aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/p54
diff options
context:
space:
mode:
authorChristian Lamparter <chunkeey@web.de>2009-07-16 20:05:41 +0200
committerJohn W. Linville <linville@tuxdriver.com>2009-07-24 15:05:22 -0400
commit436b37c59416d0d8e21430f7980857fc932eb1e6 (patch)
tree3c603e2495571b2e51f7679863a22c9f507a231c /drivers/net/wireless/p54
parent46df10ae44b4488176bae16da0b31541eb0f8f48 (diff)
downloadkernel_samsung_smdk4412-436b37c59416d0d8e21430f7980857fc932eb1e6.zip
kernel_samsung_smdk4412-436b37c59416d0d8e21430f7980857fc932eb1e6.tar.gz
kernel_samsung_smdk4412-436b37c59416d0d8e21430f7980857fc932eb1e6.tar.bz2
p54: fix a fw crash caused by statistic feedback
This patch fixes a bug which crawled into the tree with the split-up changes. The memory-manager wasn't aware of the statistic feedback extra_len space requirements and happily placed following frames into the allegedly free spots. Thanks fly out to Larry Finger for taking the time to test all (permutations of) patches and theories all day long. Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Christian Lamparter <chunkeey@web.de> Tested-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/p54')
-rw-r--r--drivers/net/wireless/p54/fwio.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/drivers/net/wireless/p54/fwio.c b/drivers/net/wireless/p54/fwio.c
index 349375f..21f1901 100644
--- a/drivers/net/wireless/p54/fwio.c
+++ b/drivers/net/wireless/p54/fwio.c
@@ -686,6 +686,8 @@ int p54_upload_key(struct p54_common *priv, u8 algo, int slot, u8 idx, u8 len,
int p54_fetch_statistics(struct p54_common *priv)
{
+ struct ieee80211_tx_info *txinfo;
+ struct p54_tx_info *p54info;
struct sk_buff *skb;
skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL,
@@ -694,6 +696,20 @@ int p54_fetch_statistics(struct p54_common *priv)
if (!skb)
return -ENOMEM;
+ /*
+ * The statistic feedback causes some extra headaches here, if it
+ * is not to crash/corrupt the firmware data structures.
+ *
+ * Unlike all other Control Get OIDs we can not use helpers like
+ * skb_put to reserve the space for the data we're requesting.
+ * Instead the extra frame length -which will hold the results later-
+ * will only be told to the p54_assign_address, so that following
+ * frames won't be placed into the allegedly empty area.
+ */
+ txinfo = IEEE80211_SKB_CB(skb);
+ p54info = (void *) txinfo->rate_driver_data;
+ p54info->extra_len = sizeof(struct p54_statistics);
+
p54_tx(priv, skb);
return 0;
}