summaryrefslogtreecommitdiffstats
path: root/drivers/net/wireless/rt2x00/rt2800usb.c
diff options
context:
space:
mode:
authorGertjan van Wingerde <gwingerde@gmail.com>2010-06-03 10:51:45 +0200
committerIvo van Doorn <IvDoorn@gmail.com>2010-06-03 10:51:45 +0200
commit0b8004aa12d13ec750d102ba4082a95f0107c649 (patch)
treeeac5224159d34ae525b552254816c3a1e056336c /drivers/net/wireless/rt2x00/rt2800usb.c
parentbaaffe67b5b33e4215409669226ef623cb65e15c (diff)
rt2x00: Properly reserve room for descriptors in skbs.
Instead of fiddling with the skb->data pointer and thereby risking out of bounds accesses, properly reserve the space needed in an skb for descriptors. Signed-off-by: Gertjan van Wingerde <gwingerde@gmail.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Diffstat (limited to 'drivers/net/wireless/rt2x00/rt2800usb.c')
-rw-r--r--drivers/net/wireless/rt2x00/rt2800usb.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c
index d0d8060040b..ee407f13875 100644
--- a/drivers/net/wireless/rt2x00/rt2800usb.c
+++ b/drivers/net/wireless/rt2x00/rt2800usb.c
@@ -400,13 +400,14 @@ static void rt2800usb_write_tx_desc(struct rt2x00_dev *rt2x00dev,
struct txentry_desc *txdesc)
{
struct skb_frame_desc *skbdesc = get_skb_frame_desc(skb);
- __le32 *txi = (__le32 *)(skb->data - TXWI_DESC_SIZE - TXINFO_DESC_SIZE);
+ __le32 *txi = (__le32 *) skb->data;
+ __le32 *txwi = (__le32 *) (skb->data + TXINFO_DESC_SIZE);
u32 word;
/*
* Initialize TXWI descriptor
*/
- rt2800_write_txwi(skb, txdesc);
+ rt2800_write_txwi(txwi, txdesc);
/*
* Initialize TXINFO descriptor
@@ -426,6 +427,7 @@ static void rt2800usb_write_tx_desc(struct rt2x00_dev *rt2x00dev,
/*
* Register descriptor details in skb frame descriptor.
*/
+ skbdesc->flags |= SKBDESC_DESC_IN_SKB;
skbdesc->desc = txi;
skbdesc->desc_len = TXINFO_DESC_SIZE + TXWI_DESC_SIZE;
}
@@ -450,15 +452,22 @@ static void rt2800usb_write_beacon(struct queue_entry *entry,
rt2800_register_write(rt2x00dev, BCN_TIME_CFG, reg);
/*
+ * Add space for the TXWI in front of the skb.
+ */
+ skb_push(entry->skb, TXWI_DESC_SIZE);
+ memset(entry->skb, 0, TXWI_DESC_SIZE);
+
+ /*
* Register descriptor details in skb frame descriptor.
*/
- skbdesc->desc = entry->skb->data - TXWI_DESC_SIZE;
+ skbdesc->flags |= SKBDESC_DESC_IN_SKB;
+ skbdesc->desc = entry->skb->data;
skbdesc->desc_len = TXWI_DESC_SIZE;
/*
* Add the TXWI for the beacon to the skb.
*/
- rt2800_write_txwi(entry->skb, txdesc);
+ rt2800_write_txwi((__le32 *) entry->skb->data, txdesc);
/*
* Dump beacon to userspace through debugfs.
@@ -466,11 +475,6 @@ static void rt2800usb_write_beacon(struct queue_entry *entry,
rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
/*
- * Adjust skb to take TXWI into account.
- */
- skb_push(entry->skb, TXWI_DESC_SIZE);
-
- /*
* Write entire beacon with descriptor to register.
*/
beacon_base = HW_BEACON_OFFSET(entry->entry_idx);
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-14 01:17:29 +0000