Potential issue in ath10k_htt_tx
Ben Greear
greearb at candelatech.com
Wed Dec 13 14:52:45 PST 2017
While adding some support for radiotap tx-ratecode and no-ack features,
I noticed that info->control.rates[0] is over-written in the code below:
/* NOTE: This writes over info->control.rates[0], at least. */
skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
DMA_TO_DEVICE);
res = dma_mapping_error(dev, skb_cb->paddr);
if (res) {
res = -EIO;
goto err_free_msdu_id;
}
That made me think that the roc_freq code should be moved to the top of
this method in case it too might be corrupted (now or in the future):
if (unlikely(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN))
freq = ar->scan.roc_freq;
My code in this method has changed a lot due to the radiotap support,
so I do not have a clean patch to offer.
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the ath10k
mailing list