Re: [PATCH 5.4 regression fix] brcmfmac: Fix brcmf_cfg80211_get_channel returning uninitialized fields

Kalle Valo <kvalo@xxxxxxxxxxxxxx> · Fri, 04 Oct 2019 14:19:37 +0300

Hans de Goede <hdegoede@xxxxxxxxxx> writes:

> Hi,
>
> On 10/4/19 12:34 PM, Kalle Valo wrote:
>> Hans de Goede <hdegoede@xxxxxxxxxx> writes:
>>
>>> With the new edmg support struct cfg80211_chan_def has been extended
>>> with a number of new members. brcmf_cfg80211_get_channel() was not setting
>>> (clearing) these causing the cfg80211_edmg_chandef_valid() check in
>>> cfg80211_chandef_valid() to fail. Triggering a WARN_ON and, worse, causing
>>> brcmfmac based wifi cards to not work.
>>>
>>> This commit fixes this by clearing the entire passed struct to 0 before
>>> setting the members used by the brcmfmac code. This solution also makes
>>> sure that this problem will not repeat itself in the future if further
>>> members are added to the struct.
>>>
>>> Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx>
>>> ---
>>>   drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>>> index e3ebb7abbdae..480c05f66ebd 100644
>>> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>>> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
>>> @@ -5041,10 +5041,10 @@ static int brcmf_cfg80211_get_channel(struct wiphy *wiphy,
>>>   	}
>>>     	freq = ieee80211_channel_to_frequency(ch.control_ch_num,
>>> band);
>>> +	memset(chandef, 0, sizeof(*chandef));
>>>   	chandef->chan = ieee80211_get_channel(wiphy, freq);
>>>   	chandef->width = width;
>>>   	chandef->center_freq1 = ieee80211_channel_to_frequency(ch.chnum, band);
>>> -	chandef->center_freq2 = 0;
>>>     	return 0;
>>>   }
>>
>> Is this a separate issue from the cfg80211 fix:
>>
>> cfg80211: initialize on-stack chandefs
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=f43e5210c739fe76a4b0ed851559d6902f20ceb1
>
> No it is the same issue, I was actually wondering if I should do a generic fix
> instead... I'm glad someone has already fixed this with a generic fix. Assuming the
> generic fix is going upstream soon

It's in net tree right now so it should go to Linus' tree soon.

> then this (my) patch can be dropped.

Ok, I'll drop it.

-- 
Kalle Valo