From 9887dbf5b2163bcf69cd4456c21352e9a81c6003 Mon Sep 17 00:00:00 2001 From: Cong Ding Date: Wed, 6 Feb 2013 17:23:45 +0100 Subject: [PATCH 1/4] mac80211: fix error in sizeof() usage Using 'sizeof' on array given as function argument returns size of a pointer rather than the size of array. Cc: stable@vger.kernel.org Signed-off-by: Cong Ding Signed-off-by: Johannes Berg --- net/mac80211/cfg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 516fbc96feff..0479c64aa83c 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2004,7 +2004,8 @@ static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev, { struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); - memcpy(sdata->vif.bss_conf.mcast_rate, rate, sizeof(rate)); + memcpy(sdata->vif.bss_conf.mcast_rate, rate, + sizeof(int) * IEEE80211_NUM_BANDS); return 0; } From d601cd8d950c85032cefdcda162b8cd2cda363bb Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 7 Feb 2013 20:54:51 +0100 Subject: [PATCH 2/4] mac80211: fix managed mode channel context use My commit f2d9d270c15ae0139b54a7e7466d738327e97e03 ("mac80211: support VHT association") introduced a very stupid bug: the loop to downgrade the channel width never attempted to actually use it again so it would downgrade all the way to 20_NOHT. Fix it. Signed-off-by: Johannes Berg --- net/mac80211/mlme.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index a3552929a21d..3b9cb510aa36 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -3529,8 +3529,11 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata, */ ret = ieee80211_vif_use_channel(sdata, &chandef, IEEE80211_CHANCTX_SHARED); - while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) + while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) { ifmgd->flags |= chandef_downgrade(&chandef); + ret = ieee80211_vif_use_channel(sdata, &chandef, + IEEE80211_CHANCTX_SHARED); + } return ret; } From 3d9646d0abd02c552f6f15c302b31aa321c2fa8b Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Sat, 9 Feb 2013 21:46:34 +0100 Subject: [PATCH 3/4] mac80211: fix channel selection bug When trying to connect to an AP that advertises HT but not VHT, the mac80211 code erroneously uses the configuration from the AP as is instead of checking it against regulatory and local capabilities. This can lead to using an invalid or even inexistent channel (like 11/HT40+). Additionally, the return flags from downgrading must be ORed together, to collect them from all of the downgrades. Also clarify the message. Signed-off-by: Johannes Berg --- net/mac80211/mlme.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 3b9cb510aa36..5107248af7fb 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -3400,6 +3400,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, ret = 0; +out: while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, IEEE80211_CHAN_DISABLED)) { if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { @@ -3408,14 +3409,13 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, goto out; } - ret = chandef_downgrade(chandef); + ret |= chandef_downgrade(chandef); } if (chandef->width != vht_chandef.width) sdata_info(sdata, - "local regulatory prevented using AP HT/VHT configuration, downgraded\n"); + "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n"); -out: WARN_ON_ONCE(!cfg80211_chandef_valid(chandef)); return ret; } From d786f67e5c587a4de8245336cb64cf4dd06871a7 Mon Sep 17 00:00:00 2001 From: Jonas Gorski Date: Fri, 8 Feb 2013 16:07:25 +0100 Subject: [PATCH 4/4] mwl8k: fix band for supported channels The band field for the supported channels were left unpopulated, making them default to 0 == IEEE80211_BAND_2GHZ, even for the 5GHz channels. This resulted in null pointer accesses if anything tries to access wiphy->bands[channel->band] of a 5GHz channel on 5GHz only cards, since wiphy->bands[2GHZ] is NULL for them (e.g. cfg80211_chandef_usable does). Example kernel OOPS: [ 665.669993] Unable to handle kernel NULL pointer dereference at virtual address 00000016 [ 665.678194] pgd = c6d58000 [ 665.680941] [00000016] *pgd=06f8a831, *pte=00000000, *ppte=00000000 [ 665.687303] Internal error: Oops: 17 [#1] (...) [ 666.116373] Backtrace: [ 666.118866] [] (cfg80211_chandef_usable+0x0/0x1bc [cfg80211]) from [] (nl80211_leave_mesh+0x244/0x264 [cfg80211]) [ 666.130919] r7:c6d12100 r6:0000143c r5:c0611c48 r4:c0611b98 [ 666.136668] [] (nl80211_leave_mesh+0x164/0x264 [cfg80211]) from [] (nl80211_remain_on_channel+0x2a0/0x358 [cfg80211]) [ 666.149074] r7:c6d12000 r6:c6d12000 r5:c6f4f368 r4:00000003 [ 666.154814] [] (nl80211_remain_on_channel+0x240/0x358 [cfg80211]) from [] (nl80211_set_wiphy+0x264/0x560 [cfg80211]) [ 666.167150] [] (nl80211_set_wiphy+0x0/0x560 [cfg80211]) from [] (genl_rcv_msg+0x1b8/0x1f8) [ 666.177205] [] (genl_rcv_msg+0x0/0x1f8) from [] (netlink_rcv_skb+0x58/0xb4) [ 666.185949] [] (netlink_rcv_skb+0x0/0xb4) from [] (genl_rcv+0x20/0x2c) [ 666.194251] r6:c6f70780 r5:0000002c r4:c6f70780 r3:00000001 [ 666.199973] [] (genl_rcv+0x0/0x2c) from [] (netlink_unicast+0x154/0x1f4) [ 666.208449] r4:c785ea00 r3:c01f92fc [ 666.212057] [] (netlink_unicast+0x0/0x1f4) from [] (netlink_sendmsg+0x230/0x2b0) [ 666.221240] [] (netlink_sendmsg+0x0/0x2b0) from [] (sock_sendmsg+0x90/0xa4) [ 666.229986] [] (sock_sendmsg+0x0/0xa4) from [] (__sys_sendmsg+0x290/0x298) [ 666.238637] r9:00000000 r8:c0611ec8 r6:0000002c r5:c0610000 r4:c0611f64 [ 666.245411] [] (__sys_sendmsg+0x0/0x298) from [] (sys_sendmsg+0x44/0x6c) [ 666.253897] [] (sys_sendmsg+0x0/0x6c) from [] (ret_fast_syscall+0x0/0x2c) [ 666.262460] r6:00000000 r5:beeff96c r4:00000005 Signed-off-by: Jonas Gorski Signed-off-by: John W. Linville --- drivers/net/wireless/mwl8k.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/drivers/net/wireless/mwl8k.c b/drivers/net/wireless/mwl8k.c index 83564d36e801..a00a03ea4ec9 100644 --- a/drivers/net/wireless/mwl8k.c +++ b/drivers/net/wireless/mwl8k.c @@ -318,20 +318,20 @@ struct mwl8k_sta { #define MWL8K_STA(_sta) ((struct mwl8k_sta *)&((_sta)->drv_priv)) static const struct ieee80211_channel mwl8k_channels_24[] = { - { .center_freq = 2412, .hw_value = 1, }, - { .center_freq = 2417, .hw_value = 2, }, - { .center_freq = 2422, .hw_value = 3, }, - { .center_freq = 2427, .hw_value = 4, }, - { .center_freq = 2432, .hw_value = 5, }, - { .center_freq = 2437, .hw_value = 6, }, - { .center_freq = 2442, .hw_value = 7, }, - { .center_freq = 2447, .hw_value = 8, }, - { .center_freq = 2452, .hw_value = 9, }, - { .center_freq = 2457, .hw_value = 10, }, - { .center_freq = 2462, .hw_value = 11, }, - { .center_freq = 2467, .hw_value = 12, }, - { .center_freq = 2472, .hw_value = 13, }, - { .center_freq = 2484, .hw_value = 14, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2412, .hw_value = 1, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2417, .hw_value = 2, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2422, .hw_value = 3, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2427, .hw_value = 4, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2432, .hw_value = 5, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2437, .hw_value = 6, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2442, .hw_value = 7, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2447, .hw_value = 8, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2452, .hw_value = 9, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2457, .hw_value = 10, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2462, .hw_value = 11, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2467, .hw_value = 12, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2472, .hw_value = 13, }, + { .band = IEEE80211_BAND_2GHZ, .center_freq = 2484, .hw_value = 14, }, }; static const struct ieee80211_rate mwl8k_rates_24[] = { @@ -352,10 +352,10 @@ static const struct ieee80211_rate mwl8k_rates_24[] = { }; static const struct ieee80211_channel mwl8k_channels_50[] = { - { .center_freq = 5180, .hw_value = 36, }, - { .center_freq = 5200, .hw_value = 40, }, - { .center_freq = 5220, .hw_value = 44, }, - { .center_freq = 5240, .hw_value = 48, }, + { .band = IEEE80211_BAND_5GHZ, .center_freq = 5180, .hw_value = 36, }, + { .band = IEEE80211_BAND_5GHZ, .center_freq = 5200, .hw_value = 40, }, + { .band = IEEE80211_BAND_5GHZ, .center_freq = 5220, .hw_value = 44, }, + { .band = IEEE80211_BAND_5GHZ, .center_freq = 5240, .hw_value = 48, }, }; static const struct ieee80211_rate mwl8k_rates_50[] = {