Date: Fri, 29 May 2009 23:41:32 +0000 (UTC) From: Sam Leffler <sam@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r193073 - in head/sys/dev: bwi iwn ral usb/wlan Message-ID: <200905292341.n4TNfWVi090250@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sam Date: Fri May 29 23:41:31 2009 New Revision: 193073 URL: http://svn.freebsd.org/changeset/base/193073 Log: validate tx rate(s) in the raw xmit path Tested by: "Paul B. Mahol" <onemda@gmail.com> (rum, bwi) Modified: head/sys/dev/bwi/if_bwi.c head/sys/dev/iwn/if_iwn.c head/sys/dev/ral/rt2560.c head/sys/dev/usb/wlan/if_rum.c head/sys/dev/usb/wlan/if_ural.c Modified: head/sys/dev/bwi/if_bwi.c ============================================================================== --- head/sys/dev/bwi/if_bwi.c Fri May 29 23:39:16 2009 (r193072) +++ head/sys/dev/bwi/if_bwi.c Fri May 29 23:41:31 2009 (r193073) @@ -3126,6 +3126,7 @@ bwi_encap_raw(struct bwi_softc *sc, int { struct ifnet *ifp = sc->sc_ifp; struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211com *ic = ni->ni_ic; struct bwi_ring_data *rd = &sc->sc_tx_rdata[BWI_TX_DATA_RING]; struct bwi_txbuf_data *tbd = &sc->sc_tx_bdata[BWI_TX_DATA_RING]; struct bwi_txbuf *tb = &tbd->tbd_buf[idx]; @@ -3152,8 +3153,20 @@ bwi_encap_raw(struct bwi_softc *sc, int * Find TX rate */ rate = params->ibp_rate0; - rate_fb = (params->ibp_try1 != 0) ? - params->ibp_rate1 : params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { + /* XXX fall back to mcast/mgmt rate? */ + m_freem(m0); + return EINVAL; + } + if (params->ibp_try1 != 0) { + rate_fb = params->ibp_rate1; + if (!ieee80211_isratevalid(ic->ic_rt, rate_fb)) { + /* XXX fall back to rate0? */ + m_freem(m0); + return EINVAL; + } + } else + rate_fb = rate; tb->tb_rate[0] = rate; tb->tb_rate[1] = rate_fb; sc->sc_tx_rate = rate; Modified: head/sys/dev/iwn/if_iwn.c ============================================================================== --- head/sys/dev/iwn/if_iwn.c Fri May 29 23:39:16 2009 (r193072) +++ head/sys/dev/iwn/if_iwn.c Fri May 29 23:41:31 2009 (r193073) @@ -2227,6 +2227,7 @@ iwn_tx_data_raw(struct iwn_softc *sc, st const struct ieee80211_bpf_params *params) { struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211com *ic = ni->ni_ic; struct iwn_tx_cmd *cmd; struct iwn_cmd_data *tx; struct ieee80211_frame *wh; @@ -2263,6 +2264,11 @@ iwn_tx_data_raw(struct iwn_softc *sc, st /* pick a tx rate */ rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { + /* XXX fall back to mcast/mgmt rate? */ + m_freem(m0); + return EINVAL; + } if (ieee80211_radiotap_active_vap(vap)) { struct iwn_tx_radiotap_header *tap = &sc->sc_txtap; Modified: head/sys/dev/ral/rt2560.c ============================================================================== --- head/sys/dev/ral/rt2560.c Fri May 29 23:39:16 2009 (r193072) +++ head/sys/dev/ral/rt2560.c Fri May 29 23:41:31 2009 (r193073) @@ -1715,6 +1715,7 @@ rt2560_tx_raw(struct rt2560_softc *sc, s struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) { struct ieee80211vap *vap = ni->ni_vap; + struct ieee80211com *ic = ni->ni_ic; struct rt2560_tx_desc *desc; struct rt2560_tx_data *data; bus_dma_segment_t segs[RT2560_MAX_SCATTER]; @@ -1724,9 +1725,8 @@ rt2560_tx_raw(struct rt2560_softc *sc, s desc = &sc->prioq.desc[sc->prioq.cur]; data = &sc->prioq.data[sc->prioq.cur]; - rate = params->ibp_rate0 & IEEE80211_RATE_VAL; - /* XXX validate */ - if (rate == 0) { + rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { /* XXX fall back to mcast/mgmt rate? */ m_freem(m0); return EINVAL; Modified: head/sys/dev/usb/wlan/if_rum.c ============================================================================== --- head/sys/dev/usb/wlan/if_rum.c Fri May 29 23:39:16 2009 (r193072) +++ head/sys/dev/usb/wlan/if_rum.c Fri May 29 23:41:31 2009 (r193073) @@ -1137,6 +1137,7 @@ static int rum_tx_raw(struct rum_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) { + struct ieee80211com *ic = ni->ni_ic; struct rum_tx_data *data; uint32_t flags; int rate, error; @@ -1144,9 +1145,8 @@ rum_tx_raw(struct rum_softc *sc, struct RUM_LOCK_ASSERT(sc, MA_OWNED); KASSERT(params != NULL, ("no raw xmit params")); - rate = params->ibp_rate0 & IEEE80211_RATE_VAL; - /* XXX validate */ - if (rate == 0) { + rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { m_freem(m0); return EINVAL; } Modified: head/sys/dev/usb/wlan/if_ural.c ============================================================================== --- head/sys/dev/usb/wlan/if_ural.c Fri May 29 23:39:16 2009 (r193072) +++ head/sys/dev/usb/wlan/if_ural.c Fri May 29 23:41:31 2009 (r193073) @@ -1192,6 +1192,7 @@ static int ural_tx_raw(struct ural_softc *sc, struct mbuf *m0, struct ieee80211_node *ni, const struct ieee80211_bpf_params *params) { + struct ieee80211com *ic = ni->ni_ic; struct ural_tx_data *data; uint32_t flags; int error; @@ -1200,9 +1201,8 @@ ural_tx_raw(struct ural_softc *sc, struc RAL_LOCK_ASSERT(sc, MA_OWNED); KASSERT(params != NULL, ("no raw xmit params")); - rate = params->ibp_rate0 & IEEE80211_RATE_VAL; - /* XXX validate */ - if (rate == 0) { + rate = params->ibp_rate0; + if (!ieee80211_isratevalid(ic->ic_rt, rate)) { m_freem(m0); return EINVAL; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905292341.n4TNfWVi090250>