rtlwifi: rtl8192ce: Fix kernel crashes due to missing callback entry

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In the major update of the rtlwifi-family of drivers, one of the callback entries
was missed, which leads to memory corruption. Unfortunately, this corruption
never caused a kernel oops, but showed up in other parts of the system.
This patch is one of three needed to fix the kernel regression reported at
https://bugzilla.kernel.org/show_bug.cgi?id=88951.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Catalin Iacob <iacobcatalin@gmail.com>
Tested-by: Catalin Iacob <iacobcatalin@gmail.com>
Cc: Catalin Iacob <iacobcatalin@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

authored by

Larry Finger and committed by

John W. Linville 11 years ago f892914c 99a82f73

+22

3 changed files

expand all

drivers

net

wireless

rtlwifi

rtl8192ce

sw.c

trx.c

trx.h

drivers/net/wireless/rtlwifi/rtl8192ce/sw.c

··· 228 228 .led_control = rtl92ce_led_control, 229 229 .set_desc = rtl92ce_set_desc, 230 230 .get_desc = rtl92ce_get_desc, 231 + .is_tx_desc_closed = rtl92ce_is_tx_desc_closed, 231 232 .tx_polling = rtl92ce_tx_polling, 232 233 .enable_hw_sec = rtl92ce_enable_hw_security_config, 233 234 .set_key = rtl92ce_set_key, ··· 272 271 .maps[MAC_RCR_ACRC32] = ACRC32, 273 272 .maps[MAC_RCR_ACF] = ACF, 274 273 .maps[MAC_RCR_AAP] = AAP, 274 + .maps[MAC_HIMR] = REG_HIMR, 275 + .maps[MAC_HIMRE] = REG_HIMRE, 275 276 276 277 .maps[EFUSE_TEST] = REG_EFUSE_TEST, 277 278 .maps[EFUSE_CTRL] = REG_EFUSE_CTRL,

+17

drivers/net/wireless/rtlwifi/rtl8192ce/trx.c

··· 739 739 return ret; 740 740 } 741 741 742 + bool rtl92ce_is_tx_desc_closed(struct ieee80211_hw *hw, 743 + u8 hw_queue, u16 index) 744 + { 745 + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); 746 + struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[hw_queue]; 747 + u8 *entry = (u8 *)(&ring->desc[ring->idx]); 748 + u8 own = (u8)rtl92ce_get_desc(entry, true, HW_DESC_OWN); 749 + 750 + /*beacon packet will only use the first 751 + *descriptor defautly,and the own may not 752 + *be cleared by the hardware 753 + */ 754 + if (own) 755 + return false; 756 + return true; 757 + } 758 + 742 759 void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue) 743 760 { 744 761 struct rtl_priv *rtlpriv = rtl_priv(hw);

drivers/net/wireless/rtlwifi/rtl8192ce/trx.h

··· 723 723 void rtl92ce_set_desc(struct ieee80211_hw *hw, u8 *pdesc, bool istx, 724 724 u8 desc_name, u8 *val); 725 725 u32 rtl92ce_get_desc(u8 *pdesc, bool istx, u8 desc_name); 726 + bool rtl92ce_is_tx_desc_closed(struct ieee80211_hw *hw, 727 + u8 hw_queue, u16 index); 726 728 void rtl92ce_tx_polling(struct ieee80211_hw *hw, u8 hw_queue); 727 729 void rtl92ce_tx_fill_cmddesc(struct ieee80211_hw *hw, u8 *pdesc, 728 730 bool b_firstseg, bool b_lastseg,