From: Rohit Fule <[email protected]>
When a user requests scan, driver sends multiple scan requests
to firmware, which might be active or passive. Firmware will
send channel statistics for each channel in the request. This will
be stored in chan_stats array.
Few channels might report hidden SSIDs in passive scan results.
So, once the original scan request is finished, driver issues an
active scan request for all channels which reported hidden SSIDs.
This will cause duplicates in the chan_stats array. At worst,
every channel will have a hidden SSID, in which case the driver
can issue active scan requests for each channel. So the complete
scan statistics size will be twice of existing limit.
At present maximum number of channels returned in scan statistics
is 31(BG) + 14(A) = 45. Clearly there will be an overflow of the
chan_stats array in the above mentioned scenario. To fix this
double the size of chan_stats array.
Signed-off-by: Rohit Fule <[email protected]>
Signed-off-by: Mangesh Malusare <[email protected]>
Signed-off-by: Ganapathi Bhat <[email protected]>
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index ac01af4..f33ed79 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -4201,7 +4201,10 @@ int mwifiex_init_channel_scan_gap(struct mwifiex_adapter *adapter)
if (adapter->config_bands & BAND_A)
n_channels_a = mwifiex_band_5ghz.n_channels;
- adapter->num_in_chan_stats = n_channels_bg + n_channels_a;
+ /* allocate twice the number total channels, since the driver issues an
+ * additional active scan request for hidden SSIDs on passive channels.
+ */
+ adapter->num_in_chan_stats = 2 * (n_channels_bg + n_channels_a);
adapter->chan_stats = vmalloc(sizeof(*adapter->chan_stats) *
adapter->num_in_chan_stats);
--
1.9.1
Ganapathi Bhat <[email protected]> wrote:
> From: Rohit Fule <[email protected]>
>
> When a user requests scan, driver sends multiple scan requests
> to firmware, which might be active or passive. Firmware will
> send channel statistics for each channel in the request. This will
> be stored in chan_stats array.
>
> Few channels might report hidden SSIDs in passive scan results.
> So, once the original scan request is finished, driver issues an
> active scan request for all channels which reported hidden SSIDs.
> This will cause duplicates in the chan_stats array. At worst,
> every channel will have a hidden SSID, in which case the driver
> can issue active scan requests for each channel. So the complete
> scan statistics size will be twice of existing limit.
>
> At present maximum number of channels returned in scan statistics
> is 31(BG) + 14(A) = 45. Clearly there will be an overflow of the
> chan_stats array in the above mentioned scenario. To fix this
> double the size of chan_stats array.
>
> Signed-off-by: Rohit Fule <[email protected]>
> Signed-off-by: Mangesh Malusare <[email protected]>
> Signed-off-by: Ganapathi Bhat <[email protected]>
Patch applied to wireless-drivers-next.git, thanks.
2d5cc60949e0 mwifiex: double the size of chan_stats array in adapter
--
https://patchwork.kernel.org/patch/9984471/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches