From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Sasha Levin To: "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: Johannes Berg , Sasha Levin Subject: [PATCH AUTOSEL 4.18 38/76] mac80211: always account for A-MSDU header changes Date: Mon, 24 Sep 2018 14:48:24 +0000 Message-ID: <20180924144751.164410-37-alexander.levin@microsoft.com> References: <20180924144751.164410-1-alexander.levin@microsoft.com> In-Reply-To: <20180924144751.164410-1-alexander.levin@microsoft.com> Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: From: Johannes Berg [ Upstream commit aa58acf325b4aadeecae2bfc90658273b47dbace ] In the error path of changing the SKB headroom of the second A-MSDU subframe, we would not account for the already-changed length of the first frame that just got converted to be in A-MSDU format and thus is a bit longer now. Fix this by doing the necessary accounting. It would be possible to reorder the operations, but that would make the code more complex (to calculate the necessary pad), and the headroom expansion should not fail frequently enough to make that worthwhile. Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") Signed-off-by: Johannes Berg Acked-by: Lorenzo Bianconi Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/tx.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 1aac5e3c7eee..6ca0865de945 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -3239,7 +3239,7 @@ static bool ieee80211_amsdu_aggregate(struct ieee8021= 1_sub_if_data *sdata, =20 if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) + 2 + pad)) - goto out; + goto out_recalc; =20 ret =3D true; data =3D skb_push(skb, ETH_ALEN + 2); @@ -3256,11 +3256,13 @@ static bool ieee80211_amsdu_aggregate(struct ieee80= 211_sub_if_data *sdata, head->data_len +=3D skb->len; *frag_tail =3D skb; =20 - flow->backlog +=3D head->len - orig_len; - tin->backlog_bytes +=3D head->len - orig_len; - - fq_recalc_backlog(fq, tin, flow); +out_recalc: + if (head->len !=3D orig_len) { + flow->backlog +=3D head->len - orig_len; + tin->backlog_bytes +=3D head->len - orig_len; =20 + fq_recalc_backlog(fq, tin, flow); + } out: spin_unlock_bh(&fq->lock); =20 --=20 2.17.1