From: Luciano Coelho <coelho@xxxxxx>
When allocating the fw_status structure, the space for the
lower-driver private area was missing. This was causing an illegal
write outside the allocated area, which was causing random oopses
around the kernel.
Signed-off-by: Luciano Coelho <coelho@xxxxxx>
Signed-off-by: Arik Nemtsov <arik@xxxxxxxxxx>
---
drivers/net/wireless/ti/wlcore/main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c
index 3e3dce9..2c78057 100644
--- a/drivers/net/wireless/ti/wlcore/main.c
+++ b/drivers/net/wireless/ti/wlcore/main.c
@@ -904,7 +904,8 @@ static void wl1271_fw_wakeup(struct wl1271 *wl)
static int wl1271_setup(struct wl1271 *wl)
{
wl->fw_status_1 = kmalloc(WLCORE_FW_STATUS_1_LEN(wl->num_rx_desc) +
- sizeof(*wl->fw_status_2), GFP_KERNEL);
+ sizeof(*wl->fw_status_2) +
+ wl->fw_status_priv_len, GFP_KERNEL);
if (!wl->fw_status_1)
return -ENOMEM;
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
