kern/176201: 11n station includes unrelated ht params into ASSOC_REQ packet

2013-02-16 Thread PseudoCylon 

>Number: 176201
>Category:   kern
>Synopsis:   11n station includes unrelated ht params into ASSOC_REQ packet
>Confidential:   no
>Severity:   non-critical
>Priority:   low
>Responsible:freebsd-bugs
>State:  open
>Quarter:
>Keywords:   
>Date-Required:
>Class:  sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 17 00:10:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: PseudoCylon
>Release:9.1-PRERELEASE
>Organization:
>Environment:
9.1-RELEASE #5: Sun Feb  3 16:22:34 MST 2013 root@mb0:/usr/obj/usr/src/sys/U300 
 amd64
>Description:
When an 11n capable station try to associate with an AP, the station does not 
include maximum Rx size and ampdu density set by the driver into an association 
request packet. So that, the AP might generate ampdu packets bigger than the 
station can handle.

Detailed discussion can be found here.
http://lists.freebsd.org/pipermail/freebsd-wireless/2013-February/002878.html
>How-To-Repeat:
1) Set up an 11n station.
2) Capture an ASSOC_REQ packet sent by the station.
3) Read HT params in the packet.
>Fix:
In a brief testing, attached patch fixed the issue. But, need to be checked the 
patch doesn't break anything.


Patch attached with submission follows:

diff --git a/sys/net80211/ieee80211_ht.c b/sys/net80211/ieee80211_ht.c
index 495c949..9fc5a45 100644
--- a/sys/net80211/ieee80211_ht.c
+++ b/sys/net80211/ieee80211_ht.c
@@ -2652,9 +2652,6 @@ ieee80211_add_htcap_body(uint8_t *frm, struct 
ieee80211_node *ni)
caps |= IEEE80211_HTCAP_CHWIDTH40;
else
caps &= ~IEEE80211_HTCAP_CHWIDTH40;
-   /* use advertised setting (XXX locally constraint) */
-   rxmax = MS(ni->ni_htparam, IEEE80211_HTCAP_MAXRXAMPDU);
-   density = MS(ni->ni_htparam, IEEE80211_HTCAP_MPDUDENSITY);
 
/*
 * NB: Hardware might support HT40 on some but not all
@@ -2672,9 +2669,11 @@ ieee80211_add_htcap_body(uint8_t *frm, struct 
ieee80211_node *ni)
caps |= IEEE80211_HTCAP_CHWIDTH40;
else
caps &= ~IEEE80211_HTCAP_CHWIDTH40;
-   rxmax = vap->iv_ampdu_rxmax;
-   density = vap->iv_ampdu_density;
}
+
+   rxmax = vap->iv_ampdu_rxmax;
+   density = vap->iv_ampdu_density;
+
/* adjust short GI based on channel and config */
if ((vap->iv_flags_ht & IEEE80211_FHT_SHORTGI20) == 0)
caps &= ~IEEE80211_HTCAP_SHORTGI20;


>Release-Note:
>Audit-Trail:
>Unformatted:
___
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Re: bin/175491: [libelf] elf_getdata may return NULL without setting error-message

2013-02-16 Thread Mark Johnston 
The following reply was made to PR bin/175491; it has been noted by GNATS.

From: Mark Johnston 
To: bug-follo...@freebsd.org, m...@aldan.algebra.com
Cc:  
Subject: Re: bin/175491: [libelf] elf_getdata may return NULL without setting
 error-message
Date: Sun, 17 Feb 2013 00:31:03 -0500

 --jousvV0MzM2p6OtC
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Looks like this was fixed in upstream libelf with r1765 and r1766. The
 same bug exists in elf_rawdata(), and this han't been fixed upstream
 either. I'll try to get this fixed both upstream and in FreeBSD's
 libelf; in the meantime, the attached patch should fix the problem.
 
 -Mark
 
 --jousvV0MzM2p6OtC
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="libelf_nullscn.diff"
 
 diff --git a/lib/libelf/elf_data.c b/lib/libelf/elf_data.c
 index c34c4ad..d3bd390 100644
 --- a/lib/libelf/elf_data.c
 +++ b/lib/libelf/elf_data.c
 @@ -78,8 +78,10 @@ elf_getdata(Elf_Scn *s, Elf_Data *d)
sh_align  = s->s_shdr.s_shdr64.sh_addralign;
}
  
 -  if (sh_type == SHT_NULL)
 +  if (sh_type == SHT_NULL) {
 +  LIBELF_SET_ERROR(SECTION, 0);
return (NULL);
 +  }
  
if ((elftype = _libelf_xlate_shtype(sh_type)) < ELF_T_FIRST ||
elftype > ELF_T_LAST || (sh_type != SHT_NOBITS &&
 @@ -219,8 +221,10 @@ elf_rawdata(Elf_Scn *s, Elf_Data *d)
sh_align  = s->s_shdr.s_shdr64.sh_addralign;
}
  
 -  if (sh_type == SHT_NULL)
 +  if (sh_type == SHT_NULL) {
 +  LIBELF_SET_ERROR(SECTION, 0);
return (NULL);
 +  }
  
if ((d = _libelf_allocate_data(s)) == NULL)
return (NULL);
 
 --jousvV0MzM2p6OtC--
___
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"