Re: [PATCH 1/3] staging: r8188eu: use a qos_hdr in validate_recv_data_frame

Martin Kaiser <martin@xxxxxxxxx> · Mon, 7 Nov 2022 21:27:44 +0100

Thus wrote Dan Carpenter (error27@xxxxxxxxx):

> On Sun, Nov 06, 2022 at 06:04:53PM +0100, Martin Kaiser wrote:
> > Define a struct ieee80211_qos_hdr in the validate_recv_data_frame
> > function. Use this struct to replace some numeric offsets and make the
> > code easier to understand.

> > Signed-off-by: Martin Kaiser <martin@xxxxxxxxx>
> > ---
> >  drivers/staging/r8188eu/core/rtw_recv.c | 9 +++++----
> >  1 file changed, 5 insertions(+), 4 deletions(-)

> > diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
> > index cb0f35d7ab98..245b931c483d 100644
> > --- a/drivers/staging/r8188eu/core/rtw_recv.c
> > +++ b/drivers/staging/r8188eu/core/rtw_recv.c
> > @@ -1032,7 +1032,6 @@ static int validate_recv_data_frame(struct adapter *adapter,
> >  				    struct recv_frame *precv_frame)
> >  {
> >  	struct sta_info *psta = NULL;
> > -	u8 *ptr = precv_frame->rx_data;
> >  	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)precv_frame->rx_data;
> >  	struct rx_pkt_attrib	*pattrib = &precv_frame->attrib;
> >  	struct security_priv	*psecuritypriv = &adapter->securitypriv;
> > @@ -1071,10 +1070,12 @@ static int validate_recv_data_frame(struct adapter *adapter,
> >  	pattrib->ack_policy = 0;
> >  	/* parsing QC field */
> >  	if (pattrib->qos) {
> > +		struct ieee80211_qos_hdr *qos_hdr = (struct ieee80211_qos_hdr *)hdr;
> > +
> >  		pattrib->priority = ieee80211_get_tid(hdr);
> > -		pattrib->ack_policy = GetAckpolicy((ptr + 24));
> > -		pattrib->amsdu = GetAMsdu((ptr + 24));
> > -		pattrib->hdrlen = 26;
>                                ^^^

> > +		pattrib->ack_policy = GetAckpolicy(&qos_hdr->qos_ctrl);
> > +		pattrib->amsdu = GetAMsdu(&qos_hdr->qos_ctrl);
> > +		pattrib->hdrlen += sizeof(*qos_hdr);
>                                ^^^^
> Why did this change from "=" to "+="?

Thanks a lot for spotting this, Dan!

I tried a couple of versions, some of which used +=. For the one I
submitted, this is wrong, of course.

All of pattrib is initialised to 0 in update_recvframe_attrib_88e and
pattrib->hdrlen is not updated until the assignment above. That's why
the += still works and testing didn't show the problem.

v2 is on the way...

Thanks again,

   Martin