From 1a000cfcef8513c659e6f9d49527c7ee3cd81d5a Mon Sep 17 00:00:00 2001 From: Gabor Juhos Date: Tue, 11 Dec 2012 14:16:23 +0000 Subject: [PATCH] mac80211: zero-out rx_status in rt2x00, ath5k, p54 Signed-off-by: Gabor Juhos SVN-Revision: 34627 --- ...06-pending-rt2x00-zero-out-rx_status.patch | 54 +++++++++++++++++++ ...307-pending-ath5k-zero-out-rx_status.patch | 31 +++++++++++ .../308-pending-p54-zero-out-rx_status.patch | 30 +++++++++++ 3 files changed, 115 insertions(+) create mode 100644 package/mac80211/patches/306-pending-rt2x00-zero-out-rx_status.patch create mode 100644 package/mac80211/patches/307-pending-ath5k-zero-out-rx_status.patch create mode 100644 package/mac80211/patches/308-pending-p54-zero-out-rx_status.patch diff --git a/package/mac80211/patches/306-pending-rt2x00-zero-out-rx_status.patch b/package/mac80211/patches/306-pending-rt2x00-zero-out-rx_status.patch new file mode 100644 index 0000000000..1580337adc --- /dev/null +++ b/package/mac80211/patches/306-pending-rt2x00-zero-out-rx_status.patch @@ -0,0 +1,54 @@ +From 84b435b38a84c9a7e8ba33e8d02d2f967f847ce1 Mon Sep 17 00:00:00 2001 +From: Gabor Juhos +Date: Tue, 11 Dec 2012 14:15:53 +0100 +Subject: [PATCH 1/3] rt2x00: zero-out rx_status + +In commit 'mac80211: support radiotap vendor namespace RX data' +new fields were added to 'struct ieee80211_rx_status'. +The rt2x00 driver does not initializes those fields and +this can cause unexpected behaviour. + +The rt2x00 driver from the compat-wireless-2012-12-01 +tarball caused the following warning: + + WARNING: at + /devel/ramips/build_dir/target-mipsel_r2_uClibc-0.9.33.2/linux-ramips_rt305x/ + compat-wireless-2012-12-01/net/mac80211/rx.c:115 ieee80211_rx_irqsafe+0x274/0xbcc + [mac80211]() + Modules linked in: dwc_otg ledtrig_usbdev nf_nat_irc + nf_nat_ftp nf_conntrack_irc nf_conntrack_ftp ipt_MASQUERADE + iptable_nat nf_nat pppoe xt_conntrack xt_CT xt_NOTRACK iptable_raw + xt_state nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack pppox + ipt_REJECT xt_TCPMSS xt_comment xt_multiport xt_mac xt_limit + iptable_mangle iptable_filter ip_tables xt_tcpudp x_tables ppp_async + ppp_generic slhc rt2800pci(O) rt2800lib(O) rt2x00soc(O) rt2x00pci(O) + rt2x00lib(O) mac80211(O) usbcore usb_common nls_base crc_itu_t + crc_ccitt eeprom_93cx6 cfg80211(O) compat(O) arc4 aes_generic + crypto_blkcipher cryptomgr aead crypto_hash crypto_algapi leds_gpio + button_hotplug(O) gpio_keys_polled input_polldev input_core + Call Trace: + [<801e96b4>] dump_stack+0x8/0x34 + [<80010a9c>] warn_slowpath_common+0x78/0xa4 + [<80010ae0>] warn_slowpath_null+0x18/0x24 + [<80a9710c>] ieee80211_rx_irqsafe+0x274/0xbcc [mac80211] + +The patch ensures that each field gets initialized with +zeroes. + +Cc: +Signed-off-by: Gabor Juhos +--- + drivers/net/wireless/rt2x00/rt2x00dev.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/wireless/rt2x00/rt2x00dev.c ++++ b/drivers/net/wireless/rt2x00/rt2x00dev.c +@@ -685,6 +685,8 @@ void rt2x00lib_rxdone(struct queue_entry + * to mac80211. + */ + rx_status = IEEE80211_SKB_RXCB(entry->skb); ++ memset(rx_status, 0, sizeof(*rx_status)); ++ + rx_status->mactime = rxdesc.timestamp; + rx_status->band = rt2x00dev->curr_band; + rx_status->freq = rt2x00dev->curr_freq; diff --git a/package/mac80211/patches/307-pending-ath5k-zero-out-rx_status.patch b/package/mac80211/patches/307-pending-ath5k-zero-out-rx_status.patch new file mode 100644 index 0000000000..3f8723adb0 --- /dev/null +++ b/package/mac80211/patches/307-pending-ath5k-zero-out-rx_status.patch @@ -0,0 +1,31 @@ +From 4c0faf816beeb5d4175cff09c96e668a49ad032f Mon Sep 17 00:00:00 2001 +From: Gabor Juhos +Date: Tue, 11 Dec 2012 14:16:15 +0100 +Subject: [PATCH 2/3] ath5k: zero-out rx_status + +In commit 'mac80211: support radiotap vendor namespace RX data' +new fields were added to 'struct ieee80211_rx_status'. +The ath5k driver does not initializes those fields and +this can cause unexpected behaviour. The patch ensures +that each field gets initialized with zeroes. + +Cc: +Signed-off-by: Gabor Juhos +--- +Compile tested only. +--- + drivers/net/wireless/ath/ath5k/base.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/ath/ath5k/base.c ++++ b/drivers/net/wireless/ath/ath5k/base.c +@@ -1325,8 +1325,8 @@ ath5k_receive_frame(struct ath5k_hw *ah, + ath5k_remove_padding(skb); + + rxs = IEEE80211_SKB_RXCB(skb); ++ memset(rxs, 0, sizeof(*rxs)); + +- rxs->flag = 0; + if (unlikely(rs->rs_status & AR5K_RXERR_MIC)) + rxs->flag |= RX_FLAG_MMIC_ERROR; + diff --git a/package/mac80211/patches/308-pending-p54-zero-out-rx_status.patch b/package/mac80211/patches/308-pending-p54-zero-out-rx_status.patch new file mode 100644 index 0000000000..22ff2609ff --- /dev/null +++ b/package/mac80211/patches/308-pending-p54-zero-out-rx_status.patch @@ -0,0 +1,30 @@ +From 6e73611e574ea3c8fe5afc67ee29d2c5ff777f4b Mon Sep 17 00:00:00 2001 +From: Gabor Juhos +Date: Tue, 11 Dec 2012 14:16:29 +0100 +Subject: [PATCH 3/3] p54: zero-out rx_status + +In commit 'mac80211: support radiotap vendor namespace RX data' +new fields were added to 'struct ieee80211_rx_status'. +The ath5k driver does not initializes those fields and +this can cause unexpected behaviour. The patch ensures +that each field gets initialized with zeroes. + +Cc: Christian Lamparter +Signed-off-by: Gabor Juhos +--- +Compile tested only. +--- + drivers/net/wireless/p54/txrx.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/wireless/p54/txrx.c ++++ b/drivers/net/wireless/p54/txrx.c +@@ -345,6 +345,8 @@ static int p54_rx_data(struct p54_common + if (!(hdr->flags & cpu_to_le16(P54_HDR_FLAG_DATA_IN_FCS_GOOD))) + return 0; + ++ memset(rx_status, 0, sizeof(*rx_status)); ++ + if (hdr->decrypt_status == P54_DECRYPT_OK) + rx_status->flag |= RX_FLAG_DECRYPTED; + if ((hdr->decrypt_status == P54_DECRYPT_FAIL_MICHAEL) || -- 2.30.2