mac80211: add check on hw->max_signal value on ieee80211_register_hw

When IEEE80211_HW_SIGNAL_UNSPEC is set, mac80211 will perform a
division by max_signal in ieee80211_bss_info_update. If max_signal
is not properly set by the driver (for example it is zero) this
leads to a divide error and crash.
Thanks to Larry Finger, who pointed me to this.
This patch adds in ieee80211_register_hw one more check to detect
this condition and eventually returns -EINVAL, as already done for
other checks already performed there.

Signed-off-by: andrea merello <andrea.merello@gmail.com>
[move to an already existing SIGNAL_UNSPEC check]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index d767cfb9b45f092606cd37288113e82714b75fe4..1f7d8422d62d865e1d6b2f84021681e0718c898c 100644 (file)
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -893,10 +893,15 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
        /* mac80211 supports control port protocol changing */
        local->hw.wiphy->flags |= WIPHY_FLAG_CONTROL_PORT_PROTOCOL;
 
-       if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
+       if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) {
                local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
-       else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
+       } else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) {
                local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_UNSPEC;
+               if (hw->max_signal <= 0) {
+                       result = -EINVAL;
+                       goto fail_wiphy_register;
+               }
+       }
 
        WARN((local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)
             && (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK),