diff options
author | Rafał Miłecki <zajec5@gmail.com> | 2016-09-29 14:59:38 +0200 |
---|---|---|
committer | Zoltan HERPAI <wigyori@uid0.hu> | 2016-09-29 14:59:38 +0200 |
commit | f9755e28776fdce0c2136492b43380d0eefe3c5a (patch) | |
tree | 81b8f52e4cb211f6a7c9ddedcd4efb69ecabe1a1 /package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch | |
parent | bc004132213820368cc3af1e54e18f5cdb760972 (diff) | |
download | upstream-f9755e28776fdce0c2136492b43380d0eefe3c5a.tar.gz upstream-f9755e28776fdce0c2136492b43380d0eefe3c5a.tar.bz2 upstream-f9755e28776fdce0c2136492b43380d0eefe3c5a.zip |
mac80211: brcmfmac: backport changes from 2016-09-27
This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Diffstat (limited to 'package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch')
-rw-r--r-- | package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch b/package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch new file mode 100644 index 0000000000..9461164523 --- /dev/null +++ b/package/kernel/mac80211/patches/351-0040-brcmfmac-rework-pointer-trickery-in-brcmf_proto_bcdc.patch @@ -0,0 +1,32 @@ +From 704d1c6b56f4ee2ad6a5f012a72a278d17c1a223 Mon Sep 17 00:00:00 2001 +From: Arend Van Spriel <arend.vanspriel@broadcom.com> +Date: Mon, 19 Sep 2016 12:09:52 +0100 +Subject: [PATCH] brcmfmac: rework pointer trickery in + brcmf_proto_bcdc_query_dcmd() + +The variable info is assigned to point to bcdc->msg[1], which is the +same as pointing to bcdc->buf. As that is what we want to access +make it clear by fixing the assignment. This also avoid out-of-bounds +errors from static analyzers are bcdc->msg[1] is not in the structure +definition. + +Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com> +Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> +Reviewed-by: Franky Lin <franky.lin@broadcom.com> +Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com> +Signed-off-by: Kalle Valo <kvalo@codeaurora.org> +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c +@@ -194,7 +194,7 @@ retry: + } + + /* Check info buffer */ +- info = (void *)&msg[1]; ++ info = (void *)&bcdc->buf[0]; + + /* Copy info buffer */ + if (buf) { |