Re: [PATCH] mac80211: do not call rate control .tx_status before .rate_init

["Arend van Spriel" <arend@broadcom.com>]

On 02/09/2012 09:14 PM, John W. Linville wrote:
> On Thu, Feb 09, 2012 at 01:51:51AM +0100, Felix Fietkau wrote:
>> On 2012-02-09 12:01 AM, Pavel Roskin wrote:
>>> On Wed, 8 Feb 2012 14:44:54 -0500
>>> "John W. Linville" <linville@tuxdriver.com> wrote:
>>>
>>>> On Wed, Feb 08, 2012 at 08:38:00PM +0100, Felix Fietkau wrote:
>>>>> On 2012-02-08 8:25 PM, John W. Linville wrote:
>>>>>> On Wed, Feb 08, 2012 at 07:17:11PM +0100, Felix Fietkau wrote:
>>>>>>> Most rate control implementations assume .get_rate
>>>>>>> and .tx_status are only called once the per-station data has
>>>>>>> been fully initialized. minstrel_ht crashes if this assumption
>>>>>>> is violated.
>>>>>>>
>>>>>>> Signed-off-by: Felix Fietkau <nbd@openwrt.org>
>>>>>>> Tested-by: Arend van Spriel <arend@broadcom.com>
>>>>>>> ---
>>>>>>>  net/mac80211/rate.h |    2 +-
>>>>>>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>>>>>>
>>>>>>> diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
>>>>>>> index 5fc3135..fbb1efd 100644
>>>>>>> --- a/net/mac80211/rate.h
>>>>>>> +++ b/net/mac80211/rate.h
>>>>>>> @@ -37,7 +37,7 @@ static inline void
>>>>>>> rate_control_tx_status(struct ieee80211_local *local, struct
>>>>>>> ieee80211_sta *ista = &sta->sta; void *priv_sta =
>>>>>>> sta->rate_ctrl_priv; 
>>>>>>> -	if (!ref)
>>>>>>> +	if (!ref || !test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
>>>>>>>  		return;
>>>>>>>  
>>>>>>>  	ref->ops->tx_status(ref->priv, sband, ista, priv_sta,
>>>>>>> skb);
>>>>>>
>>>>>> Any reason not to apply this for 3.3?  Or stable?
>>>>> I think 3.3 doesn't have that sta flag, the issue was probably
>>>>> introduced with the 3.4 changes.
>>>>> I don't remember something like this appearing in earlier versions.
>>>>
>>>> Cool, thanks.
>>>
>>> I believe 3.3 is affected.  At least it looks like the Fedora bug 768639
>>> (https://bugzilla.redhat.com/show_bug.cgi?id=768639) is caused by
>>> calling .tx_status at a wrong time.  Fedora kernels use
>>> compat-wireless-3.3.  I'm going to test the bleeding edge
>>> compat-wireless with the patch by Felix to see if it fixes things.
>>>
>>> The lack of the WLAN_STA_RATE_CONTROL flag doesn't mean that the old
>>> behavior was correct.  The flag was introduced to correct that behavior.
>>>
>>> The oldest report is dated 2011-12-17 and it's about Linux 3.2.0-rc5
>>> with compat-wireless-2011-12-01.
>> Only .get_rate and .tx_status are affected, wireless-testing commit
>> e1936e9407138b483e6d1332dd944afec8131f30 adds one of the checks, and my
>> commit adds the other. Maybe John could merge those two to 3.3.
> 
> At least one of them will cause some merge issues.  Can someone try
> the attached patches to verify that they actually fix a real problem
> in 3.3? 
> 
> Thanks!
> 
> John

Hi John,

This patch fixes NULL deref issue I found and bisected in
wireless-testing earlier this week (see [1]). I don't think gives a
problem with 3.3 at the moment.

Gr. AvS

[1] http://www.spinics.net/lists/linux-wireless/msg84575.html