For hardware with IEEE80211_HW_HAS_RATE_CONTROL the rate controller is not initialized. However, calling functions such as ieee80211_beacon_get result in the rate_control_get_rate function getting called, which is accessing (in this case uninitialized) rate control structures unconditionally. Fix by exiting the function before setting the rates for HW with IEEE80211_HW_HAS_RATE_CONTROL set. The initialization of the ieee80211_tx_info struct is intentionally still executed. Signed-off-by: Juuso Oikarinen <juuso.oikarinen@xxxxxxxxx> Reviewed-by: Kalle Valo <kalle.valo@xxxxxxxxx> Cc: stable@xxxxxxxxxx --- net/mac80211/rate.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 99ab24c..0b299d2 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -303,6 +303,9 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, info->control.rates[i].count = 1; } + if (sdata->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) + return; + ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); /* -- 1.6.3.3 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html