[patch 44/45] cfg80211: fix incorrect assumption on last_request for 11d

From: Chris Wright
Date: Tue Mar 31 2009 - 19:38:49 EST


-stable review patch. If anyone has any objections, please let us know.
---------------------

From: Luis R. Rodriguez <lrodriguez@xxxxxxxxxxx>

upstream commit: cc0b6fe88e99096868bdbacbf486c97299533b5a

The incorrect assumption is the last regulatory request
(last_request) is always a country IE when processing
country IEs. Although this is true 99% of the time the
first time this happens this could not be true.

This fixes an oops in the branch check for the last_request
when accessing drv_last_ie. The access was done under the
assumption the struct won't be null.

Note to stable: to port to 29 replace as follows, only 29 has
country IE code:

s|NL80211_REGDOM_SET_BY_COUNTRY_IE|REGDOM_SET_BY_COUNTRY_IE

Cc: stable@xxxxxxxxxx
Reported-by: Quentin Armitage <Quentin@xxxxxxxxxxxxxxx>
Signed-off-by: Luis R. Rodriguez <lrodriguez@xxxxxxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
[chrisw: backport to 2.6.29]
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
---
net/wireless/reg.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1083,6 +1083,8 @@ EXPORT_SYMBOL(regulatory_hint);
static bool reg_same_country_ie_hint(struct wiphy *wiphy,
u32 country_ie_checksum)
{
+ if (unlikely(last_request->initiator != REGDOM_SET_BY_COUNTRY_IE))
+ return false;
if (!last_request->wiphy)
return false;
if (likely(last_request->wiphy != wiphy))
@@ -1133,7 +1135,9 @@ void regulatory_hint_11d(struct wiphy *w
/* We will run this for *every* beacon processed for the BSSID, so
* we optimize an early check to exit out early if we don't have to
* do anything */
- if (likely(last_request->wiphy)) {
+ if (likely(last_request->initiator ==
+ REGDOM_SET_BY_COUNTRY_IE &&
+ likely(last_request->wiphy))) {
struct cfg80211_registered_device *drv_last_ie;

drv_last_ie = wiphy_to_dev(last_request->wiphy);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/