diff options
author | Stanislaw Gruszka <sgruszka@redhat.com> | 2018-10-03 12:52:24 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2018-10-05 20:05:44 +0200 |
commit | c87dff8cc39a2da52d98949cc1f3e9befd19cb83 (patch) | |
tree | 789ca2637b71781a60d717860e71c6a055c6048e | |
parent | mt76: fix header guard macro define names (diff) | |
download | linux-c87dff8cc39a2da52d98949cc1f3e9befd19cb83.tar.xz linux-c87dff8cc39a2da52d98949cc1f3e9befd19cb83.zip |
mt76: fix frag length allocation for usb
This is correct fix for c12128ce44b0 ("mt76: use a per rx queue page
fragment cache"). We use wrong length when we allocate segments for
MCU transmissions, which require bigger segment size than e->buf_size.
Commit 481bb0432414 ("mt76: usb: make rx page_frag_cache access atomic")
partially solved the problem or actually mask it by changing
mt76u_mcu_init_rx() and mt76u_alloc_queues() sequence, so e->buf_size
become non zero any longer, but still not big enough to handle MCU data.
Patch fixes memory corruption which can manifest itself as random,
not easy to reproduce crashes, during mt76 driver load or unload.
Fixes: c12128ce44b0 ("mt76: use a per rx queue page fragment cache")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
-rw-r--r-- | drivers/net/wireless/mediatek/mt76/usb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c index de7785c4f6af..6b643ea701e3 100644 --- a/drivers/net/wireless/mediatek/mt76/usb.c +++ b/drivers/net/wireless/mediatek/mt76/usb.c @@ -286,7 +286,7 @@ mt76u_fill_rx_sg(struct mt76_dev *dev, struct mt76u_buf *buf, void *data; int offset; - data = page_frag_alloc(&q->rx_page, q->buf_size, GFP_ATOMIC); + data = page_frag_alloc(&q->rx_page, len, GFP_ATOMIC); if (!data) break; |