Commit 2da424b0 authored by Wey-Yi Guy's avatar Wey-Yi Guy Committed by John W. Linville

iwlwifi: Sanity check for sta_id

On my testing, I saw some strange behavior

[  421.739708] iwlwifi 0000:01:00.0: ACTIVATE a non DRIVER active station id 148 addr 00:00:00:00:00:00
[  421.739719] iwlwifi 0000:01:00.0: iwl_sta_ucode_activate Added STA id 148 addr 00:00:00:00:00:00 to uCode

not sure how it happen, but adding the sanity check to prevent memory
corruption
Signed-off-by: default avatarWey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 017664fe
...@@ -35,9 +35,12 @@ ...@@ -35,9 +35,12 @@
#include "iwl-trans.h" #include "iwl-trans.h"
/* priv->shrd->sta_lock must be held */ /* priv->shrd->sta_lock must be held */
static void iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id) static int iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id)
{ {
if (sta_id >= IWLAGN_STATION_COUNT) {
IWL_ERR(priv, "invalid sta_id %u", sta_id);
return -EINVAL;
}
if (!(priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE)) if (!(priv->stations[sta_id].used & IWL_STA_DRIVER_ACTIVE))
IWL_ERR(priv, "ACTIVATE a non DRIVER active station id %u " IWL_ERR(priv, "ACTIVATE a non DRIVER active station id %u "
"addr %pM\n", "addr %pM\n",
...@@ -53,6 +56,7 @@ static void iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id) ...@@ -53,6 +56,7 @@ static void iwl_sta_ucode_activate(struct iwl_priv *priv, u8 sta_id)
IWL_DEBUG_ASSOC(priv, "Added STA id %u addr %pM to uCode\n", IWL_DEBUG_ASSOC(priv, "Added STA id %u addr %pM to uCode\n",
sta_id, priv->stations[sta_id].sta.sta.addr); sta_id, priv->stations[sta_id].sta.sta.addr);
} }
return 0;
} }
static int iwl_process_add_sta_resp(struct iwl_priv *priv, static int iwl_process_add_sta_resp(struct iwl_priv *priv,
...@@ -77,8 +81,7 @@ static int iwl_process_add_sta_resp(struct iwl_priv *priv, ...@@ -77,8 +81,7 @@ static int iwl_process_add_sta_resp(struct iwl_priv *priv,
switch (pkt->u.add_sta.status) { switch (pkt->u.add_sta.status) {
case ADD_STA_SUCCESS_MSK: case ADD_STA_SUCCESS_MSK:
IWL_DEBUG_INFO(priv, "REPLY_ADD_STA PASSED\n"); IWL_DEBUG_INFO(priv, "REPLY_ADD_STA PASSED\n");
iwl_sta_ucode_activate(priv, sta_id); ret = iwl_sta_ucode_activate(priv, sta_id);
ret = 0;
break; break;
case ADD_STA_NO_ROOM_IN_TABLE: case ADD_STA_NO_ROOM_IN_TABLE:
IWL_ERR(priv, "Adding station %d failed, no room in table.\n", IWL_ERR(priv, "Adding station %d failed, no room in table.\n",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment