qcacmn: fix invalid accessing to rx_tlv_hdr due to scattered msdu
long length msdu is received and looks this msdu is spread across multiple nbufs, there is no corresbonding logic for this case. qdf_set_pkt_len will invoke pskb_expand_head to renew skb->head buffer, but the rx_tlv_hdr is still pointed to original skb->data buffer, invalid accessing will happen. As a WAR, drop this msdu related nbufs after dp_rx_sg_create is done. Change-Id: Iceb09fd04e4d768325018a8ddd4261ab4f75991a CRs-Fixed: 2597927
This commit is contained in:
@@ -497,14 +497,13 @@ dp_rx_wbm_err_process(struct dp_intr *int_ctx, struct dp_soc *soc,
|
||||
* dp_rx_sg_create() - create a frag_list for MSDUs which are spread across
|
||||
* multiple nbufs.
|
||||
* @nbuf: pointer to the first msdu of an amsdu.
|
||||
* @rx_tlv_hdr: pointer to the start of RX TLV headers.
|
||||
*
|
||||
* This function implements the creation of RX frag_list for cases
|
||||
* where an MSDU is spread across multiple nbufs.
|
||||
*
|
||||
* Return: returns the head nbuf which contains complete frag_list.
|
||||
*/
|
||||
qdf_nbuf_t dp_rx_sg_create(qdf_nbuf_t nbuf, uint8_t *rx_tlv_hdr);
|
||||
qdf_nbuf_t dp_rx_sg_create(qdf_nbuf_t nbuf);
|
||||
|
||||
/*
|
||||
* dp_rx_desc_pool_alloc() - create a pool of software rx_descs
|
||||
|
Reference in New Issue
Block a user