[PATCH AUTOSEL 5.7 144/388] staging: wfx: fix overflow in frame counters
From: Sasha Levin
Date: Wed Jun 17 2020 - 22:44:20 EST
From: JÃrÃme Pouiller <jerome.pouiller@xxxxxxxxxx>
[ Upstream commit 87066173e34b0ca5d041d5519e6bb030b1958184 ]
It has been reported that trying to send small packets of data could
produce a "inconsistent notification" warning.
It seems that in some circumstances, the number of frame queued in the
driver could greatly increase and exceed UCHAR_MAX. So the field
"buffered" from struct sta_priv can overflow.
Just increase the size of "bueffered" to fix the problem.
Fixes: 7d2d2bfdeb82 ("staging: wfx: relocate "buffered" information to sta_priv")
Signed-off-by: JÃrÃme Pouiller <jerome.pouiller@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20200427134031.323403-10-Jerome.Pouiller@xxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/staging/wfx/sta.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/wfx/sta.h b/drivers/staging/wfx/sta.h
index cf99a8a74a81..ace845f9ed14 100644
--- a/drivers/staging/wfx/sta.h
+++ b/drivers/staging/wfx/sta.h
@@ -37,7 +37,7 @@ struct wfx_grp_addr_table {
struct wfx_sta_priv {
int link_id;
int vif_id;
- u8 buffered[IEEE80211_NUM_TIDS];
+ int buffered[IEEE80211_NUM_TIDS];
// Ensure atomicity of "buffered" and calls to ieee80211_sta_set_buffered()
spinlock_t lock;
};
--
2.25.1