[012/145] iwlwifi: sanity check before counting number of tfds can be free

From: Greg KH
Date: Fri Mar 12 2010 - 19:54:32 EST

Next message: Greg KH: "[061/145] Staging: hv: add a pci device table"
Previous message: Greg KH: "[068/145] macintosh/hwmon/ams: Fix device removal sequence"
In reply to: Greg KH: "[068/145] macintosh/hwmon/ams: Fix device removal sequence"
Next in thread: Greg KH: "[061/145] Staging: hv: add a pci device table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.32-stable review patch. If anyone has any objections, please let me know.

----------------
From: Stanislaw Gruszka <sgruszka@xxxxxxxxxx>

commit a120e912eb51e347f36c71b60a1d13af74d30e83 upstream.

Check the frame control for ieee80211_is_data_qos() is true before
counting the number of tfds can be free, the tfds_in_queue only
increment when ieee80211_is_data_qos() is true before transmit; so it
should only decrement if the type match.

Remove ieee80211_is_data_qos check for frame_ctrl in tx_resp to avoid
invalid information pass from uCode.

Signed-off-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@xxxxxxxxx>
Signed-off-by: Reinette Chatre <reinette.chatre@xxxxxxxxx>
Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
drivers/net/wireless/iwlwifi/iwl-5000.c | 6 ++----
drivers/net/wireless/iwlwifi/iwl-tx.c | 5 +++++
2 files changed, 7 insertions(+), 4 deletions(-)

--- a/drivers/net/wireless/iwlwifi/iwl-5000.c
+++ b/drivers/net/wireless/iwlwifi/iwl-5000.c
@@ -1293,16 +1293,14 @@ static void iwl5000_rx_reply_tx(struct i
tx_resp->failure_frame);

freed = iwl_tx_queue_reclaim(priv, txq_id, index);
- if (ieee80211_is_data_qos(tx_resp->frame_ctrl))
- iwl_free_tfds_in_queue(priv, sta_id, tid, freed);
+ iwl_free_tfds_in_queue(priv, sta_id, tid, freed);

if (priv->mac80211_registered &&
(iwl_queue_space(&txq->q) > txq->q.low_mark))
iwl_wake_queue(priv, txq_id);
}

- if (ieee80211_is_data_qos(tx_resp->frame_ctrl))
- iwl_txq_check_empty(priv, sta_id, tid, txq_id);
+ iwl_txq_check_empty(priv, sta_id, tid, txq_id);

if (iwl_check_bits(status, TX_ABORT_REQUIRED_MSK))
IWL_ERR(priv, "TODO: Implement Tx ABORT REQUIRED!!!\n");
--- a/drivers/net/wireless/iwlwifi/iwl-tx.c
+++ b/drivers/net/wireless/iwlwifi/iwl-tx.c
@@ -1071,6 +1071,7 @@ int iwl_tx_queue_reclaim(struct iwl_priv
struct iwl_queue *q = &txq->q;
struct iwl_tx_info *tx_info;
int nfreed = 0;
+ struct ieee80211_hdr *hdr;

if ((index >= q->n_bd) || (iwl_queue_used(q, index) == 0)) {
IWL_ERR(priv, "Read index for DMA queue txq id (%d), index %d, "
@@ -1085,6 +1086,10 @@ int iwl_tx_queue_reclaim(struct iwl_priv

tx_info = &txq->txb[txq->q.read_ptr];
ieee80211_tx_status_irqsafe(priv->hw, tx_info->skb[0]);
+
+ hdr = (struct ieee80211_hdr *)tx_info->skb[0]->data;
+ if (hdr && ieee80211_is_data_qos(hdr->frame_control))
+ nfreed++;
tx_info->skb[0] = NULL;

if (priv->cfg->ops->lib->txq_inval_byte_cnt_tbl)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[061/145] Staging: hv: add a pci device table"
Previous message: Greg KH: "[068/145] macintosh/hwmon/ams: Fix device removal sequence"
In reply to: Greg KH: "[068/145] macintosh/hwmon/ams: Fix device removal sequence"
Next in thread: Greg KH: "[061/145] Staging: hv: add a pci device table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]