY+jrus1B9MSdQG1/wq+/Q5FaNRy76L X-Received: by 2002:a05:6830:6685:b0:6c4:be02:635f with SMTP id cq5-20020a056830668500b006c4be02635fmr23622011otb.5.1696947774998; Tue, 10 Oct 2023 07:22:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696947774; cv=none; d=google.com; s=arc-20160816; b=tnATbNKFQ9SCYrB0RIRxtrEabMKwdoaTWoqYgYLNlB83LfvdPnUy6Zq3bPU4t5yQy+ aNyS2NNe8yZ1VCoeOGe9sRloxE8dILwk1H7ZwYB/QmtZk/ctuT7hRrDQCWevexUbR4e8 gW4dEmRYWxDm9kuUeWzTldcBk1p9o43+5uf/4tDErov+fVL2g1AeVkkR4mACLGZPSkcj wZn+vk9N9shAucuK4QuRQFCOGCqpgXcywmkLY3/zVvUYgHpo8GLmxNMw7MpTIebaqrkR 4LoMbrh0NbpEpFztbeBfLx4xC0Lex4oKfHnjGNB3BzmQwgr6Fu9SeEcBRgcwXSlOE/B9 sICA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:to:from :subject:message-id:dkim-signature; bh=plapjsWfysEH6LuEfPgV0TG2DznUyd7rnTYhfAMa0+M=; fh=Uwe2J84mAhWpAiECTn7sEM+sdLibwaPuqBca6gkuaTo=; b=eF5C77TuCOZuwl4v9uJHkiTx8kesTdAQ8i/YVwEL5O9xevAgCgTas0yvCeagISzIEJ wYUwXUbukN117lpxBdMOkL+rg1wOZ1v6lqriVB99HuXWNFlenTNGo8KRImU4PEs3m6wo NfIVN0Dqx6g/tGTdBm2RHapwyy7yAFMEmBcXOqbJbDd/XhaPp1m063qxxiWZ6939rB1p MtIBsYDGlV03T2iz4fs/LgIzDNz9uXLO/GJumU4cRiY0eiLHVbUHJ63vjkab88EskUz3 hlxx608CWYg1oQJL5N6X1xyli+5q5/jnMuxJaJWdpdfnN0s7I73zOpap7M/8s0AhulJW qd7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=TrtplLSB; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id a62-20020a639041000000b00565335587absi12050069pge.802.2023.10.10.07.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 07:22:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b=TrtplLSB; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 0E34A80234D8; Tue, 10 Oct 2023 07:22:38 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232488AbjJJOWg (ORCPT + 52 others); Tue, 10 Oct 2023 10:22:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232107AbjJJOWg (ORCPT ); Tue, 10 Oct 2023 10:22:36 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:242:246e::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D936191 for ; Tue, 10 Oct 2023 07:22:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=MIME-Version:Content-Transfer-Encoding: Content-Type:References:In-Reply-To:Date:To:From:Subject:Message-ID:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-To: Resent-Cc:Resent-Message-ID; bh=plapjsWfysEH6LuEfPgV0TG2DznUyd7rnTYhfAMa0+M=; t=1696947751; x=1698157351; b=TrtplLSBs6aFoa9iLlg8tqa3RwocISoy5bJw8EzQOCcUH3r doKqULmsjdjpfR62+A6mZ+foxrjhI7Q9qusSaWco1zgEiYRGaY/fiZsuTwE94HoQCZaxVYqNHWhCV z83xl1R/5oibG5QQwbtDsjA+pk3/DztuTV6XhadpKbSfPgQ0DyygTi4B80v+EeUkEwtiNI40zHGwh jputpckDmAYMFbMsT2dhzfAii3Y5EOixQr2uOzRbdPHr0ymSy/MKBxe7rO4dOIwx9VNX2eTvlu/e9 xPg63AuOPGyf6jNVDzJhOZGFyd7Ybsf6ppzvZOLgTgrd9aBEgGXIPMcsqkJmbfMQ==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.97-RC1) (envelope-from ) id 1qqDcx-00000000RQ2-3yEp; Tue, 10 Oct 2023 16:22:28 +0200 Message-ID: Subject: Re: mac80211 bugs From: Johannes Berg To: James Dutton , linux-wireless@vger.kernel.org Date: Tue, 10 Oct 2023 16:22:26 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 (3.48.4-1.fc38) MIME-Version: 1.0 X-malware-bazaar: not-scanned X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 10 Oct 2023 07:22:38 -0700 (PDT) X-Spam-Level: ** On Mon, 2023-10-09 at 16:56 +0100, James Dutton wrote: > /usr/src/linux/net/mac80211/sta_info.c:2424 > case STA_STATS_RATE_TYPE_LEGACY: { > struct ieee80211_supported_band *sband; > u16 brate; > unsigned int shift; > int band =3D STA_STATS_GET(LEGACY_BAND, rate); > int rate_idx =3D STA_STATS_GET(LEGACY_IDX, rate); >=20 > sband =3D local->hw.wiphy->bands[band]; >=20 > if (WARN_ON_ONCE(!sband->bitrates)) <------It_crashe= s_here > break; >=20 > brate =3D sband->bitrates[rate_idx].bitrate; > if (rinfo->bw =3D=3D RATE_INFO_BW_5) > shift =3D 2; > else if (rinfo->bw =3D=3D RATE_INFO_BW_10) > shift =3D 1; > else > shift =3D 0; > rinfo->legacy =3D DIV_ROUND_UP(brate, 1 << shift); > break; > } >=20 > Looking at this, it can be one of two things: > 1) local->hw.wiphy->bands[band]; is NULL Yes, I think that's it. > 2) bands is an array of 6 items, making band valid for values 0-5. > If band >=3D 6, it would cause problems. Highly unlikely. > So maybe something along these lines might help: >=20 > Signed-off-by: James Courtier-Dutton > --- sta_info.c.org 2023-10-08 19:52:13.578270007 +0100 > +++ sta_info.c.new2 2023-10-08 19:52:09.450214070 +0100 > @@ -2420,7 +2420,26 @@ > int band =3D STA_STATS_GET(LEGACY_BAND, rate); > int rate_idx =3D STA_STATS_GET(LEGACY_IDX, rate); >=20 > + if (band >=3D NUM_NL80211_BANDS) { > + printk("ERROR: band=3D%d is too large. > Returning\n", band); > + break; > + } > + > sband =3D local->hw.wiphy->bands[band]; > + if (!sband) { > + printk("ERROR: sband NULL. Returning\n"); > + break; > + } You'd really never want a plain printk, and anyway, that printk is malformed (no severity string macro). _Maybe_ change it to WARN_ON_ONCE(!sband || !sband->bitrates) there, but really I think we should prevent this in the first place. Is this, by any chance, a device without 2.4 GHz? johannes