MLK-21161-01 brcmfmac: To fix kernel crash on out of boundary access

To trunkcate the addtional bytes, if extra bytes are received.
Current code only have a warning and proceed without handling it.
But in one crash dump reported by DVT, these causes the
crash intermittently. So the processing is limit to the skb->len.

Signed-off-by: Raveendran Somu <raveendran.somu@cypress.com>
Signed-off-by: Fugang Duan <fugang.duan@nxp.com>
(cherry picked from commit f7112c027e0c7447b05474b72934589bbbb8e298)

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
index f8079ca..fde9bb5 100644 (file)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -1868,6 +1868,9 @@ void brcmf_fws_hdrpull(struct brcmf_if *ifp, s16 siglen, struct sk_buff *skb)
 
        WARN_ON(siglen > skb->len);
 
+       if (siglen > skb->len)
+               siglen = skb->len;
+
        if (!siglen)
                return;
        /* if flow control disabled, skip to packet data and leave */