[3.8.y.z extended stable] Patch "mac80211: fix crash if bitrate calculation goes wrong" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Thu Nov 7 22:32:38 UTC 2013

This is a note to let you know that I have just added a patch titled

    mac80211: fix crash if bitrate calculation goes wrong

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:


This patch is scheduled to be released in version

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see



>From 20e95b44f8e2c20c7f8b2a3303e4637fc5cabf14 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg at intel.com>
Date: Fri, 11 Oct 2013 15:47:06 +0200
Subject: mac80211: fix crash if bitrate calculation goes wrong

commit d86aa4f8ca58898ec6a94c0635da20b948171ed7 upstream.

If a frame's timestamp is calculated, and the bitrate
calculation goes wrong and returns zero, the system
will attempt to divide by zero and crash. Catch this
case and print the rate information that the driver
reported when this happens.

Reported-by: Thomas Lindroth <thomas.lindroth at gmail.com>
Signed-off-by: Johannes Berg <johannes.berg at intel.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
 net/mac80211/util.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index f11e8c5..e0ad72d 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -2105,6 +2105,10 @@ u64 ieee80211_calculate_rx_timestamp(struct ieee80211_local *local,

 	rate = cfg80211_calculate_bitrate(&ri);
+	if (WARN_ONCE(!rate,
+		      "Invalid bitrate: flags=0x%x, idx=%d, vht_nss=%d\n",
+		      status->flag, status->rate_idx, status->vht_nss))
+		return 0;

 	/* rewind from end of MPDU */
 	if (status->flag & RX_FLAG_MACTIME_END)

More information about the kernel-team mailing list