Lorenzo Bianconi
3e8f7abcc3
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration ...
Fix possible out-of-bound access in ieee80211_get_rate_duration routine
as reported by the following UBSAN report:
UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47
index 15 is out of range for type 'u16 [12]'
CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic
Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017
Workqueue: mt76 mt76u_tx_status_data [mt76_usb]
Call Trace:
<TASK>
show_stack+0x4e/0x61
dump_stack_lvl+0x4a/0x6f
dump_stack+0x10/0x18
ubsan_epilogue+0x9/0x43
__ubsan_handle_out_of_bounds.cold+0x42/0x47
ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]
? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]
ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]
ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]
mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]
mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]
mt76u_tx_status_data+0x67/0xd0 [mt76_usb]
process_one_work+0x225/0x400
worker_thread+0x50/0x3e0
? process_one_work+0x400/0x400
kthread+0xe9/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
Fixes: db3e1c40cf2f ("mac80211: Import airtime calculation code from mt76")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-11-25 12:45:53 +01:00
2021-03-16 21:20:41 +01:00
2019-06-19 17:09:55 +02:00
2019-06-19 17:09:55 +02:00
2021-04-19 12:01:40 +02:00
2019-06-19 17:09:55 +02:00
2019-06-19 17:09:55 +02:00
2021-03-16 21:20:41 +01:00
2019-06-19 17:09:55 +02:00
2022-07-15 11:43:17 +02:00
2022-07-22 14:28:35 +02:00
2022-11-25 12:45:53 +01:00
2022-09-03 16:57:34 +02:00
2022-09-06 10:12:44 +02:00
2022-07-15 11:43:14 +02:00
2022-06-20 12:55:06 +02:00
2020-02-24 10:35:57 +01:00
2022-09-06 10:17:20 +02:00
2022-07-01 10:51:48 +02:00
2022-07-22 14:28:36 +02:00
2022-09-06 10:12:44 +02:00
2022-09-06 10:12:44 +02:00
2022-08-25 10:41:24 +02:00
2022-08-26 09:56:54 +02:00
2021-10-21 17:01:16 +02:00
2019-06-19 17:09:55 +02:00
2022-09-06 10:17:08 +02:00
2022-09-06 10:17:08 +02:00
2022-09-01 12:58:02 -07:00
2022-10-10 09:50:23 +02:00
2022-10-07 14:48:14 +02:00
2021-01-28 09:29:34 +02:00
2022-09-06 10:17:20 +02:00
2022-09-06 10:17:20 +02:00
2021-06-23 11:29:12 +02:00
2021-11-15 10:56:57 +01:00
2022-09-06 10:17:20 +02:00
2022-10-21 12:34:59 +02:00
2022-09-03 17:02:25 +02:00
2022-07-15 11:43:17 +02:00
2022-11-02 09:48:11 +01:00
2022-07-15 11:43:23 +02:00
2021-09-23 13:25:09 +02:00
2021-09-23 16:26:33 +02:00
2022-08-26 09:56:36 +02:00
2022-01-04 15:11:49 +01:00
2019-06-19 17:09:55 +02:00
2019-06-19 17:09:55 +02:00
2022-10-07 14:40:33 +02:00
2022-07-15 11:43:23 +02:00
2022-07-22 14:28:35 +02:00
2021-10-21 17:27:51 +02:00
2022-07-15 11:43:21 +02:00
2022-07-15 11:43:21 +02:00
2021-02-12 08:58:11 +01:00
2022-10-11 17:42:58 -06:00
2022-05-16 10:07:58 +02:00
2022-10-13 11:59:56 +02:00
2022-11-02 09:50:40 +01:00
2022-10-11 17:42:58 -06:00
2022-07-15 11:43:14 +02:00
2022-09-06 10:17:08 +02:00
2022-09-06 10:17:08 +02:00
2022-09-27 10:29:04 +02:00
2022-07-22 14:28:36 +02:00
2020-01-15 09:52:12 +01:00
2019-07-08 20:57:08 -07:00
2022-07-24 19:11:17 -04:00
2022-07-15 11:43:20 +02:00
2022-11-02 09:46:11 +01:00
2022-10-13 11:59:56 +02:00
2022-09-06 10:17:08 +02:00
2020-02-07 12:40:34 +01:00
2020-02-07 12:40:34 +01:00
2022-07-14 15:27:35 -07:00
2019-06-19 17:09:55 +02:00
2022-09-03 16:40:06 +02:00
2022-06-10 15:35:53 +02:00
3e8f7abcc3