From patchwork Fri Mar 7 07:09:38 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Kazior X-Patchwork-Id: 3788161 Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id BA661BF540 for ; Fri, 7 Mar 2014 07:19:19 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id EC89E2026C for ; Fri, 7 Mar 2014 07:19:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5CEDC2024C for ; Fri, 7 Mar 2014 07:19:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751464AbaCGHTO (ORCPT ); Fri, 7 Mar 2014 02:19:14 -0500 Received: from mail-ee0-f43.google.com ([74.125.83.43]:59285 "EHLO mail-ee0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750896AbaCGHTO (ORCPT ); Fri, 7 Mar 2014 02:19:14 -0500 Received: by mail-ee0-f43.google.com with SMTP id e53so1542594eek.30 for ; Thu, 06 Mar 2014 23:19:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tieto.com; s=google; h=from:to:cc:subject:date:message-id; bh=Ir+UxOXU+PKIyXOW9SNnEvA/8+Omd9lcGzKoju7OYI4=; b=m+DYVnrOa8tdKLzu6lAC96ls7SnfyTBzvADL9mwAHE0x3STocgKY/NPlzIckaEHT1u 0DVXib6AFp8aaa+djaEeEkyTk74M/XLTnhE0ZM+IM3SS7umpR6lqyXWpQsQGycKfVjly CXW2gj+yR2LHkz1ITuWoWvlVq7DRN+R2lSjDs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Ir+UxOXU+PKIyXOW9SNnEvA/8+Omd9lcGzKoju7OYI4=; b=QypNrkiuUAaDxH0H6F7MNaUtUHqb4E4QWIMY4qvGkOCjiIeOBlN62YqUshMtjL9oWl 7ct/P7uKt3pNenKArZHRPRovTOMlO3gq11/AVYeP5UtvjKvH51RKP85dgc6tk7DP6mAP 8CpYurUQ1UnVTEeYVp3yHYq1UHsNcJ4re3tdX9dZZeJ6lHuppUuEI1SD+79CUcY7pGS+ fkxn22PJYV4VBqJUD8SeSI3iyrfn2ctm4ABbLJ7y4psv9hUYZDs2sN39TSsC7dJx0Ig5 LhJkGyZZz6jvtCt4/UYHjIpW9yA18/++A4uiDgpLa1m+z4m9PloL9KzJSBs5Vv9gBvng BuRQ== X-Gm-Message-State: ALoCoQnGPwNb4XPbliY6VHCTQOxkni3hOWweIZyO6uusjuxOeEnniSpvsaopRIO3XIum8+bp+RgsCgyNjTg5lJOvwVrhBY8m/Lgt2FOmqsfxpzT5NsR82XQ= X-Received: by 10.14.218.193 with SMTP id k41mr16493690eep.16.1394176752881; Thu, 06 Mar 2014 23:19:12 -0800 (PST) Received: from localhost.localdomain ([91.198.246.8]) by mx.google.com with ESMTPSA id m1sm3256940een.7.2014.03.06.23.19.10 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Mar 2014 23:19:12 -0800 (PST) From: Michal Kazior To: linux-wireless@vger.kernel.org Cc: johannes@sipsolutions.net, Michal Kazior Subject: [PATCH] mac80211: fix possible NULL dereference Date: Fri, 7 Mar 2014 08:09:38 +0100 Message-Id: <1394176178-8504-1-git-send-email-michal.kazior@tieto.com> X-Mailer: git-send-email 1.8.5.3 X-DomainID: tieto.com Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If chanctx is missing on a given vif then the band is assumed to be 2GHz. However if hw doesn't support 2GHz band then mac80211 ended up with a NULL dereference. This fixes a splat: [ 4605.207223] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [ 4605.210789] IP: [] ieee80211_parse_bitrates+0x65/0x110 [mac80211] The splat was preceeded by WARN_ON(!chanctx_conf) in ieee80211_get_sdata_band(). Signed-off-by: Michal Kazior --- net/mac80211/cfg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index aaa59d7..5513bec 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2002,6 +2002,9 @@ static int ieee80211_change_bss(struct wiphy *wiphy, band = ieee80211_get_sdata_band(sdata); + if (WARN_ON(!wiphy->bands[band])) + return -EINVAL; + if (params->use_cts_prot >= 0) { sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot; changed |= BSS_CHANGED_ERP_CTS_PROT;