* [PATCH] orinoco: Fix walking past the end of the buffer
@ 2010-08-11 20:32 ` Denis Kirjanov
0 siblings, 0 replies; 4+ messages in thread
From: Denis Kirjanov @ 2010-08-11 20:32 UTC (permalink / raw)
To: linville; +Cc: proski, hermes, davem, linux-wireless, orinoco-devel, netdev
Fix walking past the end of the bitrate_table array
in the case when the loop counter == BITRATE_TABLE_SIZE.
Mark bitrate as invalid in this case for the orinoco_ioctl_setrate()
Signed-off-by: Denis Kirjanov <dkirjanov@kernel.org>
---
diff --git a/drivers/net/wireless/orinoco/hw.c b/drivers/net/wireless/orinoco/hw.c
index 077baa8..191bc03 100644
--- a/drivers/net/wireless/orinoco/hw.c
+++ b/drivers/net/wireless/orinoco/hw.c
@@ -765,9 +765,12 @@ int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate)
if (bitrate_table[i].intersil_txratectrl == val)
break;
- if (i >= BITRATE_TABLE_SIZE)
+ if (i >= BITRATE_TABLE_SIZE) {
printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
priv->ndev->name, val);
+ *bitrate = 100001; /* Mark as invalid */
+ break;
+ }
*bitrate = bitrate_table[i].bitrate * 100000;
break;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] orinoco: Fix walking past the end of the buffer
@ 2010-08-11 20:32 ` Denis Kirjanov
0 siblings, 0 replies; 4+ messages in thread
From: Denis Kirjanov @ 2010-08-11 20:32 UTC (permalink / raw)
To: linville-2XuSBdqkA4R54TAoqtyWWQ
Cc: proski-mXXj517/zsQ, hermes-xT8FGy+AXnRB3Ne2BGzF6laj5H9X9Tb+,
davem-fT/PcQaiUtIeIZ0/mPfg9Q,
linux-wireless-u79uwXL29TY76Z2rM5mHXA,
orinoco-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f,
netdev-u79uwXL29TY76Z2rM5mHXA
Fix walking past the end of the bitrate_table array
in the case when the loop counter == BITRATE_TABLE_SIZE.
Mark bitrate as invalid in this case for the orinoco_ioctl_setrate()
Signed-off-by: Denis Kirjanov <dkirjanov-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
---
diff --git a/drivers/net/wireless/orinoco/hw.c b/drivers/net/wireless/orinoco/hw.c
index 077baa8..191bc03 100644
--- a/drivers/net/wireless/orinoco/hw.c
+++ b/drivers/net/wireless/orinoco/hw.c
@@ -765,9 +765,12 @@ int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate)
if (bitrate_table[i].intersil_txratectrl == val)
break;
- if (i >= BITRATE_TABLE_SIZE)
+ if (i >= BITRATE_TABLE_SIZE) {
printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
priv->ndev->name, val);
+ *bitrate = 100001; /* Mark as invalid */
+ break;
+ }
*bitrate = bitrate_table[i].bitrate * 100000;
break;
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] orinoco: Fix walking past the end of the buffer
2010-08-11 20:32 ` Denis Kirjanov
(?)
@ 2010-08-14 9:45 ` Dave Kilroy
-1 siblings, 0 replies; 4+ messages in thread
From: Dave Kilroy @ 2010-08-14 9:45 UTC (permalink / raw)
To: Denis Kirjanov
Cc: linville, proski, hermes, davem, linux-wireless, orinoco-devel, netdev
On Wed, Aug 11, 2010 at 9:32 PM, Denis Kirjanov <dkirjanov@kernel.org> wrote:
> diff --git a/drivers/net/wireless/orinoco/hw.c b/drivers/net/wireless/orinoco/hw.c
> index 077baa8..191bc03 100644
> --- a/drivers/net/wireless/orinoco/hw.c
> +++ b/drivers/net/wireless/orinoco/hw.c
> @@ -765,9 +765,12 @@ int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate)
> if (bitrate_table[i].intersil_txratectrl == val)
> break;
>
> - if (i >= BITRATE_TABLE_SIZE)
> + if (i >= BITRATE_TABLE_SIZE) {
> printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
> priv->ndev->name, val);
> + *bitrate = 100001; /* Mark as invalid */
We should propogate the failure by returning an error in the return
code rather than a cryptic bitrate value. The calling function(s)
should then propogate the error through wext/cfg80211 as appropriate.
> + break;
> + }
>
> *bitrate = bitrate_table[i].bitrate * 100000;
> break;
We can also make the structure easier to understand by setting the
bitrate within the for loop. Something like the following (I only have
access to gmail ATM, so can't format a proper patch):
for (i = 0; i < BITRATE_TABLE_SIZE; i++)
if (bitrate_table[i].intersil_txratectrl == val) {
*bitrate = bitrate_table[i].bitrate * 100000;
break;
}
if (i >= BITRATE_TABLE_SIZE) {
printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
priv->ndev->name, val);
err = -EIO; /* maybe chose a better value... */
}
break;
Could you update the patch along those lines please?
Thanks,
Dave.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] orinoco: Fix walking past the end of the buffer
@ 2010-08-21 11:08 David Kilroy
0 siblings, 0 replies; 4+ messages in thread
From: David Kilroy @ 2010-08-21 11:08 UTC (permalink / raw)
To: linux-wireless; +Cc: dkirjanov, David Kilroy
Fix walking past the end of the bitrate_table array
in the case when the loop counter == BITRATE_TABLE_SIZE.
Reported by: Denis Kirjanov <dkirjanov@kernel.org>
Signed-off-by: David Kilroy <kilroyd@googlemail.com>
---
This patch improves upon Denis' original by reporting the error to
the caller and handling it there instead of passing an invalid
bitrate to userspace. In this case we can ignore the error and send
userspace the known configuration.
---
drivers/net/wireless/orinoco/hw.c | 9 ++++++---
drivers/net/wireless/orinoco/wext.c | 11 +++++++++--
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/orinoco/hw.c b/drivers/net/wireless/orinoco/hw.c
index 077baa8..b4772c1 100644
--- a/drivers/net/wireless/orinoco/hw.c
+++ b/drivers/net/wireless/orinoco/hw.c
@@ -762,14 +762,17 @@ int orinoco_hw_get_act_bitrate(struct orinoco_private *priv, int *bitrate)
case FIRMWARE_TYPE_INTERSIL: /* Intersil style rate */
case FIRMWARE_TYPE_SYMBOL: /* Symbol style rate */
for (i = 0; i < BITRATE_TABLE_SIZE; i++)
- if (bitrate_table[i].intersil_txratectrl == val)
+ if (bitrate_table[i].intersil_txratectrl == val) {
+ *bitrate = bitrate_table[i].bitrate * 100000;
break;
+ }
- if (i >= BITRATE_TABLE_SIZE)
+ if (i >= BITRATE_TABLE_SIZE) {
printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
priv->ndev->name, val);
+ err = -EIO;
+ }
- *bitrate = bitrate_table[i].bitrate * 100000;
break;
default:
BUG();
diff --git a/drivers/net/wireless/orinoco/wext.c b/drivers/net/wireless/orinoco/wext.c
index cf7be1e..93505f9 100644
--- a/drivers/net/wireless/orinoco/wext.c
+++ b/drivers/net/wireless/orinoco/wext.c
@@ -589,8 +589,15 @@ static int orinoco_ioctl_getrate(struct net_device *dev,
/* If the interface is running we try to find more about the
current mode */
- if (netif_running(dev))
- err = orinoco_hw_get_act_bitrate(priv, &bitrate);
+ if (netif_running(dev)) {
+ int act_bitrate;
+ int lerr;
+
+ /* Ignore errors if we can't get the actual bitrate */
+ lerr = orinoco_hw_get_act_bitrate(priv, &act_bitrate);
+ if (!lerr)
+ bitrate = act_bitrate;
+ }
orinoco_unlock(priv, &flags);
--
1.7.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-08-21 10:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-11 20:32 [PATCH] orinoco: Fix walking past the end of the buffer Denis Kirjanov
2010-08-11 20:32 ` Denis Kirjanov
2010-08-14 9:45 ` Dave Kilroy
2010-08-21 11:08 David Kilroy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.