| 1 | From e922d683ca8001ce9a6272d6ab12d74e72c36521 Mon Sep 17 00:00:00 2001 |
| 2 | From: Gabor Juhos <juhosg@openwrt.org> |
| 3 | Date: Tue, 11 Dec 2012 14:15:53 +0100 |
| 4 | Subject: [PATCH v2] rt2x00: zero-out rx_status |
| 5 | |
| 6 | In commit 'mac80211: support radiotap vendor namespace RX data' |
| 7 | new fields were added to 'struct ieee80211_rx_status' and those |
| 8 | fileds must be zeroed. However the rt2x00 driver stores driver |
| 9 | specific data in the cb array of the rx skbs, so the fields |
| 10 | might contain garbage and this can cause unexpected behaviour. |
| 11 | |
| 12 | The rt2x00 driver from the compat-wireless-2012-12-01 |
| 13 | tarball caused the following warning: |
| 14 | |
| 15 | WARNING: at |
| 16 | /devel/ramips/build_dir/target-mipsel_r2_uClibc-0.9.33.2/linux-ramips_rt305x/ |
| 17 | compat-wireless-2012-12-01/net/mac80211/rx.c:115 ieee80211_rx_irqsafe+0x274/0xbcc |
| 18 | [mac80211]() |
| 19 | Modules linked in: dwc_otg ledtrig_usbdev nf_nat_irc |
| 20 | nf_nat_ftp nf_conntrack_irc nf_conntrack_ftp ipt_MASQUERADE |
| 21 | iptable_nat nf_nat pppoe xt_conntrack xt_CT xt_NOTRACK iptable_raw |
| 22 | xt_state nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack pppox |
| 23 | ipt_REJECT xt_TCPMSS xt_comment xt_multiport xt_mac xt_limit |
| 24 | iptable_mangle iptable_filter ip_tables xt_tcpudp x_tables ppp_async |
| 25 | ppp_generic slhc rt2800pci(O) rt2800lib(O) rt2x00soc(O) rt2x00pci(O) |
| 26 | rt2x00lib(O) mac80211(O) usbcore usb_common nls_base crc_itu_t |
| 27 | crc_ccitt eeprom_93cx6 cfg80211(O) compat(O) arc4 aes_generic |
| 28 | crypto_blkcipher cryptomgr aead crypto_hash crypto_algapi leds_gpio |
| 29 | button_hotplug(O) gpio_keys_polled input_polldev input_core |
| 30 | Call Trace: |
| 31 | [<801e96b4>] dump_stack+0x8/0x34 |
| 32 | [<80010a9c>] warn_slowpath_common+0x78/0xa4 |
| 33 | [<80010ae0>] warn_slowpath_null+0x18/0x24 |
| 34 | [<80a9710c>] ieee80211_rx_irqsafe+0x274/0xbcc [mac80211] |
| 35 | |
| 36 | The patch ensures that each field gets initialized with |
| 37 | zeroes. |
| 38 | |
| 39 | Cc: <users@rt2x00.serialmonkey.com> |
| 40 | Signed-off-by: Gabor Juhos <juhosg@openwrt.org> |
| 41 | --- |
| 42 | v2: |
| 43 | - update the commit message and add a comment to the code |
| 44 | - drop the ath5k and p54 patches |
| 45 | --- |
| 46 | drivers/net/wireless/rt2x00/rt2x00dev.c | 8 ++++++++ |
| 47 | 1 file changed, 8 insertions(+) |
| 48 | |
| 49 | --- a/drivers/net/wireless/rt2x00/rt2x00dev.c |
| 50 | +++ b/drivers/net/wireless/rt2x00/rt2x00dev.c |
| 51 | @@ -685,6 +685,14 @@ void rt2x00lib_rxdone(struct queue_entry |
| 52 | * to mac80211. |
| 53 | */ |
| 54 | rx_status = IEEE80211_SKB_RXCB(entry->skb); |
| 55 | + |
| 56 | + /* Ensure that all fields of rx_status are initialized |
| 57 | + * properly. The skb->cb array was used for driver |
| 58 | + * specific informations, so rx_status might contain |
| 59 | + * garbage. |
| 60 | + */ |
| 61 | + memset(rx_status, 0, sizeof(*rx_status)); |
| 62 | + |
| 63 | rx_status->mactime = rxdesc.timestamp; |
| 64 | rx_status->band = rt2x00dev->curr_band; |
| 65 | rx_status->freq = rt2x00dev->curr_freq; |
| 66 | |
