From patchwork Wed Jun 6 08:53:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 10449857 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 54F326053F for ; Wed, 6 Jun 2018 08:54:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 46D0129793 for ; Wed, 6 Jun 2018 08:54:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3B9102987A; Wed, 6 Jun 2018 08:54:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D7B5E29793 for ; Wed, 6 Jun 2018 08:54:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932368AbeFFIyO (ORCPT ); Wed, 6 Jun 2018 04:54:14 -0400 Received: from narfation.org ([79.140.41.39]:50170 "EHLO v3-1039.vlinux.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932263AbeFFIyO (ORCPT ); Wed, 6 Jun 2018 04:54:14 -0400 Received: from sven-desktop.home.narfation.org (p200300C593D4FFFE000000000000070D.dip0.t-ipconnect.de [IPv6:2003:c5:93d4:fffe::70d]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id ACB2D1100D5; Wed, 6 Jun 2018 10:54:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1528275252; bh=7jWgUeD+YzaBvDpVijkT6JjjUjA3F008aERELx8RFrE=; h=From:To:Cc:Subject:Date:From; b=V20cc5OogTAzlNUCVqNGbU1vmim0T8Gy68VSuUvaasHKvap4eFs3uI8aHr3XSey1/ wvCsGsuH4IY2wDOJiNVW0wVBVeWM+70VOs/ozkE5JWmEVIWUvKmk7mF35aIdIdEpfb sAfys4baEkIhKb6fuiEENFLvAJ3YU0I2mQl/808o= From: Sven Eckelmann To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Matthias Fritzsche , Thomas Lauer , Marcel Schmidt , Antonio Quartulli , Sven Eckelmann , b.a.t.m.a.n@lists.open-mesh.org Subject: [PATCH v2] cfg80211: initialize sinfo in cfg80211_get_station Date: Wed, 6 Jun 2018 10:53:55 +0200 Message-Id: <20180606085355.21952-1-sven@narfation.org> X-Mailer: git-send-email 2.11.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Most of the implementations behind cfg80211_get_station will not initialize sinfo to zero before manipulating it. For example, the member "filled", which indicates the filled in parts of this struct, is often only modified by enabling certain bits in the bitfield while keeping the remaining bits in their original state. A caller without a preinitialized sinfo.filled can then no longer decide which parts of sinfo were filled in by cfg80211_get_station (or actually the underlying implementations). cfg80211_get_station must therefore take care that sinfo is initialized to zero. Otherwise, the caller may tries to read information which was not filled in and which must therefore also be considered uninitialized. In batadv_v_elp_get_throughput's case, an invalid "random" expected throughput may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may switch to non-optimal neighbors for certain destinations. Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API") Reported-by: Thomas Lauer Reported-by: Marcel Schmidt Cc: b.a.t.m.a.n@lists.open-mesh.org Signed-off-by: Sven Eckelmann --- v2: - do a complete memset of sinfo, requested by Johannes Berg txt.file, you may want to take care that this is integrated in your firmware. --- net/wireless/util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/wireless/util.c b/net/wireless/util.c index b5bb1c309914..3c654cd7ba56 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -1746,6 +1746,8 @@ int cfg80211_get_station(struct net_device *dev, const u8 *mac_addr, if (!rdev->ops->get_station) return -EOPNOTSUPP; + memset(sinfo, 0, sizeof(*sinfo)); + return rdev_get_station(rdev, dev, mac_addr, sinfo); } EXPORT_SYMBOL(cfg80211_get_station);