From: Victor Goldenshtein <victorg@xxxxxx>
The fw_status wasn't zeroed during allocation, resulting
in uninitialized var usage, and finally causing AP
traffic stop after recovery.
The wrong value in fw_status_2->counters.tx_lnk_free_pkts
led to a bad lnk->allocated_pkts calculation in
wlcore_fw_status(), causing wl18xx_lnk_low_prio() to return
FALSE (lnk->allocated_pkts > thold).
This eventually blocked the link in wlcore_tx_work_locked(),
as wl1271_skb_dequeue() continuously returned NULL.
Fix it by zeroing wl->fw_status_1/2 during allocation.
Signed-off-by: Victor Goldenshtein <victorg@xxxxxx>
Signed-off-by: Eliad Peller <eliad@xxxxxxxxxx>
---
drivers/net/wireless/ti/wlcore/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c
index ecbbd38..2537391 100644
--- a/drivers/net/wireless/ti/wlcore/main.c
+++ b/drivers/net/wireless/ti/wlcore/main.c
@@ -970,7 +970,7 @@ static int wlcore_fw_wakeup(struct wl1271 *wl)
static int wl1271_setup(struct wl1271 *wl)
{
- wl->fw_status_1 = kmalloc(WLCORE_FW_STATUS_1_LEN(wl->num_rx_desc) +
+ wl->fw_status_1 = kzalloc(WLCORE_FW_STATUS_1_LEN(wl->num_rx_desc) +
sizeof(*wl->fw_status_2) +
wl->fw_status_priv_len, GFP_KERNEL);
if (!wl->fw_status_1)
@@ -980,7 +980,7 @@ static int wl1271_setup(struct wl1271 *wl)
(((u8 *) wl->fw_status_1) +
WLCORE_FW_STATUS_1_LEN(wl->num_rx_desc));
- wl->tx_res_if = kmalloc(sizeof(*wl->tx_res_if), GFP_KERNEL);
+ wl->tx_res_if = kzalloc(sizeof(*wl->tx_res_if), GFP_KERNEL);
if (!wl->tx_res_if) {
kfree(wl->fw_status_1);
return -ENOMEM;
--
1.8.1.2
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
