From: Christian Lamparter <chunkeey@web.de>
To: Jouni Malinen <j@w1.fi>
Cc: Johannes Berg <johannes@sipsolutions.net>,
Jouni Malinen <jouni.malinen@atheros.com>,
"John W. Linville" <linville@tuxdriver.com>,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH] ath9k: Fix a NULL pointer dereference in ath_rate_get
Date: Wed, 17 Dec 2008 13:25:26 +0100 [thread overview]
Message-ID: <200812171325.26310.chunkeey@web.de> (raw)
In-Reply-To: <20081217120250.GA19453@jm.kir.nu>
On Wednesday 17 December 2008 13:02:50 Jouni Malinen wrote:
> On Wed, Dec 17, 2008 at 12:30:56PM +0100, Johannes Berg wrote:
> > On Wed, 2008-12-17 at 13:30 +0200, Jouni Malinen wrote:
> > > It looks like mac80211 may try to send unicast frames to a STA that
> > > does not have a STA entry. We need to make sure that that is caught in
> > > the rate control code before dereferencing STA data.
> >
> > This should only happen for injected packets, can you verify? OTOH, AP
> > mode obviously has injected packets (auth response, ...)
>
> I did not check what the exact frame was, but this was indeed in AP mode
> and the frame was most likely from hostapd and as such, an injected
> packet.
>
hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: authenticated
kernel: [ 3130.431067] ------------[ cut here ]------------
kernel: [ 3130.431076] WARNING: at net/mac80211/rc80211_minstrel.c:69 minstrel_rate_init+0xb8/0x320 [mac80211]()
kernel: [ 3130.431081] Modules linked in: p54usb p54pci p54common [...]
kernel: [ 3130.431300] Pid: 16961, comm: hostapd2 Tainted: P 2.6.28-rc7-wl #3
[ 3130.431305] Call Trace:
[ 3130.431318] [<ffffffff802343c1>] warn_on_slowpath+0x51/0x75
[ 3130.431329] [<ffffffff803d74b0>] rb_insert_color+0xba/0xe2
[ 3130.431338] [<ffffffff802480ef>] __remove_hrtimer+0x7c/0x88
[ 3130.431375] [<ffffffffa00bd30e>] minstrel_rate_init+0xb8/0x320 [mac80211]
[ 3130.431417] [<ffffffffa00ae713>] ieee80211_add_station+0x145/0x17d [mac80211]
hostapd: wlan1: STA XX:XX:XX:XX:0d IEEE 802.11: associated (aid 1, accounting session 494187DD-00000000)
kernel: [ 3130.431440] [<ffffffffa00897af>] nl80211_new_station+0x1b3/0x20b [cfg80211]
kernel: [ 3130.431450] [<ffffffff80595691>] mutex_lock+0xd/0x1e
kernel: [ 3130.431459] [<ffffffff804f6f86>] nla_parse+0x4b/0xb2
yup, the Warning just happend right between auth and assoc
Regards,
Chr
next prev parent reply other threads:[~2008-12-17 12:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-17 11:30 [PATCH] ath9k: Fix a NULL pointer dereference in ath_rate_get Jouni Malinen
2008-12-17 11:30 ` Johannes Berg
2008-12-17 12:02 ` Jouni Malinen
2008-12-17 12:25 ` Christian Lamparter [this message]
2008-12-17 12:21 ` Johannes Berg
2008-12-17 13:02 ` Christian Lamparter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200812171325.26310.chunkeey@web.de \
--to=chunkeey@web.de \
--cc=j@w1.fi \
--cc=johannes@sipsolutions.net \
--cc=jouni.malinen@atheros.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.