[PATCH AUTOSEL 5.7 196/274] mt76: avoid rx reorder buffer overflow

From: Sasha Levin
Date: Mon Jun 08 2020 - 20:50:55 EST

Next message: Sasha Levin: "[PATCH AUTOSEL 5.7 194/274] mt76: mt7615: fix mt7615_firmware_own for mt7663e"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.7 142/274] net/mlx5e: CT: Avoid false warning about rule may be used uninitialized"
In reply to: Sasha Levin: "[PATCH AUTOSEL 5.7 142/274] net/mlx5e: CT: Avoid false warning about rule may be used uninitialized"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 5.7 194/274] mt76: mt7615: fix mt7615_firmware_own for mt7663e"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ryder Lee <ryder.lee@xxxxxxxxxxxx>

[ Upstream commit 7c4f744d6703757be959f521a7a441bf34745d99 ]

Enlarge slot to support 11ax 256 BA (256 MPDUs in an AMPDU)

Signed-off-by: Chih-Min Chen <chih-min.chen@xxxxxxxxxxxx>
Signed-off-by: Ryder Lee <ryder.lee@xxxxxxxxxxxx>
Signed-off-by: Felix Fietkau <nbd@xxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/net/wireless/mediatek/mt76/agg-rx.c | 8 ++++----
drivers/net/wireless/mediatek/mt76/mt76.h | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/agg-rx.c b/drivers/net/wireless/mediatek/mt76/agg-rx.c
index f77f03530259..acdbe6f8248d 100644
--- a/drivers/net/wireless/mediatek/mt76/agg-rx.c
+++ b/drivers/net/wireless/mediatek/mt76/agg-rx.c
@@ -152,8 +152,8 @@ void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames)
struct ieee80211_sta *sta;
struct mt76_rx_tid *tid;
bool sn_less;
- u16 seqno, head, size;
- u8 ackp, idx;
+ u16 seqno, head, size, idx;
+ u8 ackp;

__skb_queue_tail(frames, skb);

@@ -239,7 +239,7 @@ void mt76_rx_aggr_reorder(struct sk_buff *skb, struct sk_buff_head *frames)
}

int mt76_rx_aggr_start(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tidno,
- u16 ssn, u8 size)
+ u16 ssn, u16 size)
{
struct mt76_rx_tid *tid;

@@ -264,7 +264,7 @@ EXPORT_SYMBOL_GPL(mt76_rx_aggr_start);

static void mt76_rx_aggr_shutdown(struct mt76_dev *dev, struct mt76_rx_tid *tid)
{
- u8 size = tid->size;
+ u16 size = tid->size;
int i;

spin_lock_bh(&tid->lock);
diff --git a/drivers/net/wireless/mediatek/mt76/mt76.h b/drivers/net/wireless/mediatek/mt76/mt76.h
index 8e4759bc8f59..37641ad14d49 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76.h
+++ b/drivers/net/wireless/mediatek/mt76/mt76.h
@@ -241,8 +241,8 @@ struct mt76_rx_tid {
struct delayed_work reorder_work;

u16 head;
- u8 size;
- u8 nframes;
+ u16 size;
+ u16 nframes;

u8 num;

@@ -788,7 +788,7 @@ int mt76_get_survey(struct ieee80211_hw *hw, int idx,
void mt76_set_stream_caps(struct mt76_dev *dev, bool vht);

int mt76_rx_aggr_start(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tid,
- u16 ssn, u8 size);
+ u16 ssn, u16 size);
void mt76_rx_aggr_stop(struct mt76_dev *dev, struct mt76_wcid *wcid, u8 tid);

void mt76_wcid_key_setup(struct mt76_dev *dev, struct mt76_wcid *wcid,
--
2.25.1

Next message: Sasha Levin: "[PATCH AUTOSEL 5.7 194/274] mt76: mt7615: fix mt7615_firmware_own for mt7663e"
Previous message: Sasha Levin: "[PATCH AUTOSEL 5.7 142/274] net/mlx5e: CT: Avoid false warning about rule may be used uninitialized"
In reply to: Sasha Levin: "[PATCH AUTOSEL 5.7 142/274] net/mlx5e: CT: Avoid false warning about rule may be used uninitialized"
Next in thread: Sasha Levin: "[PATCH AUTOSEL 5.7 194/274] mt76: mt7615: fix mt7615_firmware_own for mt7663e"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]