projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4d4b12b)
mt76: usb: do not build the skb if reported len does not fit in buf_size
authorLorenzo Bianconi <lorenzo.bianconi@redhat.com>
Sat, 1 Dec 2018 14:01:19 +0000 (15:01 +0100)
committerFelix Fietkau <nbd@nbd.name>
Fri, 11 Jan 2019 14:10:15 +0000 (15:10 +0100)
Precompute data length in order to avoid to allocate the related
skb data structure if reported length does not fit in queue buf_size

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
drivers/net/wireless/mediatek/mt76/usb.c patch | blob | history

diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c
index b061263..14ff06c 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/usb.c
@@ -407,17 +407,15 @@ mt76u_process_rx_entry(struct mt76_dev *dev, struct urb *urb)
        if (len < 0)
                return 0;
 
+       data_len = min_t(int, len, urb->sg[0].length - MT_DMA_HDR_LEN);
+       if (MT_DMA_HDR_LEN + data_len > SKB_WITH_OVERHEAD(q->buf_size))
+               return 0;
+
        skb = build_skb(data, q->buf_size);
        if (!skb)
                return 0;
 
-       data_len = min_t(int, len, urb->sg[0].length - MT_DMA_HDR_LEN);
        skb_reserve(skb, MT_DMA_HDR_LEN);
-       if (skb->tail + data_len > skb->end) {
-               dev_kfree_skb(skb);
-               return 1;
-       }
-
        __skb_put(skb, data_len);
        len -= data_len;