On Tue, 2013-03-12 at 15:31 -0700, Greg Kroah-Hartman wrote: > 3.8-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Johannes Berg <[email protected]> > > commit 8a964f44e01ad3bbc208c3e80d931ba91b9ea786 upstream. [...] > --- a/drivers/net/wireless/iwlwifi/pcie/tx.c > +++ b/drivers/net/wireless/iwlwifi/pcie/tx.c [...] > @@ -1221,14 +1238,31 @@ static int iwl_pcie_enqueue_hcmd(struct > > /* and copy the data that needs to be copied */ > cmd_pos = offsetof(struct iwl_device_cmd, payload); > + copy_size = sizeof(out_cmd->hdr); > for (i = 0; i < IWL_MAX_CMD_TFDS; i++) { > - if (!cmd->len[i]) > + int copy = 0; > + > + if (!cmd->len) > continue;
cmd->len is an array, so the new condition is always false. Shouldn't
it be 'if (!cmdlen[i])'?
Ben.
> - if (cmd->dataflags[i] & (IWL_HCMD_DFL_NOCOPY |
> - IWL_HCMD_DFL_DUP))
> - break;
> - memcpy((u8 *)out_cmd + cmd_pos, cmd->data[i], cmd->len[i]);
> - cmd_pos += cmd->len[i];
> +
> + /* need at least IWL_HCMD_MIN_COPY_SIZE copied */
> + if (copy_size < IWL_HCMD_MIN_COPY_SIZE) {
> + copy = IWL_HCMD_MIN_COPY_SIZE - copy_size;
> +
> + if (copy > cmd->len[i])
> + copy = cmd->len[i];
> + }
> +
> + /* copy everything if not nocopy/dup */
> + if (!(cmd->dataflags[i] & (IWL_HCMD_DFL_NOCOPY |
> + IWL_HCMD_DFL_DUP)))
> + copy = cmd->len[i];
> +
> + if (copy) {
> + memcpy((u8 *)out_cmd + cmd_pos, cmd->data[i], copy);
> + cmd_pos += copy;
> + copy_size += copy;
> + }
> }
>
> WARN_ON_ONCE(txq->entries[idx].copy_cmd);
[...]
--
Ben Hutchings
Humans are not rational beings; they are rationalising beings.
signature.asc
Description: This is a digitally signed message part
