ath9k: fix an invalid pointer access in the tx path
SVN-Revision: 32376
This commit is contained in:
Felix Fietkau
@@ -523,3 +523,53 @@
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
|
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
|
@@ -214,6 +214,7 @@ struct ath_frame_info {
|
||||||
|
enum ath9k_key_type keytype;
|
||||||
|
u8 keyix;
|
||||||
|
u8 retries;
|
||||||
|
+ bool short_preamble;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct ath_buf_state {
|
||||||
|
--- a/drivers/net/wireless/ath/ath9k/xmit.c
|
||||||
|
+++ b/drivers/net/wireless/ath/ath9k/xmit.c
|
||||||
|
@@ -938,6 +938,7 @@ static void ath_buf_set_rate(struct ath_
|
||||||
|
struct ieee80211_tx_rate *rates;
|
||||||
|
const struct ieee80211_rate *rate;
|
||||||
|
struct ieee80211_hdr *hdr;
|
||||||
|
+ struct ath_frame_info *fi = get_frame_info(bf->bf_mpdu);
|
||||||
|
int i;
|
||||||
|
u8 rix = 0;
|
||||||
|
|
||||||
|
@@ -957,8 +958,7 @@ static void ath_buf_set_rate(struct ath_
|
||||||
|
rate = ieee80211_get_rts_cts_rate(sc->hw, tx_info);
|
||||||
|
info->rtscts_rate = rate->hw_value;
|
||||||
|
|
||||||
|
- if (tx_info->control.vif &&
|
||||||
|
- tx_info->control.vif->bss_conf.use_short_preamble)
|
||||||
|
+ if (fi->short_preamble)
|
||||||
|
info->rtscts_rate |= rate->hw_value_short;
|
||||||
|
|
||||||
|
for (i = 0; i < 4; i++) {
|
||||||
|
@@ -1779,6 +1779,11 @@ static void setup_frame_info(struct ieee
|
||||||
|
struct ath_frame_info *fi = get_frame_info(skb);
|
||||||
|
struct ath_node *an = NULL;
|
||||||
|
enum ath9k_key_type keytype;
|
||||||
|
+ bool short_preamble = false;
|
||||||
|
+
|
||||||
|
+ if (tx_info->control.vif &&
|
||||||
|
+ tx_info->control.vif->bss_conf.use_short_preamble)
|
||||||
|
+ short_preamble = true;
|
||||||
|
|
||||||
|
keytype = ath9k_cmn_get_hw_crypto_keytype(skb);
|
||||||
|
|
||||||
|
@@ -1794,6 +1799,7 @@ static void setup_frame_info(struct ieee
|
||||||
|
fi->keyix = ATH9K_TXKEYIX_INVALID;
|
||||||
|
fi->keytype = keytype;
|
||||||
|
fi->framelen = framelen;
|
||||||
|
+ fi->short_preamble = short_preamble;
|
||||||
|
}
|
||||||
|
|
||||||
|
u8 ath_txchainmask_reduction(struct ath_softc *sc, u8 chainmask, u32 rate)
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
@@ -620,6 +620,7 @@ struct ath_softc {
|
@@ -621,6 +621,7 @@ struct ath_softc {
|
||||||
struct ieee80211_hw *hw;
|
struct ieee80211_hw *hw;
|
||||||
struct device *dev;
|
struct device *dev;
|
||||||
|
|
||||||
@@ -8,7 +8,7 @@
|
|||||||
struct survey_info *cur_survey;
|
struct survey_info *cur_survey;
|
||||||
struct survey_info survey[ATH9K_NUM_CHANNELS];
|
struct survey_info survey[ATH9K_NUM_CHANNELS];
|
||||||
|
|
||||||
@@ -687,6 +688,7 @@ struct ath_softc {
|
@@ -688,6 +689,7 @@ struct ath_softc {
|
||||||
struct dfs_pattern_detector *dfs_detector;
|
struct dfs_pattern_detector *dfs_detector;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
@@ -243,6 +243,7 @@ struct ath_atx_tid {
|
@@ -244,6 +244,7 @@ struct ath_atx_tid {
|
||||||
struct ath_node *an;
|
struct ath_node *an;
|
||||||
struct ath_atx_ac *ac;
|
struct ath_atx_ac *ac;
|
||||||
unsigned long tx_buf[BITS_TO_LONGS(ATH_TID_MAX_BUFS)];
|
unsigned long tx_buf[BITS_TO_LONGS(ATH_TID_MAX_BUFS)];
|
||||||
@@ -8,7 +8,7 @@
|
|||||||
int bar_index;
|
int bar_index;
|
||||||
u16 seq_start;
|
u16 seq_start;
|
||||||
u16 seq_next;
|
u16 seq_next;
|
||||||
@@ -289,6 +290,9 @@ struct ath_tx_control {
|
@@ -290,6 +291,9 @@ struct ath_tx_control {
|
||||||
* (axq_qnum).
|
* (axq_qnum).
|
||||||
*/
|
*/
|
||||||
struct ath_tx {
|
struct ath_tx {
|
||||||
@@ -74,7 +74,7 @@
|
|||||||
/* Queue to h/w without aggregation */
|
/* Queue to h/w without aggregation */
|
||||||
TX_STAT_INC(txctl->txq->axq_qnum, a_queued_hw);
|
TX_STAT_INC(txctl->txq->axq_qnum, a_queued_hw);
|
||||||
bf->bf_lastbf = bf;
|
bf->bf_lastbf = bf;
|
||||||
@@ -1873,22 +1886,11 @@ error:
|
@@ -1879,22 +1892,11 @@ error:
|
||||||
|
|
||||||
/* FIXME: tx power */
|
/* FIXME: tx power */
|
||||||
static void ath_tx_start_dma(struct ath_softc *sc, struct sk_buff *skb,
|
static void ath_tx_start_dma(struct ath_softc *sc, struct sk_buff *skb,
|
||||||
@@ -99,7 +99,7 @@
|
|||||||
|
|
||||||
if ((tx_info->flags & IEEE80211_TX_CTL_AMPDU) && tid) {
|
if ((tx_info->flags & IEEE80211_TX_CTL_AMPDU) && tid) {
|
||||||
/*
|
/*
|
||||||
@@ -1920,6 +1922,7 @@ int ath_tx_start(struct ieee80211_hw *hw
|
@@ -1926,6 +1928,7 @@ int ath_tx_start(struct ieee80211_hw *hw
|
||||||
struct ieee80211_vif *vif = info->control.vif;
|
struct ieee80211_vif *vif = info->control.vif;
|
||||||
struct ath_softc *sc = hw->priv;
|
struct ath_softc *sc = hw->priv;
|
||||||
struct ath_txq *txq = txctl->txq;
|
struct ath_txq *txq = txctl->txq;
|
||||||
@@ -107,7 +107,7 @@
|
|||||||
int padpos, padsize;
|
int padpos, padsize;
|
||||||
int frmlen = skb->len + FCS_LEN;
|
int frmlen = skb->len + FCS_LEN;
|
||||||
int q;
|
int q;
|
||||||
@@ -1962,6 +1965,24 @@ int ath_tx_start(struct ieee80211_hw *hw
|
@@ -1968,6 +1971,24 @@ int ath_tx_start(struct ieee80211_hw *hw
|
||||||
|
|
||||||
setup_frame_info(hw, skb, frmlen);
|
setup_frame_info(hw, skb, frmlen);
|
||||||
|
|
||||||
@@ -132,7 +132,7 @@
|
|||||||
/*
|
/*
|
||||||
* At this point, the vif, hw_key and sta pointers in the tx control
|
* At this point, the vif, hw_key and sta pointers in the tx control
|
||||||
* info are no longer valid (overwritten by the ath_frame_info data.
|
* info are no longer valid (overwritten by the ath_frame_info data.
|
||||||
@@ -1976,7 +1997,7 @@ int ath_tx_start(struct ieee80211_hw *hw
|
@@ -1982,7 +2003,7 @@ int ath_tx_start(struct ieee80211_hw *hw
|
||||||
txq->stopped = true;
|
txq->stopped = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
|
||||||
@@ -507,6 +507,9 @@ static inline u16 ath9k_btcoex_aggr_limi
|
@@ -508,6 +508,9 @@ static inline u16 ath9k_btcoex_aggr_limi
|
||||||
#ifdef CONFIG_MAC80211_LEDS
|
#ifdef CONFIG_MAC80211_LEDS
|
||||||
void ath_init_leds(struct ath_softc *sc);
|
void ath_init_leds(struct ath_softc *sc);
|
||||||
void ath_deinit_leds(struct ath_softc *sc);
|
void ath_deinit_leds(struct ath_softc *sc);
|
||||||
@@ -10,7 +10,7 @@
|
|||||||
#else
|
#else
|
||||||
static inline void ath_init_leds(struct ath_softc *sc)
|
static inline void ath_init_leds(struct ath_softc *sc)
|
||||||
{
|
{
|
||||||
@@ -620,6 +623,13 @@ struct ath9k_vif_iter_data {
|
@@ -621,6 +624,13 @@ struct ath9k_vif_iter_data {
|
||||||
int nadhocs; /* number of adhoc vifs */
|
int nadhocs; /* number of adhoc vifs */
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -24,7 +24,7 @@
|
|||||||
struct ath_softc {
|
struct ath_softc {
|
||||||
struct ieee80211_hw *hw;
|
struct ieee80211_hw *hw;
|
||||||
struct device *dev;
|
struct device *dev;
|
||||||
@@ -661,9 +671,8 @@ struct ath_softc {
|
@@ -662,9 +672,8 @@ struct ath_softc {
|
||||||
struct ieee80211_supported_band sbands[IEEE80211_NUM_BANDS];
|
struct ieee80211_supported_band sbands[IEEE80211_NUM_BANDS];
|
||||||
|
|
||||||
#ifdef CONFIG_MAC80211_LEDS
|
#ifdef CONFIG_MAC80211_LEDS
|
||||||
|
|||||||
Reference in New Issue
Block a user