From: Sven Eckelmann <sven@narfation.org>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org,
Matthias Fritzsche <txt.file@txtfile.eu>,
Thomas Lauer <holminateur@gmail.com>,
Marcel Schmidt <ff.z-casparistrasse@mailbox.org>,
Antonio Quartulli <a@unstable.cc>,
Sven Eckelmann <sven@narfation.org>,
b.a.t.m.a.n@lists.open-mesh.org
Subject: [B.A.T.M.A.N.] [PATCH] cfg80211: initialize sinfo.filled in cfg80211_get_station
Date: Wed, 6 Jun 2018 10:47:02 +0200 [thread overview]
Message-ID: <20180606084702.19825-1-sven@narfation.org> (raw)
Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. The member "filled", which indicates
the filled in parts of this struct, is often only modified by enabling
certain bits in the bitfield while keeping the remaining bits in their
original state. A caller without a preinitialized sinfo.filled can then no
longer decide which parts of sinfo were filled in by cfg80211_get_station
(or actually the underlying implementations).
cfg80211_get_station must therefore take care that sinfo.filled is
initialized to zero. Otherwise, the caller may tries to read information
which was not filled in and which must therefore also be considered
uninitialized. In batadv_v_elp_get_throughput's case, an invalid "random"
expected throughput may be stored for this neighbor and thus the
B.A.T.M.A.N V algorithm may switch to non-optimal neighbors for certain
destinations.
Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API")
Reported-by: Thomas Lauer <holminateur@gmail.com>
Reported-by: Marcel Schmidt <ff.z-casparistrasse@mailbox.org>
Cc: b.a.t.m.a.n@lists.open-mesh.org
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
Matthias, you may want to take care that this is integrated in your
firmware.
---
net/wireless/util.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/wireless/util.c b/net/wireless/util.c
index b5bb1c309914..cd6a695d1230 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1746,6 +1746,8 @@ int cfg80211_get_station(struct net_device *dev, const u8 *mac_addr,
if (!rdev->ops->get_station)
return -EOPNOTSUPP;
+ sinfo->filled = 0;
+
return rdev_get_station(rdev, dev, mac_addr, sinfo);
}
EXPORT_SYMBOL(cfg80211_get_station);
--
2.11.0
reply other threads:[~2018-06-06 8:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180606084702.19825-1-sven@narfation.org \
--to=sven@narfation.org \
--cc=a@unstable.cc \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=ff.z-casparistrasse@mailbox.org \
--cc=holminateur@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=txt.file@txtfile.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).