Skip to content

Commit

Permalink
rt2x00: Fix the beacon length bug
Browse files Browse the repository at this point in the history 
When setting up a beacon template, the length of the beacon is
calculated with the assumption that the SKB already contains
the Tx descriptor. In the case of beacons it doesn't.

This patch undoes the damage by adding the Tx descriptor length
to the beacon length. This is safe, because the shortest possible
beacon is longer than the Tx header.

Signed-off-by: Iwo Mergler <Iwo@call-direct.com.au>
Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
  • Loading branch information
Iwo Mergler authored and John W. Linville committed Jul 29, 2008
1 parent 3e0c1ab commit b93ce43
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
12 changes: 12 additions & 0 deletions drivers/net/wireless/rt2x00/rt2500usb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1121,6 +1121,7 @@ static void rt2500usb_write_beacon(struct queue_entry *entry)
int pipe = usb_sndbulkpipe(usb_dev, 1);
int length;
u16 reg;
u32 word, len;

/*
* Add the descriptor in front of the skb.
Expand All @@ -1129,6 +1130,17 @@ static void rt2500usb_write_beacon(struct queue_entry *entry)
memcpy(entry->skb->data, skbdesc->desc, skbdesc->desc_len);
skbdesc->desc = entry->skb->data;

/*
* Adjust the beacon databyte count. The current number is
* calculated before this function gets called, but falsely
* assumes that the descriptor was already present in the SKB.
*/
rt2x00_desc_read(skbdesc->desc, 0, &word);
len = rt2x00_get_field32(word, TXD_W0_DATABYTE_COUNT);
len += skbdesc->desc_len;
rt2x00_set_field32(&word, TXD_W0_DATABYTE_COUNT, len);
rt2x00_desc_write(skbdesc->desc, 0, word);

/*
* Disable beaconing while we are reloading the beacon data,
* otherwise we might be sending out invalid data.
Expand Down
12 changes: 12 additions & 0 deletions drivers/net/wireless/rt2x00/rt73usb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1330,6 +1330,7 @@ static void rt73usb_write_beacon(struct queue_entry *entry)
struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
unsigned int beacon_base;
u32 reg;
u32 word, len;

/*
* Add the descriptor in front of the skb.
Expand All @@ -1338,6 +1339,17 @@ static void rt73usb_write_beacon(struct queue_entry *entry)
memcpy(entry->skb->data, skbdesc->desc, skbdesc->desc_len);
skbdesc->desc = entry->skb->data;

/*
* Adjust the beacon databyte count. The current number is
* calculated before this function gets called, but falsely
* assumes that the descriptor was already present in the SKB.
*/
rt2x00_desc_read(skbdesc->desc, 0, &word);
len = rt2x00_get_field32(word, TXD_W0_DATABYTE_COUNT);
len += skbdesc->desc_len;
rt2x00_set_field32(&word, TXD_W0_DATABYTE_COUNT, len);
rt2x00_desc_write(skbdesc->desc, 0, word);

/*
* Disable beaconing while we are reloading the beacon data,
* otherwise we might be sending out invalid data.
Expand Down

0 comments on commit b93ce43

Please sign in to comment.