首頁 探索 說明
註冊 登入
phyus
/
linux-vybrid_public
8
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

iwlwifi: sanity check before counting number of tfds can be free

Check the frame control for ieee80211_is_data_qos() is true before
counting the number of tfds can be free, the tfds_in_queue only
increment when ieee80211_is_data_qos() is true before transmit; so it
should only decrement if the type match.

Remove ieee80211_is_data_qos check for frame_ctrl in tx_resp to avoid
invalid information pass from uCode.

Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
CC: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Stanislaw Gruszka 15 年之前
父節點
a239a8b47c
當前提交
a120e912eb
共有 2 個文件被更改,包括 7 次插入5 次删除
分割檢視 顯示文件統計
  1. 2 4
      drivers/net/wireless/iwlwifi/iwl-5000.c
  2. 5 1
      drivers/net/wireless/iwlwifi/iwl-tx.c

+ 2 - 4
drivers/net/wireless/iwlwifi/iwl-5000.c
查看文件 

@@ -1153,16 +1153,14 @@ static void iwl5000_rx_reply_tx(struct iwl_priv *priv,
 
 				   tx_resp->failure_frame);
 
 
 		freed = iwl_tx_queue_reclaim(priv, txq_id, index);
 
-		if (ieee80211_is_data_qos(tx_resp->frame_ctrl))
 
-			iwl_free_tfds_in_queue(priv, sta_id, tid, freed);
 
+		iwl_free_tfds_in_queue(priv, sta_id, tid, freed);
 
 
 		if (priv->mac80211_registered &&
 
 		    (iwl_queue_space(&txq->q) > txq->q.low_mark))
 
 			iwl_wake_queue(priv, txq_id);
 
 	}
 
 
-	if (ieee80211_is_data_qos(tx_resp->frame_ctrl))
 
-		iwl_txq_check_empty(priv, sta_id, tid, txq_id);
 
+	iwl_txq_check_empty(priv, sta_id, tid, txq_id);
 
 
 	if (iwl_check_bits(status, TX_ABORT_REQUIRED_MSK))
 
 		IWL_ERR(priv, "TODO:  Implement Tx ABORT REQUIRED!!!\n");

+ 5 - 1
drivers/net/wireless/iwlwifi/iwl-tx.c
查看文件 

@@ -1145,6 +1145,7 @@ int iwl_tx_queue_reclaim(struct iwl_priv *priv, int txq_id, int index)
 
 	struct iwl_queue *q = &txq->q;
 
 	struct iwl_tx_info *tx_info;
 
 	int nfreed = 0;
 
+	struct ieee80211_hdr *hdr;
 
 
 	if ((index >= q->n_bd) || (iwl_queue_used(q, index) == 0)) {
 
 		IWL_ERR(priv, "Read index for DMA queue txq id (%d), index %d, "
 
@@ -1159,13 +1160,16 @@ int iwl_tx_queue_reclaim(struct iwl_priv *priv, int txq_id, int index)
 
 
 		tx_info = &txq->txb[txq->q.read_ptr];
 
 		iwl_tx_status(priv, tx_info->skb[0]);
 
+
 
+		hdr = (struct ieee80211_hdr *)tx_info->skb[0]->data;
 
+		if (hdr && ieee80211_is_data_qos(hdr->frame_control))
 
+			nfreed++;
 
 		tx_info->skb[0] = NULL;
 
 
 		if (priv->cfg->ops->lib->txq_inval_byte_cnt_tbl)
 
 			priv->cfg->ops->lib->txq_inval_byte_cnt_tbl(priv, txq);
 
 
 		priv->cfg->ops->lib->txq_free_tfd(priv, txq);
 
-		nfreed++;
 
 	}
 
 	return nfreed;
 
 }