On Mon, Jan 11, 2010 at 06:47:00AM +0100, Felix Fietkau wrote: > When ieee80211_monitor_select_queue encounters data frames, it selects > the WMM AC based on skb->priority and assumes that skb->priority > contains a valid 802.1d tag. However this assumption is incorrect, since > ieee80211_select_queue has not been called at this point. > If skb->priority > 7, an array overrun occurs, which could lead to > invalid values, resulting in crashes in the tx path. What you describe here was already reported and fixed: http://marc.info/?l=linux-wireless&m=126287290723244&w=2 http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git;a=commit;h=045cfb71a3901005bf6dcedae98cecb3360a0bfc Your commit message could at least acknowledge this. I.e. write that the existing fix doesn't handle QoS data frames in the optimal way, and then mention this: > Fix this by setting skb->priority based on the 802.11 header for QoS > frames and using the default AC for all non-QoS frames. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
