samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: dp_rx_null_q_desc_handle: drop if msdu_len > RX_BUFFER_SIZE

Browse Source 
In some cases, the msdu_len as retrieved fromm msdu_start TLV is
greater than RX_BUFFER_SIZE. In such cases, when qdf_nbuf_set_pktlen
is called, it will expand the skb to accommodate the bigger packet.
This makes the rx_tlv_hdr var invalid, since it continues to point to
the older skb->data. Access of this rx_tlv_hdr will cause exception.

Drop the packet if msdu_len > RX_BUFFER_SIZE. This is not expected while
reaping WBM RX Release ring.

Change-Id: I60890e4d3ee0afa451884d4df458eb50be280280
CRs-Fixed: 2426245
This commit is contained in:
Mohit Khanna
2019-04-02 14:43:10 -07:00
committed by nshrivas
parent 13da9a8463
commit f085b61b59
3 changed files with 81 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dp/wifi3.0/dp_main.c
View File

@@ -8904,12 +8904,14 @@ static void dp_txrx_path_stats(struct dp_soc *soc)
"raw packets %u msdus ( %llu bytes),",
pdev->stats.rx.raw.num,
pdev->stats.rx.raw.bytes);
DP_TRACE_STATS(INFO_HIGH, "dropped: error %u msdus",
DP_TRACE_STATS(INFO_HIGH, "mic errors %u",
pdev->stats.rx.err.mic_err);
DP_TRACE_STATS(INFO_HIGH, "Invalid peer on rx path: %u",
pdev->soc->stats.rx.err.rx_invalid_peer.num);
DP_TRACE_STATS(INFO_HIGH, "sw_peer_id invalid %u",
pdev->soc->stats.rx.err.rx_invalid_peer_id.num);
DP_TRACE_STATS(INFO_HIGH, "packet_len invalid %u",
pdev->soc->stats.rx.err.rx_invalid_pkt_len.num);
DP_TRACE_STATS(INFO_HIGH, "Reo Statistics");