> --- wireless-testing.orig/drivers/net/wireless/iwlwifi/iwl-5000-hw.h 2008-10-06 18:09:21.375233932 +0200
> +++ wireless-testing/drivers/net/wireless/iwlwifi/iwl-5000-hw.h 2008-10-06 18:32:50.180236365 +0200
> @@ -84,46 +84,43 @@
> #define IWL50_NUM_AMPDU_QUEUES 10
> #define IWL50_FIRST_AMPDU_QUEUE 10
>
> -#define IWL_sta_id_POS 12
> -#define IWL_sta_id_LEN 4
> -#define IWL_sta_id_SYM val
> -
> /* Fixed (non-configurable) rx data from phy */
>
> /* Base physical address of iwl5000_shared is provided to SCD_DRAM_BASE_ADDR
> * and &iwl5000_shared.val0 is provided to FH_RSCSR_CHNL0_STTS_WPTR_REG */
> struct iwl5000_sched_queue_byte_cnt_tbl {
> - struct iwl4965_queue_byte_cnt_entry tfd_offset[IWL50_QUEUE_SIZE +
> - IWL50_MAX_WIN_SIZE];
> + /* highest 4 bits of each entry are sta ID */
> + __le16 _tfd_offset[IWL50_QUEUE_SIZE + IWL50_MAX_WIN_SIZE];
> } __attribute__ ((packed));
>
> +static inline void
> +iwl5000_queue_byte_cnt_set(struct iwl5000_sched_queue_byte_cnt_tbl *tbl,
> + u32 idx, u16 cnt)
> +{
> + BUG_ON(idx >= IWL50_QUEUE_SIZE + IWL50_MAX_WIN_SIZE);
I just hit that BUG_ON, which means that something is passing a bogus
value in. If I'm right and this isn't a bug in my patch (I cannot see
how it should be) then it means that will corrupt memory silently
without my patch. FWIW, the index is 511, which is totally wrong, being
called from iwl5000_txq_inval_byte_cnt_tbl.
I'd much appreciate if somebody would review this patch. I think it's
right and the added sanity check blows up because of other bugs, but
obviously I cannot guarantee that I didn't make a stupid mistake.
johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
