Re: [ 08/12] mac80211: zero initialize count field in ieee80211_tx_rate

[Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>]

Hi Willy,

> On Mon, Mar 12, 2012 at 10:06:23AM +0530, Mohammed Shafi Shajakhan wrote:
>>> So I'm pretty sure this patch is wrong for 2.6.32; it could be
>>> backported but I don't think the change is necessary anyway.
>>
>> true, but i think its better to initialize the count = 0 rather than
>> count = 1, though the older version driver checks for rate[i].idx>= 0
>> in ath_rc_tx_status. while the ath_tx_status has no such iteration in
>> the older driver code.
>
> In practice, if the patch brings nothing and not even correctness, I'd
> rather drop it than make us believe that some issue is fixed. However
> if you think it does happen to fix a real issue in 2.6.32 (possibly
> combined with some other missing patch), please tell me so and I will
> happily undelete it.
>

we can drop it. also as there was no driver code checking for 
rate[i].count in the 2.6.32 driver. i am also not sure this fixes 
something in 2.6.32 but the patch itself is correct.

Pavel fixed a rate control crash in ath9k because of invalid rate index 
(-1) access. we were wondering how is it possible the driver can be 
using a invalid rate index ?
we can simply rule out a rate is invalid checking for (rate[i].idx < 0 
&& rate[i].count != 0)

Pavel found that the driver previously checks "only" for rate[i].count 
as non-zero and this itself seems sufficient as we assumed the invalid 
rate indexes are initialized with  -1, 0 for rate[i].idx and 
rate[i].count respectively. later found that mac80211 rate[i].count 
initializes with '1' for the 'rate[i].count' field.

thus we generically fixed in mac80211(also as per doc) to avoid any such 
issues in any rate control, though we can blame the driver for not 
checking for invalid rate.idx while blindly believing on rate[i].count.

thank you!

-- 
thanks,
shafi