Otherwise, skb_put inside of dma_rx can fail...
Signed-off-by: John W. Linville <[email protected]>
Acked-by: Larry Finger <[email protected]>
---
drivers/net/wireless/b43/dma.c | 2 +-
drivers/net/wireless/b43/dma.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/b43/dma.c b/drivers/net/wireless/b43/dma.c
index 3d5566e..ff0f5ba 100644
--- a/drivers/net/wireless/b43/dma.c
+++ b/drivers/net/wireless/b43/dma.c
@@ -1536,7 +1536,7 @@ static void dma_rx(struct b43_dmaring *ring, int *slot)
dmaaddr = meta->dmaaddr;
goto drop_recycle_buffer;
}
- if (unlikely(len > ring->rx_buffersize)) {
+ if (unlikely(len + ring->frameoffset > ring->rx_buffersize)) {
/* The data did not fit into one descriptor buffer
* and is split over multiple buffers.
* This should never happen, as we try to allocate buffers
diff --git a/drivers/net/wireless/b43/dma.h b/drivers/net/wireless/b43/dma.h
index a01c210..e8a80a1 100644
--- a/drivers/net/wireless/b43/dma.h
+++ b/drivers/net/wireless/b43/dma.h
@@ -163,7 +163,7 @@ struct b43_dmadesc_generic {
/* DMA engine tuning knobs */
#define B43_TXRING_SLOTS 256
#define B43_RXRING_SLOTS 64
-#define B43_DMA0_RX_BUFFERSIZE IEEE80211_MAX_FRAME_LEN
+#define B43_DMA0_RX_BUFFERSIZE (B43_DMA0_RX_FRAMEOFFSET + IEEE80211_MAX_FRAME_LEN)
/* Pointer poison */
#define B43_DMA_PTR_POISON ((void *)ERR_PTR(-ENOMEM))
--
1.7.4
On 03/30/2011 01:12 PM, Rafał Miłecki wrote:
> 2011/3/30 John W. Linville<[email protected]>:
>> Otherwise, skb_put inside of dma_rx can fail...
>
> What would happen then? Of course we wouldn't receive packet, but
> would we get some warning? Could this be reason of memory leak with
> some firmware versions?
You get an skb_over_panic. See
https://bugzilla.kernel.org/show_bug.cgi?id=32042. I do not think a memory leak
is likely.
John: The commit message should mention this as a fix for Bug #32042. In
addition, it should Cc: stable.
Larry
2011/3/30 John W. Linville <[email protected]>:
> Otherwise, skb_put inside of dma_rx can fail...
What would happen then? Of course we wouldn't receive packet, but
would we get some warning? Could this be reason of memory leak with
some firmware versions?
--
Rafał