From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Marc Kleine-Budde <mkl@blackshift.org>,
Helmut Schaa <helmut.schaa@googlemail.com>,
"John W. Linville" <linville@tuxdriver.com>
Subject: [ 20/36] ath9k_htc: Restore skb headroom when returning skb to mac80211
Date: Thu, 5 Sep 2013 13:27:49 -0700 [thread overview]
Message-ID: <20130905202704.645810329@linuxfoundation.org> (raw)
In-Reply-To: <20130905202702.289738686@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helmut Schaa <helmut.schaa@googlemail.com>
commit d2e9fc141e2aa21f4b35ee27072d84e9aa6e2ba0 upstream.
ath9k_htc adds padding between the 802.11 header and the payload during
TX by moving the header. When handing the frame back to mac80211 for TX
status handling the header is not moved back into its original position.
This can result in a too small skb headroom when entering ath9k_htc
again (due to a soft retransmission for example) causing an
skb_under_panic oops.
Fix this by moving the 802.11 header back into its original position
before returning the frame to mac80211 as other drivers like rt2x00
or ath5k do.
Reported-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Tested-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: Marc Kleine-Budde <mkl@blackshift.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -448,6 +448,7 @@ static void ath9k_htc_tx_process(struct
struct ieee80211_conf *cur_conf = &priv->hw->conf;
bool txok;
int slot;
+ int hdrlen, padsize;
slot = strip_drv_header(priv, skb);
if (slot < 0) {
@@ -504,6 +505,15 @@ send_mac80211:
ath9k_htc_tx_clear_slot(priv, slot);
+ /* Remove padding before handing frame back to mac80211 */
+ hdrlen = ieee80211_get_hdrlen_from_skb(skb);
+
+ padsize = hdrlen & 3;
+ if (padsize && skb->len > hdrlen + padsize) {
+ memmove(skb->data + padsize, skb->data, hdrlen);
+ skb_pull(skb, padsize);
+ }
+
/* Send status to mac80211 */
ieee80211_tx_status(priv->hw, skb);
}
next prev parent reply other threads:[~2013-09-05 20:27 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-05 20:27 [ 00/36] 3.10.11-stable review Greg Kroah-Hartman
2013-09-05 20:27 ` [ 01/36] drm/nouveau/mc: fix race condition between constructor and request_irq() Greg Kroah-Hartman
2013-09-05 20:27 ` [ 02/36] jfs: fix readdir cookie incompatibility with NFSv4 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 03/36] ALSA: hda - Fix NULL dereference with CONFIG_SND_DYNAMIC_MINORS=n Greg Kroah-Hartman
2013-09-05 20:27 ` [ 04/36] ALSA: hda - Add inverted digital mic fixup for Acer Aspire One Greg Kroah-Hartman
2013-09-05 20:27 ` [ 05/36] ALSA: opti9xx: Fix conflicting driver object name Greg Kroah-Hartman
2013-09-05 20:27 ` [ 06/36] powerpc: Work around gcc miscompilation of __pa() on 64-bit Greg Kroah-Hartman
2013-09-05 20:27 ` [ 07/36] powerpc: Dont Oops when accessing /proc/powerpc/lparcfg without hypervisor Greg Kroah-Hartman
2013-09-05 20:27 ` [ 08/36] powerpc/hvsi: Increase handshake timeout from 200ms to 400ms Greg Kroah-Hartman
2013-09-05 20:27 ` [ 09/36] SCSI: pm80xx: fix Adaptec 71605H hang Greg Kroah-Hartman
2013-09-05 20:27 ` [ 10/36] regmap: Add another missing header for !CONFIG_REGMAP stubs Greg Kroah-Hartman
2013-09-05 20:27 ` [ 11/36] timer_list: correct the iterator for timer_list Greg Kroah-Hartman
2013-09-05 20:27 ` [ 12/36] IPC: bugfix for msgrcv with msgtyp < 0 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 13/36] drivers/base/memory.c: fix show_mem_removable() to handle missing sections Greg Kroah-Hartman
2013-09-05 20:27 ` [ 14/36] memcg: check that kmem_cache has memcg_params before accessing it Greg Kroah-Hartman
2013-09-05 20:27 ` [ 15/36] workqueue: cond_resched() after processing each work item Greg Kroah-Hartman
2013-09-05 20:27 ` [ 16/36] drm/vmwgfx: Split GMR2_REMAP commands if they are to large Greg Kroah-Hartman
2013-09-05 20:27 ` [ 17/36] drm/i915: ivb: fix edp voltage swing reg val Greg Kroah-Hartman
2013-09-05 20:27 ` [ 18/36] SUNRPC: Fix memory corruption issue on 32-bit highmem systems Greg Kroah-Hartman
2013-09-05 20:27 ` [ 19/36] x86/mm: Fix boot crash with DEBUG_PAGE_ALLOC=y and more than 512G RAM Greg Kroah-Hartman
2013-09-05 20:27 ` Greg Kroah-Hartman [this message]
2013-09-05 20:27 ` [ 21/36] ath9k: Enable PLL fix only for AR9340/AR9330 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 22/36] mac80211: add missing channel context release Greg Kroah-Hartman
2013-09-05 20:27 ` [ 23/36] mac80211: add a flag to indicate CCK support for HT clients Greg Kroah-Hartman
2013-09-05 20:27 ` [ 24/36] iwl4965: fix rfkill set state regression Greg Kroah-Hartman
2013-09-05 20:27 ` [ 25/36] target: Fix trailing ASCII space usage in INQUIRY vendor+model Greg Kroah-Hartman
2013-09-05 20:27 ` [ 26/36] iscsi-target: Fix ImmediateData=Yes failure regression in >= v3.10 Greg Kroah-Hartman
2013-09-05 20:27 ` [ 27/36] iscsi-target: Fix iscsit_transport reference leak during NP thread reset Greg Kroah-Hartman
2013-09-05 20:27 ` [ 28/36] iscsi-target: Fix potential NULL pointer in solicited NOPOUT reject Greg Kroah-Hartman
2013-09-05 20:27 ` [ 29/36] mei: me: fix hardware reset flow Greg Kroah-Hartman
2013-09-05 20:27 ` [ 30/36] usb: acm gadget: Null termintate strings table Greg Kroah-Hartman
2013-09-05 20:28 ` [ 31/36] hwmon: (k10temp) Add support for Fam16h (Kabini) Greg Kroah-Hartman
2013-09-05 20:28 ` [ 32/36] ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT Greg Kroah-Hartman
2013-09-05 20:28 ` [ 33/36] drivers/misc/hpilo: Correct panic when an AUX iLO is detected Greg Kroah-Hartman
2013-09-05 20:28 ` [ 34/36] xen/arm: missing put_cpu in xen_percpu_init Greg Kroah-Hartman
2013-09-05 20:28 ` [ 35/36] imx-drm: imx-drm-core: Export imx_drm_encoder_get_mux_id Greg Kroah-Hartman
2013-09-05 20:28 ` [ 36/36] regmap: rbtree: Fix overlapping rbnodes Greg Kroah-Hartman
2013-09-05 22:59 ` [ 00/36] 3.10.11-stable review Guenter Roeck
2013-09-06 16:40 ` Greg Kroah-Hartman
2013-09-06 17:36 ` Shuah Khan
2013-09-06 18:45 ` Greg Kroah-Hartman
2013-09-06 18:48 ` Shuah Khan
2013-09-06 22:08 ` Olof Johansson
2013-09-06 22:20 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130905202704.645810329@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=helmut.schaa@googlemail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=mkl@blackshift.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).