On Mon, 2023-10-09 at 16:56 +0100, James Dutton wrote:
> /usr/src/linux/net/mac80211/sta_info.c:2424
> case STA_STATS_RATE_TYPE_LEGACY: {
> struct ieee80211_supported_band *sband;
> u16 brate;
> unsigned int shift;
> int band = STA_STATS_GET(LEGACY_BAND, rate);
> int rate_idx = STA_STATS_GET(LEGACY_IDX, rate);
>
> sband = local->hw.wiphy->bands[band];
>
> if (WARN_ON_ONCE(!sband->bitrates)) <------It_crashes_here
> break;
>
> brate = sband->bitrates[rate_idx].bitrate;
> if (rinfo->bw == RATE_INFO_BW_5)
> shift = 2;
> else if (rinfo->bw == RATE_INFO_BW_10)
> shift = 1;
> else
> shift = 0;
> rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
> break;
> }
>
> Looking at this, it can be one of two things:
> 1) local->hw.wiphy->bands[band]; is NULL
Yes, I think that's it.
> 2) bands is an array of 6 items, making band valid for values 0-5.
> If band >= 6, it would cause problems.
Highly unlikely.
> So maybe something along these lines might help:
>
> Signed-off-by: James Courtier-Dutton <james.dutton@xxxxxxxxx>
> --- sta_info.c.org 2023-10-08 19:52:13.578270007 +0100
> +++ sta_info.c.new2 2023-10-08 19:52:09.450214070 +0100
> @@ -2420,7 +2420,26 @@
> int band = STA_STATS_GET(LEGACY_BAND, rate);
> int rate_idx = STA_STATS_GET(LEGACY_IDX, rate);
>
> + if (band >= NUM_NL80211_BANDS) {
> + printk("ERROR: band=%d is too large.
> Returning\n", band);
> + break;
> + }
> +
> sband = local->hw.wiphy->bands[band];
> + if (!sband) {
> + printk("ERROR: sband NULL. Returning\n");
> + break;
> + }
You'd really never want a plain printk, and anyway, that printk is
malformed (no severity string macro).
_Maybe_ change it to WARN_ON_ONCE(!sband || !sband->bitrates) there, but
really I think we should prevent this in the first place.
Is this, by any chance, a device without 2.4 GHz?
johannes
