From patchwork Thu Aug 11 10:38:16 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Maxim Altshul <maxim.altshul@ti.com>
X-Patchwork-Id: 9275013
X-Patchwork-Delegate: johannes@sipsolutions.net
Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9FEBC600CB for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 11 Aug 2016 10:32:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90758285DD
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 11 Aug 2016 10:32:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8581F285EA; Thu, 11 Aug 2016 10:32:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B531285DD
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Thu, 11 Aug 2016 10:32:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932166AbcHKKcL (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Thu, 11 Aug 2016 06:32:11 -0400
Received: from bear.ext.ti.com ([198.47.19.11]:49259 "EHLO bear.ext.ti.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751088AbcHKKcI (ORCPT <rfc822; linux-wireless@vger.kernel.org>);
	Thu, 11 Aug 2016 06:32:08 -0400
Received: from dlelxv90.itg.ti.com ([172.17.2.17])
	by bear.ext.ti.com (8.13.7/8.13.7) with ESMTP id u7BAW3nC005462;
	Thu, 11 Aug 2016 05:32:03 -0500
Received: from DFLE72.ent.ti.com (dfle72.ent.ti.com [128.247.5.109])
	by dlelxv90.itg.ti.com (8.14.3/8.13.8) with ESMTP id u7BAW3op032644;
	Thu, 11 Aug 2016 05:32:03 -0500
Received: from dflp33.itg.ti.com (10.64.6.16) by DFLE72.ent.ti.com
	(128.247.5.109) with Microsoft SMTP Server id 14.3.294.0;
	Thu, 11 Aug 2016 05:32:03 -0500
Received: from wlsrv.emea.dhcp.ti.com (ileax41-snat.itg.ti.com
	[10.172.224.153])	by dflp33.itg.ti.com (8.14.3/8.13.8) with ESMTP id
	u7BAW1Z1015651;	Thu, 11 Aug 2016 05:32:02 -0500
From: Maxim Altshul <maxim.altshul@ti.com>
To: <johannes@sipsolutions.net>
CC: <linux-wireless@vger.kernel.org>,
	Maxim Altshul <maxim.altshul@ti.com>
Subject: [PATCH] mac80211: Add protection to get_expected_throughput opcode
Date: Thu, 11 Aug 2016 13:38:16 +0300
Message-ID: <20160811103816.1695-2-maxim.altshul@ti.com>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20160811103816.1695-1-maxim.altshul@ti.com>
References: <20160811103816.1695-1-maxim.altshul@ti.com>
MIME-Version: 1.0
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

To protect the opcode we add a check for sta->uploaded.

This is done to prevent a situation where the function gets
called from userspace for example, before sta is uploaded
to driver, causing a crash.

Also, change headers to comply with the change, wherever the
function was called.

Signed-off-by: Maxim Altshul <maxim.altshul@ti.com>
---
 net/mac80211/driver-ops.h | 8 ++++----
 net/mac80211/sta_info.c   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 1f75195..ec4a690 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -1075,13 +1075,13 @@ static inline void drv_leave_ibss(struct ieee80211_local *local,
 }
 
 static inline u32 drv_get_expected_throughput(struct ieee80211_local *local,
-					      struct ieee80211_sta *sta)
+					      struct sta_info *sta)
 {
 	u32 ret = 0;
 
-	trace_drv_get_expected_throughput(sta);
-	if (local->ops->get_expected_throughput)
-		ret = local->ops->get_expected_throughput(&local->hw, sta);
+	trace_drv_get_expected_throughput(&sta->sta);
+	if (local->ops->get_expected_throughput && sta->uploaded)
+		ret = local->ops->get_expected_throughput(&local->hw, &sta->sta);
 	trace_drv_return_u32(local, ret);
 
 	return ret;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 8860c6c..6624577 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -2108,7 +2108,7 @@ u32 sta_get_expected_throughput(struct sta_info *sta)
 	if (ref && ref->ops->get_expected_throughput)
 		thr = ref->ops->get_expected_throughput(sta->rate_ctrl_priv);
 	else
-		thr = drv_get_expected_throughput(local, &sta->sta);
+		thr = drv_get_expected_throughput(local, sta);
 
 	return thr;
 }