On 2010-01-11 5:03 PM, Luis R. Rodriguez wrote: > On Sun, Jan 10, 2010 at 9:47 PM, Felix Fietkau <nbd@xxxxxxxxxxx> wrote: >> When ieee80211_monitor_select_queue encounters data frames, it selects >> the WMM AC based on skb->priority and assumes that skb->priority >> contains a valid 802.1d tag. However this assumption is incorrect, since >> ieee80211_select_queue has not been called at this point. >> If skb->priority > 7, an array overrun occurs, which could lead to >> invalid values, resulting in crashes in the tx path. >> Fix this by setting skb->priority based on the 802.11 header for QoS >> frames and using the default AC for all non-QoS frames. >> >> Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx> > > Its unclear whether or not this is a stable fix. It fixes a crash but > does this depend on a patch added recently which is not in stable yet? It depends on the pile of tx queue fixes, and the crash doesn't exist without those. - Felix -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
