From 52512072738c851896c8bfa31938eba1e9b9bc62 Mon Sep 17 00:00:00 2001 From: andrea merello Date: Sun, 19 Jan 2014 22:21:49 +0100 Subject: [PATCH] mac80211: add check on hw->max_signal value on ieee80211_register_hw When IEEE80211_HW_SIGNAL_UNSPEC is set, mac80211 will perform a division by max_signal in ieee80211_bss_info_update. If max_signal is not properly set by the driver (for example it is zero) this leads to a divide error and crash. Thanks to Larry Finger, who pointed me to this. This patch adds in ieee80211_register_hw one more check to detect this condition and eventually returns -EINVAL, as already done for other checks already performed there. Signed-off-by: andrea merello [move to an already existing SIGNAL_UNSPEC check] Signed-off-by: Johannes Berg --- net/mac80211/main.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/mac80211/main.c b/net/mac80211/main.c index d767cfb9b45f..1f7d8422d62d 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -893,10 +893,15 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) /* mac80211 supports control port protocol changing */ local->hw.wiphy->flags |= WIPHY_FLAG_CONTROL_PORT_PROTOCOL; - if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) + if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) { local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; - else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) + } else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) { local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_UNSPEC; + if (hw->max_signal <= 0) { + result = -EINVAL; + goto fail_wiphy_register; + } + } WARN((local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) && (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK),