From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Marc Kleine-Budde <mkl@blackshift.org>,
Helmut Schaa <helmut.schaa@googlemail.com>,
"John W. Linville" <linville@tuxdriver.com>
Subject: [ 10/14] ath9k_htc: Restore skb headroom when returning skb to mac80211
Date: Thu, 5 Sep 2013 13:28:21 -0700 [thread overview]
Message-ID: <20130905202615.603824526@linuxfoundation.org> (raw)
In-Reply-To: <20130905202614.354156084@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helmut Schaa <helmut.schaa@googlemail.com>
commit d2e9fc141e2aa21f4b35ee27072d84e9aa6e2ba0 upstream.
ath9k_htc adds padding between the 802.11 header and the payload during
TX by moving the header. When handing the frame back to mac80211 for TX
status handling the header is not moved back into its original position.
This can result in a too small skb headroom when entering ath9k_htc
again (due to a soft retransmission for example) causing an
skb_under_panic oops.
Fix this by moving the 802.11 header back into its original position
before returning the frame to mac80211 as other drivers like rt2x00
or ath5k do.
Reported-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Tested-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -448,6 +448,7 @@ static void ath9k_htc_tx_process(struct
struct ieee80211_conf *cur_conf = &priv->hw->conf;
bool txok;
int slot;
+ int hdrlen, padsize;
slot = strip_drv_header(priv, skb);
if (slot < 0) {
@@ -504,6 +505,15 @@ send_mac80211:
ath9k_htc_tx_clear_slot(priv, slot);
+ /* Remove padding before handing frame back to mac80211 */
+ hdrlen = ieee80211_get_hdrlen_from_skb(skb);
+
+ padsize = hdrlen & 3;
+ if (padsize && skb->len > hdrlen + padsize) {
+ memmove(skb->data + padsize, skb->data, hdrlen);
+ skb_pull(skb, padsize);
+ }
+
/* Send status to mac80211 */
ieee80211_tx_status(priv->hw, skb);
}
next prev parent reply other threads:[~2013-09-05 20:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-05 20:28 [ 00/14] 3.4.61-stable review Greg Kroah-Hartman
2013-09-05 20:28 ` [ 01/14] jfs: fix readdir cookie incompatibility with NFSv4 Greg Kroah-Hartman
2013-09-05 20:28 ` [ 02/14] ALSA: opti9xx: Fix conflicting driver object name Greg Kroah-Hartman
2013-09-05 20:28 ` [ 03/14] powerpc: Work around gcc miscompilation of __pa() on 64-bit Greg Kroah-Hartman
2013-09-05 20:28 ` [ 04/14] powerpc/hvsi: Increase handshake timeout from 200ms to 400ms Greg Kroah-Hartman
2013-09-05 20:28 ` [ 05/14] regmap: silence GCC warning Greg Kroah-Hartman
2013-09-05 20:28 ` [ 06/14] drivers/base/memory.c: fix show_mem_removable() to handle missing sections Greg Kroah-Hartman
2013-09-05 20:28 ` [ 07/14] drm/vmwgfx: Split GMR2_REMAP commands if they are to large Greg Kroah-Hartman
2013-09-05 20:28 ` [ 08/14] drm/i915: ivb: fix edp voltage swing reg val Greg Kroah-Hartman
2013-09-05 20:28 ` [ 09/14] SUNRPC: Fix memory corruption issue on 32-bit highmem systems Greg Kroah-Hartman
2013-09-05 20:28 ` Greg Kroah-Hartman [this message]
2013-09-05 20:28 ` [ 11/14] iwl4965: fix rfkill set state regression Greg Kroah-Hartman
2013-09-05 20:28 ` [ 12/14] ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT Greg Kroah-Hartman
2013-09-05 20:28 ` [ 13/14] target: Fix trailing ASCII space usage in INQUIRY vendor+model Greg Kroah-Hartman
2013-09-05 20:28 ` [ 14/14] SCSI: sg: Fix user memory corruption when SG_IO is interrupted by a signal Greg Kroah-Hartman
2013-09-05 22:56 ` [ 00/14] 3.4.61-stable review Guenter Roeck
2013-09-06 16:39 ` Greg Kroah-Hartman
2013-09-06 17:58 ` Guenter Roeck
2013-09-06 17:47 ` Shuah Khan
2013-09-06 18:46 ` Greg Kroah-Hartman
2013-09-06 22:23 ` Shuah Khan
2013-09-06 23:11 ` Greg Kroah-Hartman
2013-09-06 23:24 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130905202615.603824526@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=helmut.schaa@googlemail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=mkl@blackshift.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).