[PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link

linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
       [not found]   ` <YvkRBQYLQI2QrnBn@sashalap>
@ 2022-08-15  7:37     ` Stanislaw Gruszka
  2022-08-29  5:44       ` Kalle Valo
  2022-08-30 16:38       ` Kalle Valo
  0 siblings, 2 replies; 3+ messages in thread
From: Stanislaw Gruszka @ 2022-08-15  7:37 UTC (permalink / raw)
  To: Sasha Levin, linux-wireless
  Cc: stable-commits, aleksei.kodanev, Kalle Valo, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni


This reverts commit a8eb8e6f7159c7c20c0ddac428bde3d110890aa7 as
it can cause invalid link quality command sent to the firmware
and address the off-by-one issue by fixing condition of while loop.

Cc: stable@vger.kernel.org
Fixes: a8eb8e6f7159 ("wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()")
Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>
---
 drivers/net/wireless/intel/iwlegacy/4965-rs.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlegacy/4965-rs.c b/drivers/net/wireless/intel/iwlegacy/4965-rs.c
index c62f299b9e0a..d8a5dbf89a02 100644
--- a/drivers/net/wireless/intel/iwlegacy/4965-rs.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-rs.c
@@ -2403,7 +2403,7 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta,
 		/* Repeat initial/next rate.
 		 * For legacy IL_NUMBER_TRY == 1, this loop will not execute.
 		 * For HT IL_HT_NUMBER_TRY == 3, this executes twice. */
-		while (repeat_rate > 0) {
+		while (repeat_rate > 0 && idx < (LINK_QUAL_MAX_RETRY_NUM - 1)) {
 			if (is_legacy(tbl_type.lq_type)) {
 				if (ant_toggle_cnt < NUM_TRY_BEFORE_ANT_TOGGLE)
 					ant_toggle_cnt++;
@@ -2422,8 +2422,6 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta,
 			    cpu_to_le32(new_rate);
 			repeat_rate--;
 			idx++;
-			if (idx >= LINK_QUAL_MAX_RETRY_NUM)
-				goto out;
 		}
 
 		il4965_rs_get_tbl_info_from_mcs(new_rate, lq_sta->band,
@@ -2468,7 +2466,6 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta,
 		repeat_rate--;
 	}
 
-out:
 	lq_cmd->agg_params.agg_frame_cnt_limit = LINK_QUAL_AGG_FRAME_LIMIT_DEF;
 	lq_cmd->agg_params.agg_dis_start_th = LINK_QUAL_AGG_DISABLE_START_DEF;
 
-- 
2.25.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
  2022-08-15  7:37     ` [PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() Stanislaw Gruszka
@ 2022-08-29  5:44       ` Kalle Valo
  2022-08-30 16:38       ` Kalle Valo
  1 sibling, 0 replies; 3+ messages in thread
From: Kalle Valo @ 2022-08-29  5:44 UTC (permalink / raw)
  To: Stanislaw Gruszka
  Cc: Sasha Levin, linux-wireless, stable-commits, aleksei.kodanev,
	David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni

Stanislaw Gruszka <stf_xl@wp.pl> writes:

> This reverts commit a8eb8e6f7159c7c20c0ddac428bde3d110890aa7 as
> it can cause invalid link quality command sent to the firmware
> and address the off-by-one issue by fixing condition of while loop.
>
> Cc: stable@vger.kernel.org
> Fixes: a8eb8e6f7159 ("wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()")
> Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>

Thanks, I'll queue this for v6.0.

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
  2022-08-15  7:37     ` [PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() Stanislaw Gruszka
  2022-08-29  5:44       ` Kalle Valo
@ 2022-08-30 16:38       ` Kalle Valo
  1 sibling, 0 replies; 3+ messages in thread
From: Kalle Valo @ 2022-08-30 16:38 UTC (permalink / raw)
  To: Stanislaw Gruszka
  Cc: Sasha Levin, linux-wireless, stable-commits, aleksei.kodanev,
	David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni

Stanislaw Gruszka <stf_xl@wp.pl> wrote:

> This reverts commit a8eb8e6f7159c7c20c0ddac428bde3d110890aa7 as
> it can cause invalid link quality command sent to the firmware
> and address the off-by-one issue by fixing condition of while loop.
> 
> Cc: stable@vger.kernel.org
> Fixes: a8eb8e6f7159 ("wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()")
> Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl>

Patch applied to wireless.git, thanks.

6d0ef7241553 wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20220815073737.GA999388@wp.pl/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-08-30 16:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20220813203952.1914688-1-sashal@kernel.org>
     [not found] ` <20220814075703.GA847900@wp.pl>
     [not found]   ` <YvkRBQYLQI2QrnBn@sashalap>
2022-08-15  7:37     ` [PATCH 6.0] wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() Stanislaw Gruszka
2022-08-29  5:44       ` Kalle Valo
2022-08-30 16:38       ` Kalle Valo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).