From patchwork Fri Feb 19 11:18:01 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
X-Patchwork-Id: 8359521
X-Patchwork-Delegate: johannes@sipsolutions.net
Return-Path: <linux-wireless-owner@kernel.org>
X-Original-To: patchwork-linux-wireless@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id D32EB9F38B
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Fri, 19 Feb 2016 11:18:10 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id EA7F32039E
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Fri, 19 Feb 2016 11:18:09 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id E290D20265
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Fri, 19 Feb 2016 11:18:08 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1425751AbcBSLSG (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Fri, 19 Feb 2016 06:18:06 -0500
Received: from mail-wm0-f68.google.com ([74.125.82.68]:33247 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750791AbcBSLSE (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Fri, 19 Feb 2016 06:18:04 -0500
Received: by mail-wm0-f68.google.com with SMTP id c200so7405486wme.0
	for <linux-wireless@vger.kernel.org>;
	Fri, 19 Feb 2016 03:18:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=cTTNtI6AumRgp+ygctkggN98rfuaopSvbjELMlY/dwQ=;
	b=oSGWNt5avo90hgGEgsJ1wucwLjoZg47dPq3P67qW1lo+uoXeP1I11oJGfEnUF1r4Gj
	hvAMGlzfKsLAmUrv3b+cQnC+xJ+T6qXtjMDQjCOg3n7g+gYi/eScE/9abn5EpiQtokx9
	37ugclGMJaO7/rTuj6Az4SKjunaEsr/a8DzWJ/ilZd29gh/as49ZXfDnR86Y0YZa3fkH
	qxs7rw5cGRg74bapsK/uTCfeRVRguxVnbpyFVWva/C5af4FyXbZt320l1a7xs7OJ04lZ
	RvfWpjccddWTgRURj/pUe0Jxb1qKweb0o6DBCBC1PBYt0n4izRWhv9uFHprC0IV6dnAp
	SsIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=cTTNtI6AumRgp+ygctkggN98rfuaopSvbjELMlY/dwQ=;
	b=BYUwo/KjtX+9RY1X2DArvsRkaCHEJoKRNSMz9F7FF8QkurckfiBfGWytwjcHeY22NS
	kuyDKxLksxV8N2IX0sAhOUuqOJgrBMSRTC0Pf8ausubXpfnefX09FIxDGEEec5NKaJh2
	eiAOAofrWnG0TB3t+8dUcHoqh8GHOS92+QTRXcbJDy/EC51P6K8XFfkVd3uaFdhbp5i/
	lzAfCdVon3hYjeO2/5hGITJUUE3NJ9fp5c+GD/KSo7l0h3zbzUl3+sz9RXO86E9sp0Tq
	QtWjXemmYvtAKHF47Zk8/065xBYLcf8goLmcBWVTup1fR/wqwBhEx9+49vZ+nuI8QVUi
	aYVQ==
X-Gm-Message-State: 
 AG10YOR5t95YQmH6h5fo5FgZq2kkkub9fDfcAyJAWkeIY6BU4XirISpEk/pRGHLO1Dx/Eg==
X-Received: by 10.28.2.68 with SMTP id 65mr8189928wmc.85.1455880683267;
	Fri, 19 Feb 2016 03:18:03 -0800 (PST)
Received: from localhost.localdomain
	(net-188-152-170-117.cust.dsl.teletu.it. [188.152.170.117])
	by smtp.gmail.com with ESMTPSA id
	ko2sm10771441wjc.9.2016.02.19.03.18.02
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 19 Feb 2016 03:18:02 -0800 (PST)
From: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
To: linux-wireless@vger.kernel.org
Cc: Johannes Berg <johannes@sipsolutions.net>,
	Sven Eckelmann <sven@narfation.org>, nbd@openwrt.org
Subject: [PATCH v2] mac80211: fix wiphy supported_band access
Date: Fri, 19 Feb 2016 12:18:01 +0100
Message-Id: <1455880681-6194-1-git-send-email-lorenzo.bianconi83@gmail.com>
X-Mailer: git-send-email 2.5.0
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Fix wiphy supported_band access in tx radiotap parsing introduced
in commit 5ec3aed9ba4c ("mac80211: Parse legacy and HT rate in
injected frames"). In particular, info->band is always set to 0
(IEEE80211_BAND_2GHZ) since it has not assigned yet.
This cause a kernel crash on 5GHz only devices.
Move ieee80211_parse_tx_radiotap() after info->band assignment

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi83@gmail.com>
---
v2:
- improved the commit message
---
 net/mac80211/tx.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 7bb67fa..b07d037 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1892,10 +1892,6 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
 	info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
 		      IEEE80211_TX_CTL_INJECTED;
 
-	/* process and remove the injection radiotap header */
-	if (!ieee80211_parse_tx_radiotap(local, skb))
-		goto fail;
-
 	rcu_read_lock();
 
 	/*
@@ -1957,6 +1953,10 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
 		goto fail_rcu;
 
 	info->band = chandef->chan->band;
+	/* process and remove the injection radiotap header */
+	if (!ieee80211_parse_tx_radiotap(local, skb))
+		goto fail_rcu;
+
 	ieee80211_xmit(sdata, NULL, skb);
 	rcu_read_unlock();