[3.19.y-ckt stable] Patch "mac80211: fix divide by zero when NOA update" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Mon Nov 30 22:09:55 UTC 2015 

This is a note to let you know that I have just added a patch titled

    mac80211: fix divide by zero when NOA update

to the linux-3.19.y-queue branch of the 3.19.y-ckt extended stable tree 
which can be found at:

    http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y-queue

This patch is scheduled to be released in version 3.19.8-ckt11.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.19.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 3d69b3f09e1b4a45b66c8654ebf980d03cfab82a Mon Sep 17 00:00:00 2001
From: "Janusz.Dziedzic at tieto.com" <Janusz.Dziedzic at tieto.com>
Date: Tue, 27 Oct 2015 08:35:11 +0100
Subject: mac80211: fix divide by zero when NOA update

commit 519ee6918b91abdc4bc9720deae17599a109eb40 upstream.

In case of one shot NOA the interval can be 0, catch that
instead of potentially (depending on the driver) crashing
like this:

divide error: 0000 [#1] SMP
[...]
Call Trace:
<IRQ>
[<ffffffffc08e891c>] ieee80211_extend_absent_time+0x6c/0xb0 [mac80211]
[<ffffffffc08e8a17>] ieee80211_update_p2p_noa+0xb7/0xe0 [mac80211]
[<ffffffffc069cc30>] ath9k_p2p_ps_timer+0x170/0x190 [ath9k]
[<ffffffffc070adf8>] ath_gen_timer_isr+0xc8/0xf0 [ath9k_hw]
[<ffffffffc0691156>] ath9k_tasklet+0x296/0x2f0 [ath9k]
[<ffffffff8107ad65>] tasklet_action+0xe5/0xf0
[...]

Signed-off-by: Janusz Dziedzic <janusz.dziedzic at tieto.com>
Signed-off-by: Johannes Berg <johannes.berg at intel.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/mac80211/util.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 1ce38e7..c5e76cf 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -2891,6 +2891,13 @@ ieee80211_extend_noa_desc(struct ieee80211_noa_data *data, u32 tsf, int i)
 	if (end > 0)
 		return false;

+	/* One shot NOA  */
+	if (data->count[i] == 1)
+		return false;
+
+	if (data->desc[i].interval == 0)
+		return false;
+
 	/* End time is in the past, check for repetitions */
 	skip = DIV_ROUND_UP(-end, data->desc[i].interval);
 	if (data->count[i] < 255) {
--
1.9.1

More information about the kernel-team mailing list