From: Stone Piao Date: Thu, 23 Aug 2012 03:26:31 +0000 (-0700) Subject: mwifiex: fix skb length issue when send a command to firmware X-Git-Tag: firefly_0821_release~3680^2~2095^2~22^2~17 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=da25186fc605af8ad636073621fa326fbc23a130;p=firefly-linux-kernel-4.4.55.git mwifiex: fix skb length issue when send a command to firmware When we send a command to firmware, we assumed that cmd_size will be always less than or equal to the structure size of host_cmd_ds_command. However, this is no longer true after we added AP support. There are some AP commands that Custom IE TLVs are included in command buffer, hence the cmd_size gets enlarged by the TLV data. We need to increase the skb length for the extra data. Signed-off-by: Stone Piao Signed-off-by: Avinash Patil Signed-off-by: Amitkumar Karwar Signed-off-by: Bing Zhao Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/mwifiex/cmdevt.c b/drivers/net/wireless/mwifiex/cmdevt.c index c68adec3cc8b..565527aee0ea 100644 --- a/drivers/net/wireless/mwifiex/cmdevt.c +++ b/drivers/net/wireless/mwifiex/cmdevt.c @@ -170,7 +170,20 @@ static int mwifiex_dnld_cmd_to_fw(struct mwifiex_private *priv, cmd_code = le16_to_cpu(host_cmd->command); cmd_size = le16_to_cpu(host_cmd->size); - skb_trim(cmd_node->cmd_skb, cmd_size); + /* Adjust skb length */ + if (cmd_node->cmd_skb->len > cmd_size) + /* + * cmd_size is less than sizeof(struct host_cmd_ds_command). + * Trim off the unused portion. + */ + skb_trim(cmd_node->cmd_skb, cmd_size); + else if (cmd_node->cmd_skb->len < cmd_size) + /* + * cmd_size is larger than sizeof(struct host_cmd_ds_command) + * because we have appended custom IE TLV. Increase skb length + * accordingly. + */ + skb_put(cmd_node->cmd_skb, cmd_size - cmd_node->cmd_skb->len); do_gettimeofday(&tstamp); dev_dbg(adapter->dev, "cmd: DNLD_CMD: (%lu.%lu): %#x, act %#x, len %d,"