- bcm43xx-fix-array-overrun-in-bcm43xx_geo_init.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled

     bcm43xx: Fix array overrun in bcm43xx_geo_init

has been removed from the -mm tree.  Its filename is

     bcm43xx-fix-array-overrun-in-bcm43xx_geo_init.patch

This patch was probably dropped from -mm because
it has now been merged into a subsystem tree or
into Linus's tree, or because it was folded into
its parent patch in the -mm tree.


From: Michael Buesch <mb@xxxxxxxxx>

The problem here is that the bcm34xx driver and the ieee80211 stack do not
agree on what channels are possible for 802.11a.  The ieee80211 stack only
wants channels between 34 and 165, while the bcm43xx driver accepts
anything from 0 to 200.  I made the bcm43xx driver comply with the
ieee80211 stack expectations, by using the proper constants.

Signed-off-by: Jean Delvare <jdelvare@xxxxxxx>
Signed-off-by: Michael Buesch <mb@xxxxxxxxx>
Cc: "John W. Linville" <linville@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 drivers/net/wireless/bcm43xx/bcm43xx_main.c |   43 ++++++++++--------
 drivers/net/wireless/bcm43xx/bcm43xx_main.h |    6 +-
 2 files changed, 30 insertions(+), 19 deletions(-)

diff -puN drivers/net/wireless/bcm43xx/bcm43xx_main.c~bcm43xx-fix-array-overrun-in-bcm43xx_geo_init drivers/net/wireless/bcm43xx/bcm43xx_main.c
--- devel/drivers/net/wireless/bcm43xx/bcm43xx_main.c~bcm43xx-fix-array-overrun-in-bcm43xx_geo_init	2006-05-10 20:37:32.000000000 -0700
+++ devel-akpm/drivers/net/wireless/bcm43xx/bcm43xx_main.c	2006-05-10 20:37:32.000000000 -0700
@@ -941,9 +941,9 @@ static int bcm43xx_sprom_extract(struct 
 	return 0;
 }
 
-static void bcm43xx_geo_init(struct bcm43xx_private *bcm)
+static int bcm43xx_geo_init(struct bcm43xx_private *bcm)
 {
-	struct ieee80211_geo geo;
+	struct ieee80211_geo *geo;
 	struct ieee80211_channel *chan;
 	int have_a = 0, have_bg = 0;
 	int i;
@@ -951,7 +951,10 @@ static void bcm43xx_geo_init(struct bcm4
 	struct bcm43xx_phyinfo *phy;
 	const char *iso_country;
 
-	memset(&geo, 0, sizeof(geo));
+	geo = kzalloc(sizeof(*geo), GFP_KERNEL);
+	if (!geo)
+		return -ENOMEM;
+
 	for (i = 0; i < bcm->nr_80211_available; i++) {
 		phy = &(bcm->core_80211_ext[i].phy);
 		switch (phy->type) {
@@ -969,31 +972,36 @@ static void bcm43xx_geo_init(struct bcm4
 	iso_country = bcm43xx_locale_iso(bcm->sprom.locale);
 
  	if (have_a) {
-		for (i = 0, channel = 0; channel < 201; channel++) {
-			chan = &geo.a[i++];
+		for (i = 0, channel = IEEE80211_52GHZ_MIN_CHANNEL;
+		      channel <= IEEE80211_52GHZ_MAX_CHANNEL; channel++) {
+			chan = &geo->a[i++];
 			chan->freq = bcm43xx_channel_to_freq_a(channel);
 			chan->channel = channel;
 		}
-		geo.a_channels = i;
+		geo->a_channels = i;
 	}
 	if (have_bg) {
-		for (i = 0, channel = 1; channel < 15; channel++) {
-			chan = &geo.bg[i++];
+		for (i = 0, channel = IEEE80211_24GHZ_MIN_CHANNEL;
+		      channel <= IEEE80211_24GHZ_MAX_CHANNEL; channel++) {
+			chan = &geo->bg[i++];
 			chan->freq = bcm43xx_channel_to_freq_bg(channel);
 			chan->channel = channel;
 		}
-		geo.bg_channels = i;
+		geo->bg_channels = i;
 	}
-	memcpy(geo.name, iso_country, 2);
+	memcpy(geo->name, iso_country, 2);
 	if (0 /*TODO: Outdoor use only */)
-		geo.name[2] = 'O';
+		geo->name[2] = 'O';
 	else if (0 /*TODO: Indoor use only */)
-		geo.name[2] = 'I';
+		geo->name[2] = 'I';
 	else
-		geo.name[2] = ' ';
-	geo.name[3] = '\0';
+		geo->name[2] = ' ';
+	geo->name[3] = '\0';
+
+	ieee80211_set_geo(bcm->ieee, geo);
+	kfree(geo);
 
-	ieee80211_set_geo(bcm->ieee, &geo);
+	return 0;
 }
 
 /* DummyTransmission function, as documented on 
@@ -3466,6 +3474,9 @@ static int bcm43xx_attach_board(struct b
 			goto err_80211_unwind;
 		bcm43xx_wireless_core_disable(bcm);
 	}
+	err = bcm43xx_geo_init(bcm);
+	if (err)
+		goto err_80211_unwind;
 	bcm43xx_pctl_set_crystal(bcm, 0);
 
 	/* Set the MAC address in the networking subsystem */
@@ -3474,8 +3485,6 @@ static int bcm43xx_attach_board(struct b
 	else
 		memcpy(bcm->net_dev->dev_addr, bcm->sprom.il0macaddr, 6);
 
-	bcm43xx_geo_init(bcm);
-
 	snprintf(bcm->nick, IW_ESSID_MAX_SIZE,
 		 "Broadcom %04X", bcm->chip_id);
 
diff -puN drivers/net/wireless/bcm43xx/bcm43xx_main.h~bcm43xx-fix-array-overrun-in-bcm43xx_geo_init drivers/net/wireless/bcm43xx/bcm43xx_main.h
--- devel/drivers/net/wireless/bcm43xx/bcm43xx_main.h~bcm43xx-fix-array-overrun-in-bcm43xx_geo_init	2006-05-10 20:37:32.000000000 -0700
+++ devel-akpm/drivers/net/wireless/bcm43xx/bcm43xx_main.h	2006-05-10 20:37:32.000000000 -0700
@@ -118,12 +118,14 @@ int bcm43xx_channel_to_freq(struct bcm43
 static inline
 int bcm43xx_is_valid_channel_a(u8 channel)
 {
-	return (channel <= 200);
+	return (channel >= IEEE80211_52GHZ_MIN_CHANNEL
+	       && channel <= IEEE80211_52GHZ_MAX_CHANNEL);
 }
 static inline
 int bcm43xx_is_valid_channel_bg(u8 channel)
 {
-	return (channel >= 1 && channel <= 14);
+	return (channel >= IEEE80211_24GHZ_MIN_CHANNEL
+	       && channel <= IEEE80211_24GHZ_MAX_CHANNEL);
 }
 static inline
 int bcm43xx_is_valid_channel(struct bcm43xx_private *bcm,
_

Patches currently in -mm which might be from jdelvare@xxxxxxx are

origin.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux