rt2x00: Preserve descriptor information after memmove()

Due to usage of memmove() in rt2x00usb the descriptor can become corrupted because it is being overwritten by the data part. Overall having the descriptor in front of the frame is a bad idea, we can however use the skb->cb array for this task, since that contains more then enough room to hold the entire descriptor and preserve the information long enough. After this we can also cleanup the alignment code a bit to make it work a bit more flexible to allow for all kinds of odd header lengths. Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Ivo van Doorn <ivdoorn@gmail.com> 2008-05-10 07:43:38 -0400
committer: John W. Linville <linville@tuxdriver.com> 2008-05-21 21:47:32 -0400
commit: 70a96109439cba0af0780ee1dc25ec7ed15f0bae (patch)
tree: 1e6feb2b77486a90012f117201c13b35ab2020d7 /drivers/net/wireless/rt2x00/rt2x00usb.c
parent: 61448f88078e813bbaaa58eb775d650c85e7d407 (diff)
1 files changed, 42 insertions, 18 deletions
diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c
index caee65e82198..f72b3d07a42d 100644
--- a/drivers/net/wireless/rt2x00/rt2x00usb.c
+++ b/drivers/net/wireless/rt2x00/rt2x00usb.c
@@ -246,22 +246,35 @@ static struct sk_buff* rt2x00usb_alloc_rxskb(struct data_queue *queue)
 {
        struct sk_buff *skb;
        unsigned int frame_size;
+        unsigned int reserved_size;
        /*
-         * As alignment we use 2 and not NET_IP_ALIGN because we need
+         * The frame size includes descriptor size, because the
-         * to be sure we have 2 bytes room in the head. (NET_IP_ALIGN
+         * hardware directly receive the frame into the skbuffer.
-         * can be 0 on some hardware). We use these 2 bytes for frame
-         * alignment later, we assume that the chance that
-         * header_size % 4 == 2 is bigger then header_size % 2 == 0
-         * and thus optimize alignment by reserving the 2 bytes in
-         * advance.
         */
        frame_size = queue->data_size + queue->desc_size;
-        skb = dev_alloc_skb(queue->desc_size + frame_size + 2);
+        /*
+         * For the allocation we should keep a few things in mind:
+         * 1) 4byte alignment of 802.11 payload
+         *
+         * For (1) we need at most 4 bytes to guarentee the correct
+         * alignment. We are going to optimize the fact that the chance
+         * that the 802.11 header_size % 4 == 2 is much bigger then
+         * anything else. However since we need to move the frame up
+         * to 3 bytes to the front, which means we need to preallocate
+         * 6 bytes.
+         */
+        reserved_size = 6;
+        /*
+         * Allocate skbuffer.
+         */
+        skb = dev_alloc_skb(frame_size + reserved_size);
        if (!skb)
                return NULL;
-        skb_reserve(skb, queue->desc_size + 2);
+        skb_reserve(skb, reserved_size);
        skb_put(skb, frame_size);
        return skb;
@@ -274,7 +287,8 @@ static void rt2x00usb_interrupt_rxdone(struct urb *urb)
        struct sk_buff *skb;
        struct skb_frame_desc *skbdesc;
        struct rxdone_entry_desc rxdesc;
-        int header_size;
+        unsigned int header_size;
+        unsigned int align;
        if (!test_bit(DEVICE_ENABLED_RADIO, &rt2x00dev->flags) ||
            !test_and_clear_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags))
@@ -298,19 +312,29 @@ static void rt2x00usb_interrupt_rxdone(struct urb *urb)
        memset(&rxdesc, 0, sizeof(rxdesc));
        rt2x00dev->ops->lib->fill_rxdone(entry, &rxdesc);
+        header_size = ieee80211_get_hdrlen_from_skb(entry->skb);
        /*
         * The data behind the ieee80211 header must be
-         * aligned on a 4 byte boundary.
+         * aligned on a 4 byte boundary. We already reserved
+         * 2 bytes for header_size % 4 == 2 optimization.
+         * To determine the number of bytes which the data
+         * should be moved to the left, we must add these
+         * 2 bytes to the header_size.
         */
-        header_size = ieee80211_get_hdrlen_from_skb(entry->skb);
+        align = (header_size + 2) % 4;
-        if (header_size % 4 == 0) {
-                skb_push(entry->skb, 2);
+        if (align) {
-                memmove(entry->skb->data, entry->skb->data + 2,
+                skb_push(entry->skb, align);
-                        entry->skb->len - 2);
+                /* Move entire frame in 1 command */
-                skbdesc->data = entry->skb->data;
+                memmove(entry->skb->data, entry->skb->data + align,
-                skb_trim(entry->skb,entry->skb->len - 2);
+                        rxdesc.size);
        }
+        /* Update data pointers, trim buffer to correct size */
+        skbdesc->data = entry->skb->data;
+        skb_trim(entry->skb, rxdesc.size);
        /*
         * Allocate a new sk buffer to replace the current one.
         * If allocation fails, we should drop the current frame
author	Ivo van Doorn <ivdoorn@gmail.com>	2008-05-10 07:43:38 -0400
committer	John W. Linville <linville@tuxdriver.com>	2008-05-21 21:47:32 -0400
commit	70a96109439cba0af0780ee1dc25ec7ed15f0bae (patch)
tree	1e6feb2b77486a90012f117201c13b35ab2020d7 /drivers/net/wireless/rt2x00/rt2x00usb.c
parent	61448f88078e813bbaaa58eb775d650c85e7d407 (diff)

diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c index caee65e82198..f72b3d07a42d 100644 --- a/drivers/net/wireless/rt2x00/rt2x00usb.c +++ b/drivers/net/wireless/rt2x00/rt2x00usb.c
@@ -246,22 +246,35 @@ static struct sk_buff* rt2x00usb_alloc_rxskb(struct data_queue *queue)
246	{	246	{
247	struct sk_buff *skb;	247	struct sk_buff *skb;
248	unsigned int frame_size;	248	unsigned int frame_size;
		249	unsigned int reserved_size;
249		250
250	/*	251	/*
251	* As alignment we use 2 and not NET_IP_ALIGN because we need	252	* The frame size includes descriptor size, because the
252	* to be sure we have 2 bytes room in the head. (NET_IP_ALIGN	253	* hardware directly receive the frame into the skbuffer.
253	* can be 0 on some hardware). We use these 2 bytes for frame
254	* alignment later, we assume that the chance that
255	* header_size % 4 == 2 is bigger then header_size % 2 == 0
256	* and thus optimize alignment by reserving the 2 bytes in
257	* advance.
258	*/	254	*/
259	frame_size = queue->data_size + queue->desc_size;	255	frame_size = queue->data_size + queue->desc_size;
260	skb = dev_alloc_skb(queue->desc_size + frame_size + 2);	256
		257	/*
		258	* For the allocation we should keep a few things in mind:
		259	* 1) 4byte alignment of 802.11 payload
		260	*
		261	* For (1) we need at most 4 bytes to guarentee the correct
		262	* alignment. We are going to optimize the fact that the chance
		263	* that the 802.11 header_size % 4 == 2 is much bigger then
		264	* anything else. However since we need to move the frame up
		265	* to 3 bytes to the front, which means we need to preallocate
		266	* 6 bytes.
		267	*/
		268	reserved_size = 6;
		269
		270	/*
		271	* Allocate skbuffer.
		272	*/
		273	skb = dev_alloc_skb(frame_size + reserved_size);
261	if (!skb)	274	if (!skb)
262	return NULL;	275	return NULL;
263		276
264	skb_reserve(skb, queue->desc_size + 2);	277	skb_reserve(skb, reserved_size);
265	skb_put(skb, frame_size);	278	skb_put(skb, frame_size);
266		279
267	return skb;	280	return skb;
@@ -274,7 +287,8 @@ static void rt2x00usb_interrupt_rxdone(struct urb *urb)
274	struct sk_buff *skb;	287	struct sk_buff *skb;
275	struct skb_frame_desc *skbdesc;	288	struct skb_frame_desc *skbdesc;
276	struct rxdone_entry_desc rxdesc;	289	struct rxdone_entry_desc rxdesc;
277	int header_size;	290	unsigned int header_size;
		291	unsigned int align;
278		292
279	if (!test_bit(DEVICE_ENABLED_RADIO, &rt2x00dev->flags) \|\|	293	if (!test_bit(DEVICE_ENABLED_RADIO, &rt2x00dev->flags) \|\|
280	!test_and_clear_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags))	294	!test_and_clear_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags))
@@ -298,19 +312,29 @@ static void rt2x00usb_interrupt_rxdone(struct urb *urb)
298	memset(&rxdesc, 0, sizeof(rxdesc));	312	memset(&rxdesc, 0, sizeof(rxdesc));
299	rt2x00dev->ops->lib->fill_rxdone(entry, &rxdesc);	313	rt2x00dev->ops->lib->fill_rxdone(entry, &rxdesc);
300		314
		315	header_size = ieee80211_get_hdrlen_from_skb(entry->skb);
		316
301	/*	317	/*
302	* The data behind the ieee80211 header must be	318	* The data behind the ieee80211 header must be
303	* aligned on a 4 byte boundary.	319	* aligned on a 4 byte boundary. We already reserved
		320	* 2 bytes for header_size % 4 == 2 optimization.
		321	* To determine the number of bytes which the data
		322	* should be moved to the left, we must add these
		323	* 2 bytes to the header_size.
304	*/	324	*/
305	header_size = ieee80211_get_hdrlen_from_skb(entry->skb);	325	align = (header_size + 2) % 4;
306	if (header_size % 4 == 0) {	326
307	skb_push(entry->skb, 2);	327	if (align) {
308	memmove(entry->skb->data, entry->skb->data + 2,	328	skb_push(entry->skb, align);
309	entry->skb->len - 2);	329	/* Move entire frame in 1 command */
310	skbdesc->data = entry->skb->data;	330	memmove(entry->skb->data, entry->skb->data + align,
311	skb_trim(entry->skb,entry->skb->len - 2);	331	rxdesc.size);
312	}	332	}
313		333
		334	/* Update data pointers, trim buffer to correct size */
		335	skbdesc->data = entry->skb->data;
		336	skb_trim(entry->skb, rxdesc.size);
		337
314	/*	338	/*
315	* Allocate a new sk buffer to replace the current one.	339	* Allocate a new sk buffer to replace the current one.
316	* If allocation fails, we should drop the current frame	340	* If allocation fails, we should drop the current frame