samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Use correct skb headroom size to update radiotap header

Browse Source 
Size of rx_pkt_hdr tlv structure is used to check if there is enough
space in the SKB to add radiotap header.
The issue is seen due to a single SKB can hold the multiple TLVs and
the next subsequent SKB has the data. In this case, there is no headroom
available in the second SKB. Therefore crash seen while adding the
radiotap header in the second SKB.

To fix this issue, check if the SKB has enough headroom space. If not,
drop the frame.

Change-Id: Icd11f946c0aee974dde2ef21f59cfe3d8b87fa5d
CRs-Fixed: 2480719
This commit is contained in:
Shashikala Prabhu
2019-07-16 15:42:03 +05:30
committed by nshrivas
parent f76d6062ce
commit 0843438590
4 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
dp/wifi3.0/dp_rx_mon_status.c
View File

@@ -509,8 +509,12 @@ dp_rx_handle_smart_mesh_mode(struct dp_soc *soc, struct dp_pdev *pdev,
/* Only retain RX MSDU payload in the skb */
qdf_nbuf_trim_tail(nbuf, qdf_nbuf_len(nbuf) -
ppdu_info->msdu_info.payload_len);
qdf_nbuf_update_radiotap(&(pdev->ppdu_info.rx_status),
nbuf, sizeof(struct rx_pkt_tlvs));
if (!qdf_nbuf_update_radiotap(&pdev->ppdu_info.rx_status, nbuf,
qdf_nbuf_headroom(nbuf))) {
DP_STATS_INC(pdev, dropped.mon_radiotap_update_err, 1);
return 1;
}
pdev->monitor_vdev->osif_rx_mon(pdev->monitor_vdev->osif_vdev,
nbuf, NULL);
pdev->ppdu_info.rx_status.monitor_direct_used = 0;