From: Chin-Ran Lo <crlo@xxxxxxxxxxx>
On PCIe Tx data path, network interface specific parameters
bss_num and bss_type are saved at "skb->cb + sizeof(dma_addr_t)"
(returned by MWIFIEX_SKB_TXCB). Later mwifiex_map_pci_memory()
called from mwifiex_pcie_send_data() will memcpy
sizeof(struct mwifiex_dma_mapping) bytes to save PCIe DMA
address and length information at beginning of skb->cb.
This accidently overwrites bss_num and bss_type saved in skb->cb
previously because bss_num/bss_type and mwifiex_dma_mapping data
overlap. Fix it by having MWIFIEX_SKB_TXCB return the correct
offset for bss_num and bss_type.
Cc: Aaron Durbin <adurbin@xxxxxxxxxxxx>
Signed-off-by: Chin-Ran Lo <crlo@xxxxxxxxxxx>
Signed-off-by: Bing Zhao <bzhao@xxxxxxxxxxx>
---
drivers/net/wireless/mwifiex/util.h | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/mwifiex/util.h b/drivers/net/wireless/mwifiex/util.h
index ddae570..2cde441 100644
--- a/drivers/net/wireless/mwifiex/util.h
+++ b/drivers/net/wireless/mwifiex/util.h
@@ -25,16 +25,17 @@ static inline struct mwifiex_rxinfo *MWIFIEX_SKB_RXCB(struct sk_buff *skb)
return (struct mwifiex_rxinfo *)(skb->cb + sizeof(dma_addr_t));
}
-static inline struct mwifiex_txinfo *MWIFIEX_SKB_TXCB(struct sk_buff *skb)
-{
- return (struct mwifiex_txinfo *)(skb->cb + sizeof(dma_addr_t));
-}
-
struct mwifiex_dma_mapping {
dma_addr_t addr;
size_t len;
};
+static inline struct mwifiex_txinfo *MWIFIEX_SKB_TXCB(struct sk_buff *skb)
+{
+ return (struct mwifiex_txinfo *)(skb->cb +
+ sizeof(struct mwifiex_dma_mapping));
+}
+
static inline void MWIFIEX_SKB_PACB(struct sk_buff *skb,
struct mwifiex_dma_mapping *mapping)
{
--
1.8.2.3
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
