[openwrt/openwrt] mac80211: fix an uninitialized stack variable in the minstrel update
LEDE Commits
lede-commits at lists.infradead.org
Thu Jan 14 14:12:46 EST 2021
nbd pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/faeaf5a01025edc13b83c90a724d8bff18ab2279
commit faeaf5a01025edc13b83c90a724d8bff18ab2279
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Thu Jan 14 20:12:08 2021 +0100
mac80211: fix an uninitialized stack variable in the minstrel update
It can lead to out-of-bounds access and invalid rates
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
...ac80211-minstrel_ht-fix-max-probability-rate-select.patch | 12 ++++++++++--
...mac80211-minstrel_ht-increase-stats-update-interval.patch | 2 +-
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch b/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch
index a0b918c9a1..0dbfa9d4fb 100644
--- a/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch
+++ b/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch
@@ -76,7 +76,15 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
bool ht_supported = mi->sta->ht_cap.ht_supported;
mi->sample_mode = MINSTREL_SAMPLE_IDLE;
-@@ -903,9 +913,6 @@ minstrel_ht_update_stats(struct minstrel
+@@ -863,6 +873,7 @@ minstrel_ht_update_stats(struct minstrel
+ else
+ index = MINSTREL_OFDM_GROUP * MCS_GROUP_RATES;
+
++ tmp_max_prob_rate = index;
+ for (j = 0; j < ARRAY_SIZE(tmp_mcs_tp_rate); j++)
+ tmp_mcs_tp_rate[j] = index;
+
+@@ -903,9 +914,6 @@ minstrel_ht_update_stats(struct minstrel
/* Find max throughput rate set within a group */
minstrel_ht_sort_best_tp_rates(mi, index,
tmp_group_tp_rate);
@@ -86,7 +94,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
}
memcpy(mg->max_group_tp_rate, tmp_group_tp_rate,
-@@ -917,6 +924,27 @@ minstrel_ht_update_stats(struct minstrel
+@@ -917,6 +925,27 @@ minstrel_ht_update_stats(struct minstrel
tmp_legacy_tp_rate);
memcpy(mi->max_tp_rate, tmp_mcs_tp_rate, sizeof(mi->max_tp_rate));
diff --git a/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch b/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch
index 5c7785f892..9972a9414e 100644
--- a/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch
+++ b/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch
@@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
-@@ -1864,7 +1864,7 @@ minstrel_ht_alloc(struct ieee80211_hw *h
+@@ -1865,7 +1865,7 @@ minstrel_ht_alloc(struct ieee80211_hw *h
mp->has_mrr = true;
mp->hw = hw;
More information about the lede-commits
mailing list