projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 702143d) | patch
staging: wfx: fix possible panic with re-queued frames
authorJérôme Pouiller <jerome.pouiller@silabs.com>
Mon, 8 Feb 2021 13:52:54 +0000 (14:52 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 4 Mar 2021 10:37:28 +0000 (11:37 +0100)
commit6709f280e75da5699e16b955c8a211a9b8ba6b4d
tree87aa5032bff9b7e7978806652b8ba8e05bf86092tree | snapshot
parent702143d1de99a0a0893cb3fc19134d78c22d4421commit | diff
staging: wfx: fix possible panic with re-queued frames

[ Upstream commit 26df933d9b83ea668304dc4ec641d52ea1fc4091 ]

When the firmware rejects a frame (because station become asleep or
disconnected), the frame is re-queued in mac80211. However, the
re-queued frame was 8 bytes longer than the original one (the size of
the ICV for the encryption). So, when mac80211 try to send this frame
again, it is a little bigger than expected.
If the frame is re-queued secveral time it end with a skb_over_panic
because the skb buffer is not large enough.

Note it only happens when device acts as an AP and encryption is
enabled.

This patch more or less reverts the commit 049fde130419 ("staging: wfx:
drop useless field from struct wfx_tx_priv").

Fixes: 049fde130419 ("staging: wfx: drop useless field from struct wfx_tx_priv")
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20210208135254.399964-1-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/staging/wfx/data_tx.c diff | blob | history
drivers/staging/wfx/data_tx.h diff | blob | history