2015-03-18 09:13:24

by Avinash Patil

Subject: [PATCH] mwifiex: fix crash in SDIO RX path

With patch '960d6d08e39 "mwifiex: delay skb allocation for RX
until cmd53 over"' we no more pass skb parameter to MP aggregation setup
helper function. We instead pass length to be aggregated.

This patch fixes an issue where we were passing length parameter of NULL
skb to aggregation routine resulting into crash. We should instead pass
rx_len received from mp_regs.

Signed-off-by: Avinash Patil <[email protected]>
Signed-off-by: Amitkumar Karwar <[email protected]>
---
drivers/net/wireless/mwifiex/sdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/mwifiex/sdio.c b/drivers/net/wireless/mwifiex/sdio.c
index 330e9d0..4f08c58 100644
--- a/drivers/net/wireless/mwifiex/sdio.c
+++ b/drivers/net/wireless/mwifiex/sdio.c
@@ -1375,7 +1375,7 @@ rx_curr_single:
if (f_post_aggr_cur) {
dev_dbg(adapter->dev, "info: current packet aggregation\n");
/* Curr pkt can be aggregated */
- mp_rx_aggr_setup(card, skb->len, port);
+ mp_rx_aggr_setup(card, rx_len, port);
}

return 0;
--
1.8.1.4

2015-03-20 07:07:52

by Kalle Valo

Subject: Re: mwifiex: fix crash in SDIO RX path

> With patch '960d6d08e39 "mwifiex: delay skb allocation for RX
> until cmd53 over"' we no more pass skb parameter to MP aggregation setup
> helper function. We instead pass length to be aggregated.
>
> This patch fixes an issue where we were passing length parameter of NULL
> skb to aggregation routine resulting into crash. We should instead pass
> rx_len received from mp_regs.
>
> Signed-off-by: Avinash Patil <[email protected]>
> Signed-off-by: Amitkumar Karwar <[email protected]>

Thanks, applied to wireless-drivers-next.git.

Kalle Valo