From patchwork Sun Nov 11 19:49:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Hutchings X-Patchwork-Id: 17617 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id 50AC3810FE; Sun, 11 Nov 2018 21:34:47 +0100 (CET) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=88.96.1.126; helo=shadbolt.e.decadent.org.uk; envelope-from=ben@decadent.org.uk; receiver= X-Greylist: delayed 1592 seconds by postgrey-1.36 at open-mesh.org; Sun, 11 Nov 2018 21:34:45 CET Received: from shadbolt.e.decadent.org.uk (shadbolt.e.decadent.org.uk [88.96.1.126]) by open-mesh.org (Postfix) with ESMTPS id D2F67806DA for ; Sun, 11 Nov 2018 21:34:45 +0100 (CET) Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvt0-0000l8-Nm; Sun, 11 Nov 2018 19:59:10 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsS-0001YK-C4; Sun, 11 Nov 2018 19:58:36 +0000 Content-Disposition: inline MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Subject: [B.A.T.M.A.N.] [PATCH 3.16 142/366] cfg80211: initialize sinfo in cfg80211_get_station X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Cc: b.a.t.m.a.n@lists.open-mesh.org, Thomas Lauer , akpm@linux-foundation.org, Johannes Berg Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann commit 3c12d0486856b9eb89c2a9ac336713cba90813e3 upstream. Most of the implementations behind cfg80211_get_station will not initialize sinfo to zero before manipulating it. For example, the member "filled", which indicates the filled in parts of this struct, is often only modified by enabling certain bits in the bitfield while keeping the remaining bits in their original state. A caller without a preinitialized sinfo.filled can then no longer decide which parts of sinfo were filled in by cfg80211_get_station (or actually the underlying implementations). cfg80211_get_station must therefore take care that sinfo is initialized to zero. Otherwise, the caller may tries to read information which was not filled in and which must therefore also be considered uninitialized. In batadv_v_elp_get_throughput's case, an invalid "random" expected throughput may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may switch to non-optimal neighbors for certain destinations. Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API") Reported-by: Thomas Lauer Reported-by: Marcel Schmidt Cc: b.a.t.m.a.n@lists.open-mesh.org Signed-off-by: Sven Eckelmann Signed-off-by: Johannes Berg Signed-off-by: Ben Hutchings --- net/wireless/util.c | 2 ++ 1 file changed, 2 insertions(+) --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -1566,6 +1566,8 @@ int cfg80211_get_station(struct net_devi if (!rdev->ops->get_station) return -EOPNOTSUPP; + memset(sinfo, 0, sizeof(*sinfo)); + return rdev_get_station(rdev, dev, mac_addr, sinfo); } EXPORT_SYMBOL(cfg80211_get_station);