[PATCH 3/3] rt2x00: Check for errors from skb_pad() calls
Stefan Bader
stefan.bader at canonical.com
Thu Feb 17 14:19:35 UTC 2011
On 02/16/2011 10:44 PM, Seth Forshee wrote:
> BugLink: http://bugs.launchpad.net/bugs/659143
>
> Commit 739fd94 ("rt2x00: Pad beacon to multiple of 32 bits")
> added calls to skb_pad() without checking the return value,
> which could cause problems if any of those calls does happen
> to fail. Add checks to prevent this from happening.
>
- (backported from d76dfc612b40b6a9de0a3fe57fe1fa3db7a1ae3b wireless-next-2.6)
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> Acked-by: Ivo van Doorn <IvDoorn at gmail.com>
> Signed-off-by: John W. Linville <linville at tuxdriver.com>
+ (backported from d76dfc612b40b6a9de0a3fe57fe1fa3db7a1ae3b wireless-next-2.6)
+ Signed-off-by: Seth ...
?
Generally I am in favour of waiting until everything hits upstream and then play
nice and try to get it into upstream stable (which has been become a bit harder
as one never knows exactly who that is for which kernel). Though this is a
regression and wireless-next should become soonish upstream. So
Acked-by: Stefan Bader <stefan.bader at canonical.com> (for all three)
> ---
> drivers/net/wireless/rt2x00/rt2800pci.c | 11 +++++++++--
> drivers/net/wireless/rt2x00/rt61pci.c | 11 +++++++++--
> 2 files changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/rt2x00/rt2800pci.c b/drivers/net/wireless/rt2x00/rt2800pci.c
> index 9ad676d..e13666e 100644
> --- a/drivers/net/wireless/rt2x00/rt2800pci.c
> +++ b/drivers/net/wireless/rt2x00/rt2800pci.c
> @@ -690,13 +690,14 @@ static void rt2800pci_write_beacon(struct queue_entry *entry,
> struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
> unsigned int beacon_base;
> unsigned int padding_len;
> - u32 reg;
> + u32 orig_reg, reg;
>
> /*
> * Disable beaconing while we are reloading the beacon data,
> * otherwise we might be sending out invalid data.
> */
> rt2800_register_read(rt2x00dev, BCN_TIME_CFG, ®);
> + orig_reg = reg;
> rt2x00_set_field32(®, BCN_TIME_CFG_BEACON_GEN, 0);
> rt2800_register_write(rt2x00dev, BCN_TIME_CFG, reg);
>
> @@ -710,7 +711,13 @@ static void rt2800pci_write_beacon(struct queue_entry *entry,
> * Write entire beacon with TXWI and padding to register.
> */
> padding_len = roundup(entry->skb->len, 4) - entry->skb->len;
> - skb_pad(entry->skb, padding_len);
> + if (padding_len && skb_pad(entry->skb, padding_len)) {
> + ERROR(rt2x00dev, "Failure padding beacon, aborting\n");
> + /* skb freed by skb_pad() on failure */
> + entry->skb = NULL;
> + rt2800_register_write(rt2x00dev, BCN_TIME_CFG, orig_reg);
> + return;
> + }
> beacon_base = HW_BEACON_OFFSET(entry->entry_idx);
> rt2800_register_multiwrite(rt2x00dev, beacon_base, entry->skb->data,
> entry->skb->len + padding_len);
> diff --git a/drivers/net/wireless/rt2x00/rt61pci.c b/drivers/net/wireless/rt2x00/rt61pci.c
> index 23bcb65..f4d1ec9 100644
> --- a/drivers/net/wireless/rt2x00/rt61pci.c
> +++ b/drivers/net/wireless/rt2x00/rt61pci.c
> @@ -1864,13 +1864,14 @@ static void rt61pci_write_beacon(struct queue_entry *entry,
> struct queue_entry_priv_pci *entry_priv = entry->priv_data;
> unsigned int beacon_base;
> unsigned int padding_len;
> - u32 reg;
> + u32 orig_reg, reg;
>
> /*
> * Disable beaconing while we are reloading the beacon data,
> * otherwise we might be sending out invalid data.
> */
> rt2x00pci_register_read(rt2x00dev, TXRX_CSR9, ®);
> + orig_reg = reg;
> rt2x00_set_field32(®, TXRX_CSR9_BEACON_GEN, 0);
> rt2x00pci_register_write(rt2x00dev, TXRX_CSR9, reg);
>
> @@ -1878,7 +1879,13 @@ static void rt61pci_write_beacon(struct queue_entry *entry,
> * Write entire beacon with descriptor and padding to register.
> */
> padding_len = roundup(entry->skb->len, 4) - entry->skb->len;
> - skb_pad(entry->skb, padding_len);
> + if (padding_len && skb_pad(entry->skb, padding_len)) {
> + ERROR(rt2x00dev, "Failure padding beacon, aborting\n");
> + /* skb freed by skb_pad() on failure */
> + entry->skb = NULL;
> + rt2x00pci_register_write(rt2x00dev, TXRX_CSR9, orig_reg);
> + return;
> + }
> beacon_base = HW_BEACON_OFFSET(entry->entry_idx);
> rt2x00pci_register_multiwrite(rt2x00dev, beacon_base,
> entry_priv->desc, TXINFO_SIZE);
More information about the kernel-team
mailing list