Search Linux Wireless

Re: [PATCH V2] rtlwifi: rtl_pci: Fix problem of too small skb->len

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Larry Finger <Larry.Finger@xxxxxxxxxxxx> writes:

> In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap
> only"), buffers whose length is too short cause a WARN_ON(1) to be
> executed. This change exposed a fault in rtlwifi drivers, which is fixed
> by increasing the length of the affected buffer before it is sent to
> mac80211.

With what frames, or in what scenarios, do you get these warnings?

> Cc: Stable <stable@xxxxxxxxxxxxxxx> # v5.0+
> Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
> ---
> V2 - added missing usage of new len
> ---
> Please Apply to 5.4
> ---
>  drivers/net/wireless/realtek/rtlwifi/pci.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c b/drivers/net/wireless/realtek/rtlwifi/pci.c
> index 6087ec7a90a6..3e9185162e51 100644
> --- a/drivers/net/wireless/realtek/rtlwifi/pci.c
> +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c
> @@ -692,12 +692,15 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw *hw,
>  		dev_kfree_skb_any(skb);
>  	} else {
>  		struct sk_buff *uskb = NULL;
> +		int len = skb->len;
>  
> +		if (unlikely(len <= FCS_LEN))
> +			len = FCS_LEN + 2;

I don't understand this change, I think this needs a comment in the
code, or better yet a proper define documenting the meaning of the
value. What does these two bytes contain? Or are you just working around
the mac80211 warning by increasing the length with a random value you
chose?

-- 
Kalle Valo



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux