kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   4afe74fcfdc2b10867fb8d46e3f7c1af040ce4f2
  2.   patches.suse
  3.   mt76-add-sanity-check-for-a-mpdu-rx-wcid-index.patch
Blob Blame History Raw 
From bf5238b25ac373cb2a544fe8554fd66fc9e04efc Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 10 Oct 2019 21:59:46 +0200
Subject: [PATCH] mt76: add sanity check for a-mpdu rx wcid index
Git-commit: bf5238b25ac373cb2a544fe8554fd66fc9e04efc
Patch-mainline: v5.5-rc1
References: jsc#SLE-13430

Avoid dereferencing invalid ids

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Takashi Iwai <tiwai@suse.de>

---
 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wireless/mediatek/mt76/mac80211.c
index 4e6f14ca00f2..a3975e3795ee 100644
--- a/drivers/net/wireless/mediatek/mt76/mac80211.c
+++ b/drivers/net/wireless/mediatek/mt76/mac80211.c
@@ -644,7 +644,7 @@ mt76_airtime_flush_ampdu(struct mt76_dev *dev)
 		return;
 
 	wcid_idx = dev->rx_ampdu_status.wcid_idx;
-	if (dev->rx_ampdu_status.wcid_idx != 0xff)
+	if (wcid_idx < ARRAY_SIZE(dev->wcid))
 		wcid = rcu_dereference(dev->wcid[wcid_idx]);
 	else
 		wcid = NULL;
-- 
2.16.4
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.