Larry Finger <[email protected]> writes: > In commit 8020919a9b99 ("mac80211: Properly handle SKB with radiotap > only"), buffers whose length is too short cause a WARN_ON(1) to be > executed. This change exposed a fault in rtlwifi drivers, which is fixed > by increasing the length of the affected buffer before it is sent to > mac80211.
With what frames, or in what scenarios, do you get these warnings? > Cc: Stable <[email protected]> # v5.0+ > Signed-off-by: Larry Finger <[email protected]> > --- > V2 - added missing usage of new len > --- > Please Apply to 5.4 > --- > drivers/net/wireless/realtek/rtlwifi/pci.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/realtek/rtlwifi/pci.c > b/drivers/net/wireless/realtek/rtlwifi/pci.c > index 6087ec7a90a6..3e9185162e51 100644 > --- a/drivers/net/wireless/realtek/rtlwifi/pci.c > +++ b/drivers/net/wireless/realtek/rtlwifi/pci.c > @@ -692,12 +692,15 @@ static void _rtl_pci_rx_to_mac80211(struct ieee80211_hw > *hw, > dev_kfree_skb_any(skb); > } else { > struct sk_buff *uskb = NULL; > + int len = skb->len; > > + if (unlikely(len <= FCS_LEN)) > + len = FCS_LEN + 2; I don't understand this change, I think this needs a comment in the code, or better yet a proper define documenting the meaning of the value. What does these two bytes contain? Or are you just working around the mac80211 warning by increasing the length with a random value you chose? -- Kalle Valo
