Potential issue in ath10k_htt_tx

Ben Greear greearb at candelatech.com
Wed Dec 13 14:52:45 PST 2017


While adding some support for radiotap tx-ratecode and no-ack features,
I noticed that info->control.rates[0] is over-written in the code below:

	/* NOTE:  This writes over info->control.rates[0], at least. */
	skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
				       DMA_TO_DEVICE);
	res = dma_mapping_error(dev, skb_cb->paddr);
	if (res) {
		res = -EIO;
		goto err_free_msdu_id;
	}


That made me think that the roc_freq code should be moved to the top of
this method in case it too might be corrupted (now or in the future):

	if (unlikely(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN))
		freq = ar->scan.roc_freq;

My code in this method has changed a lot due to the radiotap support,
so I do not have a clean patch to offer.

Thanks,
Ben

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com




More information about the ath10k mailing list