wireless: restrict to 32 legacy rates
Since the standards only define 12 legacy rates, 32 is certainly
a sane upper limit and we don't need to use u64 everywhere. Add
sanity checking that no more than 32 rates are registered and
change the variables to u32 throughout.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index a8c7274..70366ef 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -909,11 +909,11 @@
void ieee80211_sta_req_auth(struct ieee80211_sub_if_data *sdata,
struct ieee80211_if_sta *ifsta);
struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
- u8 *bssid, u8 *addr, u64 supp_rates);
+ u8 *bssid, u8 *addr, u32 supp_rates);
int ieee80211_sta_deauthenticate(struct ieee80211_sub_if_data *sdata, u16 reason);
int ieee80211_sta_disassociate(struct ieee80211_sub_if_data *sdata, u16 reason);
u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata);
-u64 ieee80211_sta_get_rates(struct ieee80211_local *local,
+u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
struct ieee802_11_elems *elems,
enum ieee80211_band band);
void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
@@ -1026,7 +1026,7 @@
void ieee802_11_parse_elems(u8 *start, size_t len,
struct ieee802_11_elems *elems);
int ieee80211_set_freq(struct ieee80211_sub_if_data *sdata, int freq);
-u64 ieee80211_mandatory_rates(struct ieee80211_local *local,
+u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
enum ieee80211_band band);
void ieee80211_dynamic_ps_enable_work(struct work_struct *work);
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 82f568e..2d573f8 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -476,7 +476,7 @@
struct ieee80211_local *local = sdata->local;
struct ieee802_11_elems elems;
struct ieee80211_channel *channel;
- u64 supp_rates = 0;
+ u32 supp_rates = 0;
size_t baselen;
int freq;
enum ieee80211_band band = rx_status->band;
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index f1196f5..9e064ee 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -236,7 +236,7 @@
struct ieee80211_mgmt *mgmt, size_t len);
int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata);
/* Mesh plinks */
-void mesh_neighbour_update(u8 *hw_addr, u64 rates,
+void mesh_neighbour_update(u8 *hw_addr, u32 rates,
struct ieee80211_sub_if_data *sdata, bool add);
bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie);
void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata);
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index c140a1b..a8bbdec 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -93,7 +93,7 @@
* on it in the lifecycle management section!
*/
static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
- u8 *hw_addr, u64 rates)
+ u8 *hw_addr, u32 rates)
{
struct ieee80211_local *local = sdata->local;
struct sta_info *sta;
@@ -222,7 +222,7 @@
return 0;
}
-void mesh_neighbour_update(u8 *hw_addr, u64 rates, struct ieee80211_sub_if_data *sdata,
+void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data *sdata,
bool peer_accepting_plinks)
{
struct ieee80211_local *local = sdata->local;
@@ -447,7 +447,7 @@
spin_lock_bh(&sta->lock);
} else if (!sta) {
/* ftype == PLINK_OPEN */
- u64 rates;
+ u32 rates;
if (!mesh_plink_free_count(sdata)) {
mpl_dbg("Mesh plink error: no more free plinks\n");
rcu_read_unlock();
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b9e4b93..9852da5 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -73,7 +73,7 @@
static int ieee80211_compatible_rates(struct ieee80211_bss *bss,
struct ieee80211_supported_band *sband,
- u64 *rates)
+ u32 *rates)
{
int i, j, count;
*rates = 0;
@@ -93,14 +93,14 @@
}
/* also used by mesh code */
-u64 ieee80211_sta_get_rates(struct ieee80211_local *local,
+u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
struct ieee802_11_elems *elems,
enum ieee80211_band band)
{
struct ieee80211_supported_band *sband;
struct ieee80211_rate *bitrates;
size_t num_rates;
- u64 supp_rates;
+ u32 supp_rates;
int i, j;
sband = local->hw.wiphy->bands[band];
@@ -253,7 +253,7 @@
struct ieee80211_bss *bss;
int wmm = 0;
struct ieee80211_supported_band *sband;
- u64 rates = 0;
+ u32 rates = 0;
size_t e_ies_len;
if (ifsta->flags & IEEE80211_STA_PREV_BSSID_SET) {
@@ -1282,7 +1282,7 @@
struct ieee80211_local *local = sdata->local;
struct ieee80211_supported_band *sband;
struct sta_info *sta;
- u64 rates, basic_rates;
+ u32 rates, basic_rates;
u16 capab_info, status_code, aid;
struct ieee802_11_elems elems;
struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
@@ -1639,7 +1639,7 @@
struct sta_info *sta;
struct ieee80211_channel *channel;
u64 beacon_timestamp, rx_timestamp;
- u64 supp_rates = 0;
+ u32 supp_rates = 0;
enum ieee80211_band band = rx_status->band;
if (elems->ds_params && elems->ds_params_len == 1)
@@ -1660,7 +1660,7 @@
sta = sta_info_get(local, mgmt->sa);
if (sta) {
- u64 prev_rates;
+ u32 prev_rates;
prev_rates = sta->sta.supp_rates[band];
/* make sure mandatory rates are always added */
@@ -2526,7 +2526,7 @@
* must be callable in atomic context.
*/
struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
- u8 *bssid,u8 *addr, u64 supp_rates)
+ u8 *bssid,u8 *addr, u32 supp_rates)
{
struct ieee80211_local *local = sdata->local;
struct sta_info *sta;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 3f559e3d..ede96c4 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -731,12 +731,12 @@
return ret;
}
-u64 ieee80211_mandatory_rates(struct ieee80211_local *local,
+u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
enum ieee80211_band band)
{
struct ieee80211_supported_band *sband;
struct ieee80211_rate *bitrates;
- u64 mandatory_rates;
+ u32 mandatory_rates;
enum ieee80211_rate_flags mandatory_flag;
int i;
diff --git a/net/wireless/core.c b/net/wireless/core.c
index b96fc0c..1252264 100644
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -273,10 +273,16 @@
sband->band = band;
- if (!sband->n_channels || !sband->n_bitrates) {
- WARN_ON(1);
+ if (WARN_ON(!sband->n_channels || !sband->n_bitrates))
return -EINVAL;
- }
+
+ /*
+ * Since we use a u32 for rate bitmaps in
+ * ieee80211_get_response_rate, we cannot
+ * have more than 32 legacy rates.
+ */
+ if (WARN_ON(sband->n_bitrates > 32))
+ return -EINVAL;
for (i = 0; i < sband->n_channels; i++) {
sband->channels[i].orig_flags =
diff --git a/net/wireless/util.c b/net/wireless/util.c
index e76cc28..487cdd9 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -9,7 +9,7 @@
struct ieee80211_rate *
ieee80211_get_response_rate(struct ieee80211_supported_band *sband,
- u64 basic_rates, int bitrate)
+ u32 basic_rates, int bitrate)
{
struct ieee80211_rate *result = &sband->bitrates[0];
int i;