iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/mac80211
History
Johannes Berg c87905bec5 mac80211: set bss_info data before configuring the channel 
When mac80211 changes the channel, it also calls into the driver's
bss_info_changed() callback, e.g. with BSS_CHANGED_IDLE. The driver
may, like iwlwifi does, access more data from bss_info in that case
and iwlwifi accesses the basic_rates bitmap, but if changing from a
band with more (basic) rates to one with fewer, an out-of-bounds
access of the rate array may result.

While we can't avoid having invalid data at some point in time, we
can avoid having it while we call the driver - so set up all the
data before configuring the channel, and then apply it afterwards.

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=195677

Reported-by: Johannes Hirte <johannes.hirte@datenkhaos.de>
Tested-by: Johannes Hirte <johannes.hirte@datenkhaos.de>
Debugged-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-06-13 10:24:33 +02:00
..
aes_ccm.c
mac80211: move struct aead_req off the stack
2016-10-17 16:14:04 +02:00
aes_ccm.h
mac80211: move struct aead_req off the stack
2016-10-17 16:14:04 +02:00
aes_cmac.c
mac80211: aes-cmac: switch to shash CMAC driver
2017-02-08 09:19:33 +01:00
aes_cmac.h
mac80211: aes-cmac: switch to shash CMAC driver
2017-02-08 09:19:33 +01:00
aes_gcm.c
mac80211: move struct aead_req off the stack
2016-10-17 16:14:04 +02:00
aes_gcm.h
mac80211: move struct aead_req off the stack
2016-10-17 16:14:04 +02:00
aes_gmac.c
mac80211: move struct aead_req off the stack
2016-10-17 16:14:04 +02:00
aes_gmac.h
mac80211: move struct aead_req off the stack
2016-10-17 16:14:04 +02:00
agg-rx.c
mac80211: Use setup_timer instead of init_timer
2017-03-06 13:23:05 +01:00
agg-tx.c
mac80211: fix TX aggregation start/stop callback race
2017-05-30 09:08:40 +02:00
cfg.c
mac80211: Fix possible sband related NULL pointer de-reference
2017-04-28 12:28:44 +02:00
chan.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-01-17 15:19:37 -05:00
debug.h
mac80211: 802.11p OCB mode support
2014-11-04 13:18:21 +01:00
debugfs_key.c
mac80211: move TKIP TX IVs to public part of key struct
2016-02-24 09:04:38 +01:00
debugfs_key.h
debugfs_netdev.c
mac80211: multicast to unicast conversion
2016-12-13 16:05:11 +01:00
debugfs_netdev.h
mac80211: fix some missing includes
2014-04-09 14:49:43 +02:00
debugfs_sta.c
mac80211: add back lost debugfs files
2017-02-07 10:40:50 +01:00
debugfs_sta.h
debugfs.c
mac80211: check for allocation failure in debugfs code
2017-02-08 10:05:07 +01:00
debugfs.h
mac80211: fix some missing includes
2014-04-09 14:49:43 +02:00
driver-ops.c
mac80211: add offset_tsf driver op and use it for mesh
2016-09-30 13:45:44 +02:00
driver-ops.h
mac80211: add offset_tsf driver op and use it for mesh
2016-09-30 13:45:44 +02:00
ethtool.c
mac80211: move station statistics into sub-structs
2015-10-21 10:08:22 +02:00
fils_aead.c
Some more updates:
2017-02-10 14:31:51 -05:00
fils_aead.h
mac80211: FILS AEAD protection for station mode association frames
2016-10-27 16:03:25 +02:00
ht.c
mac80211: fix TX aggregation start/stop callback race
2017-05-30 09:08:40 +02:00
ibss.c
mac80211: fix IBSS presp allocation size
2017-05-08 11:25:04 +02:00
ieee80211_i.h
mac80211: Fix incorrect condition when checking rx timestamp
2017-06-13 10:24:32 +02:00
iface.c
net: Fix inconsistent teardown and release of private netdev state.
2017-06-07 15:53:24 -04:00
Kconfig
mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher
2017-02-08 09:19:17 +01:00
key.c
mac80211: don't call drv_set_default_unicast_key() for VLANs
2016-12-13 15:57:59 +01:00
key.h
mac80211: aes-cmac: switch to shash CMAC driver
2017-02-08 09:19:33 +01:00
led.c
mac80211: fix throughput LED trigger
2015-05-11 19:16:04 +02:00
led.h
mac80211: make LED triggering depend on activation
2015-05-05 14:21:56 +02:00
main.c
mac80211: disentangle iflist_mtx and chanctx_mtx
2017-04-26 23:17:44 +02:00
Makefile
Makefile: drop -D__CHECK_ENDIAN__ from cflags
2016-12-16 00:13:43 +02:00
mesh_hwmp.c
mac80211: fix mesh fail_avg check
2017-03-06 09:21:46 +01:00
mesh_pathtbl.c
mac80211: Use setup_timer instead of init_timer for mesh path
2017-03-16 10:54:04 +01:00
mesh_plink.c
mac80211: Fix possible sband related NULL pointer de-reference
2017-04-28 12:28:44 +02:00
mesh_ps.c
mac80211: mesh: separate plid and aid concepts
2015-07-17 15:47:11 +02:00
mesh_sync.c
mac80211: Use appropriate name for functions and messages
2016-12-13 16:22:27 +01:00
mesh.c
mac80211: Fix possible sband related NULL pointer de-reference
2017-04-28 12:28:44 +02:00
mesh.h
mac80211: Use appropriate name for functions and messages
2016-12-13 16:22:27 +01:00
michael.c
michael.h
mac80211: fix some missing includes
2014-04-09 14:49:43 +02:00
mlme.c
mac80211: set bss_info data before configuring the channel
2017-06-13 10:24:33 +02:00
ocb.c
mac80211: remove rx_stats.last_rx update after sta alloc
2016-04-06 13:18:15 +02:00
offchannel.c
mac80211: fix CMD_FRAME for AP_VLAN
2016-10-12 09:19:12 +02:00
pm.c
cfg80211: add request id to cfg80211_sched_scan_*() api
2017-04-28 14:51:43 +02:00
rate.c
mac80211: Fix possible sband related NULL pointer de-reference
2017-04-28 12:28:44 +02:00
rate.h
mac80211: make rate control tx status API more extensible
2017-04-28 10:57:33 +02:00
rc80211_minstrel_debugfs.c
mac80211: minstrel: store probability variance instead of standard deviation
2016-12-15 11:07:52 +01:00
rc80211_minstrel_ht_debugfs.c
mac80211: minstrel: store probability variance instead of standard deviation
2016-12-15 11:07:52 +01:00
rc80211_minstrel_ht.c
mac80211: make rate control tx status API more extensible
2017-04-28 10:57:33 +02:00
rc80211_minstrel_ht.h
mac80211: minstrel_ht: move supported bitrate mask out of group data
2016-12-15 11:07:52 +01:00
rc80211_minstrel.c
mac80211: make rate control tx status API more extensible
2017-04-28 10:57:33 +02:00
rc80211_minstrel.h
mac80211: minstrel: make prob_ewma u16 instead of u32
2016-12-15 11:07:53 +01:00
rx.c
mac80211: don't look at the PM bit of BAR frames
2017-06-13 10:24:31 +02:00
scan.c
cfg80211: add request id to cfg80211_sched_scan_*() api
2017-04-28 14:51:43 +02:00
spectmgmt.c
ieee80211: rename CCFS1/CCFS2 to CCFS0/CCFS1
2017-03-06 09:21:43 +01:00
sta_info.c
mac80211: fix dropped counter in multiqueue RX
2017-06-01 21:26:03 +02:00
sta_info.h
mac80211: fix TX aggregation start/stop callback race
2017-05-30 09:08:40 +02:00
status.c
mac80211: add ieee80211_tx_status_ext
2017-04-28 11:08:21 +02:00
tdls.c
mac80211: Fix possible sband related NULL pointer de-reference
2017-04-28 12:28:44 +02:00
tkip.c
mac80211: move TKIP TX IVs to public part of key struct
2016-02-24 09:04:38 +01:00
tkip.h
mac80211: move TKIP TX IVs to public part of key struct
2016-02-24 09:04:38 +01:00
trace_msg.h
mac80211: Move message tracepoints to their own header
2015-04-07 12:32:09 -04:00
trace.c
mac80211: Move message tracepoints to their own header
2015-04-07 12:32:09 -04:00
trace.h
cfg80211: fix NAN bands definition
2017-02-09 15:17:30 +01:00
tx.c
mac80211: Fix possible sband related NULL pointer de-reference
2017-04-28 12:28:44 +02:00
util.c
cfg80211: add request id to cfg80211_sched_scan_*() api
2017-04-28 14:51:43 +02:00
vht.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-01-17 15:19:37 -05:00
wep.c
mac80211: Add RX flag to indicate ICV stripped
2017-01-12 10:15:18 +01:00
wep.h
wme.c
mac80211: preserve more bits when building QoS header
2016-10-12 14:17:13 +02:00
wme.h
mac80211: add WMM admission control support
2014-10-22 10:42:09 +02:00
wpa.c
mac80211: Add RX flag to indicate ICV stripped
2017-01-12 10:15:18 +01:00
wpa.h
mac80111: Add BIP-GMAC-128 and BIP-GMAC-256 ciphers
2015-01-27 11:10:13 +01:00