UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

mwifiex: fix large amsdu packets causing firmware hang 

Sometimes host prepares and downloads a large amsdu packet to firmware
which leads to a memory corruption in firmware.
The reason is __dev_alloc_skb() may allocate larger buffer than required
size. This patch solves the problem by checking "adapter->tx_buf_size"
instead of relying on skb_tailroom().

Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
This commit is contained in:
Cathy Luo 2016-07-21 16:30:24 +05:30 committed by Kalle Valo
parent 184ca82348
commit c81396f3da
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/net/wireless/marvell/mwifiex/11n_aggr.c
View File

@ -205,7 +205,8 @@ mwifiex_11n_aggregate_pkt(struct mwifiex_private *priv,
do { do {
/* Check if AMSDU can accommodate this MSDU */ /* Check if AMSDU can accommodate this MSDU */
if (skb_tailroom(skb_aggr) < (skb_src->len + LLC_SNAP_LEN)) if ((skb_aggr->len + skb_src->len + LLC_SNAP_LEN) >
adapter->tx_buf_size)
break; break;
skb_src = skb_dequeue(&pra_list->skb_head); skb_src = skb_dequeue(&pra_list->skb_head);