From: Johannes Berg johannes.berg@intel.com
stable inclusion from stable-v5.10.148 commit 3539e75abe3c9e5acc0b40b06773bc5aac0e358e category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6D0WL
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 1833b6f46d7e2830251a063935ab464256defe22 upstream.
If the tool on the other side (e.g. wmediumd) gets confused about the rate, we hit a warning in mac80211. Silence that by effectively duplicating the check here and dropping the frame silently (in mac80211 it's dropped with the warning).
Reported-by: Sönke Huster shuster@seemoo.tu-darmstadt.de Tested-by: Sönke Huster shuster@seemoo.tu-darmstadt.de Signed-off-by: Johannes Berg johannes.berg@intel.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Jialin Zhang zhangjialin11@huawei.com Reviewed-by: Zheng Zengkai zhengzengkai@huawei.com --- drivers/net/wireless/mac80211_hwsim.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c index 188f907dcd13..16411fdaee0a 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3675,6 +3675,8 @@ static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2,
rx_status.band = channel->band; rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]); + if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates) + goto out; rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);
hdr = (void *)skb->data;