On 2010-01-12 10:37 AM, Lennert Buytenhek wrote: > On Mon, Jan 11, 2010 at 06:47:00AM +0100, Felix Fietkau wrote: > >> When ieee80211_monitor_select_queue encounters data frames, it selects >> the WMM AC based on skb->priority and assumes that skb->priority >> contains a valid 802.1d tag. However this assumption is incorrect, since >> ieee80211_select_queue has not been called at this point. >> If skb->priority > 7, an array overrun occurs, which could lead to >> invalid values, resulting in crashes in the tx path. > > What you describe here was already reported and fixed: > > http://marc.info/?l=linux-wireless&m=126287290723244&w=2 > http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git;a=commit;h=045cfb71a3901005bf6dcedae98cecb3360a0bfc > > Your commit message could at least acknowledge this. I.e. write > that the existing fix doesn't handle QoS data frames in the optimal > way, and then mention this: Sorry, when I wrote and posted the patch, I hadn't seen your previous fix yet, because I was apparently looking at the wrong tree and had not noticed your submission yet. It only cleanly applied to a tree without your change, but it seems that John fixed it up and replaced your fix with it anyway. - Felix -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
