diff options
| author | Wang Xuerui <wangxuerui@qiniu.com> | 2019-11-15 09:28:02 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-01-04 13:39:58 +0100 |
| commit | b5a56a8f0120662bb5e183099f17bf5a302e9edb (patch) | |
| tree | 51bf63ee93c0b6cf85688bc035ac6e76ac5a9c4a /drivers/net/wireless/intel/iwlwifi | |
| parent | d2d4a2f6dbe7439289567ab7889f67df88542385 (diff) | |
iwlwifi: mvm: fix unaligned read of rx_pkt_status
[ Upstream commit c5aaa8be29b25dfe1731e9a8b19fd91b7b789ee3 ]
This is present since the introduction of iwlmvm.
Example stack trace on MIPS:
[<ffffffffc0789328>] iwl_mvm_rx_rx_mpdu+0xa8/0xb88 [iwlmvm]
[<ffffffffc0632b40>] iwl_pcie_rx_handle+0x420/0xc48 [iwlwifi]
Tested with a Wireless AC 7265 for ~6 months, confirmed to fix the
problem. No other unaligned accesses are spotted yet.
Signed-off-by: Wang Xuerui <wangxuerui@qiniu.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/net/wireless/intel/iwlwifi')
| -rw-r--r-- | drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c index b78e60eb600f..d0aa4d0a5537 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c @@ -62,6 +62,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *****************************************************************************/ +#include <asm/unaligned.h> #include <linux/etherdevice.h> #include <linux/skbuff.h> #include "iwl-trans.h" @@ -289,7 +290,7 @@ void iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct napi_struct *napi, rx_res = (struct iwl_rx_mpdu_res_start *)pkt->data; hdr = (struct ieee80211_hdr *)(pkt->data + sizeof(*rx_res)); len = le16_to_cpu(rx_res->byte_count); - rx_pkt_status = le32_to_cpup((__le32 *) + rx_pkt_status = get_unaligned_le32((__le32 *) (pkt->data + sizeof(*rx_res) + len)); /* Dont use dev_alloc_skb(), we'll have enough headroom once |