From faeaf5a01025edc13b83c90a724d8bff18ab2279 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 14 Jan 2021 20:12:08 +0100 Subject: [PATCH] mac80211: fix an uninitialized stack variable in the minstrel update It can lead to out-of-bounds access and invalid rates Signed-off-by: Felix Fietkau --- ...minstrel_ht-fix-max-probability-rate-select.patch | 12 ++++++++++-- ...-minstrel_ht-increase-stats-update-interval.patch | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch b/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch index a0b918c9a1..0dbfa9d4fb 100644 --- a/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch +++ b/package/kernel/mac80211/patches/subsys/343-mac80211-minstrel_ht-fix-max-probability-rate-select.patch @@ -76,7 +76,15 @@ Signed-off-by: Felix Fietkau bool ht_supported = mi->sta->ht_cap.ht_supported; mi->sample_mode = MINSTREL_SAMPLE_IDLE; -@@ -903,9 +913,6 @@ minstrel_ht_update_stats(struct minstrel +@@ -863,6 +873,7 @@ minstrel_ht_update_stats(struct minstrel + else + index = MINSTREL_OFDM_GROUP * MCS_GROUP_RATES; + ++ tmp_max_prob_rate = index; + for (j = 0; j < ARRAY_SIZE(tmp_mcs_tp_rate); j++) + tmp_mcs_tp_rate[j] = index; + +@@ -903,9 +914,6 @@ minstrel_ht_update_stats(struct minstrel /* Find max throughput rate set within a group */ minstrel_ht_sort_best_tp_rates(mi, index, tmp_group_tp_rate); @@ -86,7 +94,7 @@ Signed-off-by: Felix Fietkau } memcpy(mg->max_group_tp_rate, tmp_group_tp_rate, -@@ -917,6 +924,27 @@ minstrel_ht_update_stats(struct minstrel +@@ -917,6 +925,27 @@ minstrel_ht_update_stats(struct minstrel tmp_legacy_tp_rate); memcpy(mi->max_tp_rate, tmp_mcs_tp_rate, sizeof(mi->max_tp_rate)); diff --git a/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch b/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch index 5c7785f892..9972a9414e 100644 --- a/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch +++ b/package/kernel/mac80211/patches/subsys/344-mac80211-minstrel_ht-increase-stats-update-interval.patch @@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau --- a/net/mac80211/rc80211_minstrel_ht.c +++ b/net/mac80211/rc80211_minstrel_ht.c -@@ -1864,7 +1864,7 @@ minstrel_ht_alloc(struct ieee80211_hw *h +@@ -1865,7 +1865,7 @@ minstrel_ht_alloc(struct ieee80211_hw *h mp->has_mrr = true; mp->hw = hw; -- 2.30.2