Начало Каталог Помощ
Вход
RISCI_ATOM
/
librecmc-gitorious
1
0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
ИН на ревизия: 4dadd9eb6d
Клонове Маркери
librecmc-gitori...
/
target
/
linux
/
sunxi
/
patches-3.14
/
231-2-brcmfmac-fix-use-of-skb-ctrlbuf-in-SDIO.patch

231-2-brcmfmac-fix-use-of-skb-ctrlbuf-in-SDIO.patch 2.5 KB
История Директен файл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. From 3eee5fd6d045dc744f98fd684258e3fdfa667fd6 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Arend van Spriel <arend@broadcom.com>
    3. 

  3. Date: Tue, 25 Feb 2014 20:30:27 +0100
    4. 

  4. Subject: [PATCH] brcmfmac: fix use of skb control buffer in SDIO driver part
    5. 

  5. 

  6. The SDIO driver has a 16-bit field defined in the skbuff control buffer.
    7. 

  7. However, it is accessed as a u32 overwriting other control info. Another
    8. 

  8. issue is that the field is not initialized for networking packets, but
    9. 

  9. the control buffer content is unspecified as other networking layers can
    10. 

  10. use it.
    11. 

  11. 

  12. Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
    13. 

  13. Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
    14. 

  14. Reviewed-by: Daniel (Deognyoun) Kim <dekim@broadcom.com>
    15. 

  15. Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
    16. 

  16. Signed-off-by: Arend van Spriel <arend@broadcom.com>
    17. 

  17. Signed-off-by: John W. Linville <linville@tuxdriver.com>
    18. 

  18. ---
    19. 

  19.  drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 10 ++++++----
    20. 

  20.  1 file changed, 6 insertions(+), 4 deletions(-)
    21. 

  21. 

  22. --- a/drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c
    23. 

  23. +++ b/drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c
    24. 

  24. @@ -1955,7 +1955,7 @@ static int brcmf_sdio_txpkt_prep_sg(stru
    25. 

  25.  		memcpy(pkt_pad->data,
    26. 

  26.  		       pkt->data + pkt->len - tail_chop,
    27. 

  27.  		       tail_chop);
    28. 

  28. -		*(u32 *)(pkt_pad->cb) = ALIGN_SKB_FLAG + tail_chop;
    29. 

  29. +		*(u16 *)(pkt_pad->cb) = ALIGN_SKB_FLAG + tail_chop;
    30. 

  30.  		skb_trim(pkt, pkt->len - tail_chop);
    31. 

  31.  		skb_trim(pkt_pad, tail_pad + tail_chop);
    32. 

  32.  		__skb_queue_after(pktq, pkt, pkt_pad);
    33. 

  33. @@ -2003,7 +2003,7 @@ brcmf_sdio_txpkt_prep(struct brcmf_sdio 
    34. 

  34.  		 * already properly aligned and does not
    35. 

  35.  		 * need an sdpcm header.
    36. 

  36.  		 */
    37. 

  37. -		if (*(u32 *)(pkt_next->cb) & ALIGN_SKB_FLAG)
    38. 

  38. +		if (*(u16 *)(pkt_next->cb) & ALIGN_SKB_FLAG)
    39. 

  39.  			continue;
    40. 

  40.  
    41. 

  41.  		/* align packet data pointer */
    42. 

  42. @@ -2067,11 +2067,11 @@ brcmf_sdio_txpkt_postp(struct brcmf_sdio
    43. 

  43.  	u8 *hdr;
    44. 

  44.  	u32 dat_offset;
    45. 

  45.  	u16 tail_pad;
    46. 

  46. -	u32 dummy_flags, chop_len;
    47. 

  47. +	u16 dummy_flags, chop_len;
    48. 

  48.  	struct sk_buff *pkt_next, *tmp, *pkt_prev;
    49. 

  49.  
    50. 

  50.  	skb_queue_walk_safe(pktq, pkt_next, tmp) {
    51. 

  51. -		dummy_flags = *(u32 *)(pkt_next->cb);
    52. 

  52. +		dummy_flags = *(u16 *)(pkt_next->cb);
    53. 

  53.  		if (dummy_flags & ALIGN_SKB_FLAG) {
    54. 

  54.  			chop_len = dummy_flags & ALIGN_SKB_CHOP_LEN_MASK;
    55. 

  55.  			if (chop_len) {
    56. 

  56. @@ -2554,6 +2554,8 @@ static int brcmf_sdio_bus_txdata(struct 
    57. 

  57.  
    58. 

  58.  	/* Priority based enq */
    59. 

  59.  	spin_lock_irqsave(&bus->txqlock, flags);
    60. 

  60. +	/* reset bus_flags in packet cb */
    61. 

  61. +	*(u16 *)(pkt->cb) = 0;
    62. 

  62.  	if (!brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec)) {
    63. 

  63.  		skb_pull(pkt, bus->tx_hdrlen);
    64. 

  64.  		brcmf_err("out of bus->txq !!!\n");
    65.