korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-15 10:24:44 +08:00
Code Issues Packages Projects Releases Wiki Activity
c3594559f4
linux/drivers/net/wireless
History
Yan-Hsuan Chuang c3594559f4 rtw88: fix beaconing mode rsvd_page memory violation issue 
When downloading the reserved page, the first page always contains
a beacon for the firmware to reference. For non-beaconing modes such
as station mode, also put a blank skb with length=1.

And for the beaconing modes, driver will get a real beacon with a
length approximate to the page size. But as the beacon is always put
at the first page, it does not need a tx_desc, because the TX path
will generate one when TXing the reserved page to the hardware. So we
could allocate a buffer with a size smaller than the reserved page,
when using memcpy() to copy the content of reserved page to the buffer,
the over-sized reserved page will violate the kernel memory.

To fix it, add the tx_desc before memcpy() the reserved packets to
the buffer, then we can get SKBs with correct length when counting
the pages in total. And for page 0, count the extra tx_desc_sz that
the TX path will generate. This way, the first beacon that allocated
without tx_desc can be counted with the extra tx_desc_sz to get
actual pages it requires.

Fixes: e3037485c6 ("rtw88: new Realtek 802.11ac driver")
Signed-off-by: Yan-Hsuan Chuang <yhchuang@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-10-04 16:45:00 +03:00
..
admtek treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 501 2019-06-19 17:09:56 +02:00
ath Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git 2019-10-03 16:39:51 +03:00
atmel drivers: net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
broadcom brcmsmac: remove duplicated if condition 2019-10-01 12:14:46 +03:00
cisco airo: fix memory leaks 2019-09-03 16:39:33 +03:00
intel Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-28 17:47:33 -07:00
intersil hostap: use %*ph to print small buffer 2019-09-06 17:12:02 +03:00
marvell mwifiex: use 'total_ie_len' in mwifiex_update_bss_desc_with_ie() 2019-10-01 12:22:36 +03:00
mediatek mt7601u: fix bbp version check in mt7601u_wait_bbp_ready 2019-10-01 12:19:20 +03:00
quantenna qtnfmac_pcie: Use dev_get_drvdata 2019-08-06 15:33:52 +03:00
ralink drivers: net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
realtek rtw88: fix beaconing mode rsvd_page memory violation issue 2019-10-04 16:45:00 +03:00
rsi rsi: release skb if rsi_prepare_beacon fails 2019-10-01 12:18:48 +03:00
st cw1200: Fix a signedness bug in cw1200_load_firmware() 2019-10-02 07:34:51 +03:00
ti net/wireless: Use kmemdup rather than duplicating its implementation 2019-10-02 07:16:10 +03:00
zydas zd1211rw: zd_usb: Use "%zu" to format size_t 2019-09-21 08:57:35 +03:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mac80211_hwsim.c mac80211_hwsim: Register support for HE meshpoint 2019-09-11 09:33:29 +02:00
mac80211_hwsim.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile
ray_cs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 416 2019-06-05 17:37:15 +02:00
ray_cs.h
rayctl.h
rndis_wlan.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
virt_wifi.c timekeeping: Use proper clock specifier names in functions 2019-06-22 12:11:27 +02:00
wl3501_cs.c wl3501_cs: remove redundant variable rc 2019-07-24 14:45:24 +03:00
wl3501.h