From: Rajkumar Manoharan <rmanohar@codeaurora.org>
To: johannes@sipsolutions.net, kvalo@codeaurora.org
Cc: linux-wireless@vger.kernel.org, ath11k@lists.infradead.org,
Rajkumar Manoharan <rmanohar@codeaurora.org>
Subject: [PATCH v3 05/11] mac80211: fix memory overlap due to variable length param
Date: Fri, 8 May 2020 17:12:59 -0700 [thread overview]
Message-ID: <1588983185-5741-5-git-send-email-rmanohar@codeaurora.org> (raw)
In-Reply-To: <1588983185-5741-1-git-send-email-rmanohar@codeaurora.org>
As of now HE operation element in bss_conf includes variable length
optional field followed by other HE variable. Though the optional
field never be used, actually it is referring to next member of the
bss_conf structure which is not correct. Fix it by declaring needed
HE operation fields within bss_conf itself.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 3 +--
include/net/mac80211.h | 7 +++++--
net/mac80211/he.c | 13 +++++--------
3 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 9f8bc19cc5ae..06d063274eea 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -1168,8 +1168,7 @@ static void ath11k_peer_assoc_h_he(struct ath11k *ar,
sizeof(arg->peer_he_cap_macinfo));
memcpy(&arg->peer_he_cap_phyinfo, he_cap->he_cap_elem.phy_cap_info,
sizeof(arg->peer_he_cap_phyinfo));
- memcpy(&arg->peer_he_ops, &vif->bss_conf.he_operation,
- sizeof(arg->peer_he_ops));
+ arg->peer_he_ops = vif->bss_conf.he_oper.params;
/* the top most byte is used to indicate BSS color info */
arg->peer_he_ops &= 0xffffff;
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 97fec4d310ac..2af956bdf80c 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -603,7 +603,7 @@ struct ieee80211_ftm_responder_params {
* nontransmitted BSSIDs
* @profile_periodicity: the least number of beacon frames need to be received
* in order to discover all the nontransmitted BSSIDs in the set.
- * @he_operation: HE operation information of the AP we are connected to
+ * @he_oper: HE operation information of the AP we are connected to
* @he_obss_pd: OBSS Packet Detection parameters.
* @he_bss_color: BSS coloring settings, if BSS supports HE
*/
@@ -666,7 +666,10 @@ struct ieee80211_bss_conf {
u8 bssid_indicator;
bool ema_ap;
u8 profile_periodicity;
- struct ieee80211_he_operation he_operation;
+ struct {
+ u32 params;
+ u16 nss_set;
+ } he_oper;
struct ieee80211_he_obss_pd he_obss_pd;
struct cfg80211_he_bss_color he_bss_color;
};
diff --git a/net/mac80211/he.c b/net/mac80211/he.c
index 1087f715338b..f520552b22be 100644
--- a/net/mac80211/he.c
+++ b/net/mac80211/he.c
@@ -57,17 +57,14 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct ieee80211_sub_if_data *sdata,
void
ieee80211_he_op_ie_to_bss_conf(struct ieee80211_vif *vif,
- const struct ieee80211_he_operation *he_op_ie_elem)
+ const struct ieee80211_he_operation *he_op_ie)
{
- struct ieee80211_he_operation *he_operation =
- &vif->bss_conf.he_operation;
-
- if (!he_op_ie_elem) {
- memset(he_operation, 0, sizeof(*he_operation));
+ memset(&vif->bss_conf.he_oper, 0, sizeof(vif->bss_conf.he_oper));
+ if (!he_op_ie)
return;
- }
- vif->bss_conf.he_operation = *he_op_ie_elem;
+ vif->bss_conf.he_oper.params = __le32_to_cpu(he_op_ie->he_oper_params);
+ vif->bss_conf.he_oper.nss_set = __le16_to_cpu(he_op_ie->he_mcs_nss_set);
}
void
--
2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: Rajkumar Manoharan <rmanohar@codeaurora.org>
To: johannes@sipsolutions.net, kvalo@codeaurora.org
Cc: linux-wireless@vger.kernel.org, ath11k@lists.infradead.org,
Rajkumar Manoharan <rmanohar@codeaurora.org>
Subject: [PATCH v3 05/11] mac80211: fix memory overlap due to variable length param
Date: Fri, 8 May 2020 17:12:59 -0700 [thread overview]
Message-ID: <1588983185-5741-5-git-send-email-rmanohar@codeaurora.org> (raw)
In-Reply-To: <1588983185-5741-1-git-send-email-rmanohar@codeaurora.org>
As of now HE operation element in bss_conf includes variable length
optional field followed by other HE variable. Though the optional
field never be used, actually it is referring to next member of the
bss_conf structure which is not correct. Fix it by declaring needed
HE operation fields within bss_conf itself.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 3 +--
include/net/mac80211.h | 7 +++++--
net/mac80211/he.c | 13 +++++--------
3 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 9f8bc19cc5ae..06d063274eea 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -1168,8 +1168,7 @@ static void ath11k_peer_assoc_h_he(struct ath11k *ar,
sizeof(arg->peer_he_cap_macinfo));
memcpy(&arg->peer_he_cap_phyinfo, he_cap->he_cap_elem.phy_cap_info,
sizeof(arg->peer_he_cap_phyinfo));
- memcpy(&arg->peer_he_ops, &vif->bss_conf.he_operation,
- sizeof(arg->peer_he_ops));
+ arg->peer_he_ops = vif->bss_conf.he_oper.params;
/* the top most byte is used to indicate BSS color info */
arg->peer_he_ops &= 0xffffff;
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 97fec4d310ac..2af956bdf80c 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -603,7 +603,7 @@ struct ieee80211_ftm_responder_params {
* nontransmitted BSSIDs
* @profile_periodicity: the least number of beacon frames need to be received
* in order to discover all the nontransmitted BSSIDs in the set.
- * @he_operation: HE operation information of the AP we are connected to
+ * @he_oper: HE operation information of the AP we are connected to
* @he_obss_pd: OBSS Packet Detection parameters.
* @he_bss_color: BSS coloring settings, if BSS supports HE
*/
@@ -666,7 +666,10 @@ struct ieee80211_bss_conf {
u8 bssid_indicator;
bool ema_ap;
u8 profile_periodicity;
- struct ieee80211_he_operation he_operation;
+ struct {
+ u32 params;
+ u16 nss_set;
+ } he_oper;
struct ieee80211_he_obss_pd he_obss_pd;
struct cfg80211_he_bss_color he_bss_color;
};
diff --git a/net/mac80211/he.c b/net/mac80211/he.c
index 1087f715338b..f520552b22be 100644
--- a/net/mac80211/he.c
+++ b/net/mac80211/he.c
@@ -57,17 +57,14 @@ ieee80211_he_cap_ie_to_sta_he_cap(struct ieee80211_sub_if_data *sdata,
void
ieee80211_he_op_ie_to_bss_conf(struct ieee80211_vif *vif,
- const struct ieee80211_he_operation *he_op_ie_elem)
+ const struct ieee80211_he_operation *he_op_ie)
{
- struct ieee80211_he_operation *he_operation =
- &vif->bss_conf.he_operation;
-
- if (!he_op_ie_elem) {
- memset(he_operation, 0, sizeof(*he_operation));
+ memset(&vif->bss_conf.he_oper, 0, sizeof(vif->bss_conf.he_oper));
+ if (!he_op_ie)
return;
- }
- vif->bss_conf.he_operation = *he_op_ie_elem;
+ vif->bss_conf.he_oper.params = __le32_to_cpu(he_op_ie->he_oper_params);
+ vif->bss_conf.he_oper.nss_set = __le16_to_cpu(he_op_ie->he_mcs_nss_set);
}
void
--
2.7.4
_______________________________________________
ath11k mailing list
ath11k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath11k
next prev parent reply other threads:[~2020-05-09 0:13 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-09 0:12 [PATCH v3 01/11] cfg80211: use only HE capability to set prohibited flags in 6 GHz Rajkumar Manoharan
2020-05-09 0:12 ` Rajkumar Manoharan
2020-05-09 0:12 ` [PATCH v3 02/11] cfg80211: handle 6 GHz capability of new station Rajkumar Manoharan
2020-05-09 0:12 ` Rajkumar Manoharan
2020-05-09 0:12 ` [PATCH v3 03/11] nl80211: add HE 6 GHz Band Capability support Rajkumar Manoharan
2020-05-09 0:12 ` Rajkumar Manoharan
2020-05-09 0:12 ` [PATCH v3 04/11] mac80211: add HE 6 GHz Band Capabilities into parse extension Rajkumar Manoharan
2020-05-09 0:12 ` Rajkumar Manoharan
2020-05-09 0:12 ` Rajkumar Manoharan [this message]
2020-05-09 0:12 ` [PATCH v3 05/11] mac80211: fix memory overlap due to variable length param Rajkumar Manoharan
2020-05-09 0:13 ` [PATCH v3 06/11] mac80211: handle HE 6 GHz Capability in HE STA processing Rajkumar Manoharan
2020-05-09 0:13 ` Rajkumar Manoharan
2020-05-09 0:13 ` [PATCH v3 07/11] mac80211: add HE 6 GHz Band Capability IE in Assoc. Request Rajkumar Manoharan
2020-05-09 0:13 ` Rajkumar Manoharan
2020-05-09 0:13 ` [PATCH v3 08/11] mac80211: build HE operation with 6 GHz oper information Rajkumar Manoharan
2020-05-09 0:13 ` Rajkumar Manoharan
2020-05-09 0:13 ` [PATCH v3 09/11] mac80211: do not allow HT/VHT IEs in 6 GHz mesh mode Rajkumar Manoharan
2020-05-09 0:13 ` Rajkumar Manoharan
2020-05-09 0:13 ` [PATCH v3 10/11] mac80211: determine chantype from HE operation in 6 GHz Rajkumar Manoharan
2020-05-09 0:13 ` Rajkumar Manoharan
2020-05-09 0:13 ` [PATCH v3 11/11] ath11k: build HE 6 GHz capability Rajkumar Manoharan
2020-05-09 0:13 ` Rajkumar Manoharan
2020-05-13 19:44 [PATCH v3 01/11] cfg80211: use only HE capability to set prohibited flags in 6 GHz Rajkumar Manoharan
2020-05-13 19:44 ` [PATCH v3 05/11] mac80211: fix memory overlap due to variable length param Rajkumar Manoharan
2020-05-13 19:44 ` Rajkumar Manoharan
2020-05-27 14:28 ` Johannes Berg
2020-05-27 14:28 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1588983185-5741-5-git-send-email-rmanohar@codeaurora.org \
--to=rmanohar@codeaurora.org \
--cc=ath11k@lists.infradead.org \
--cc=johannes@sipsolutions.net \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.