From: Johannes Berg <johannes.b...@intel.com>
If the firmware ever decides to send any new/more notifications
to the RSS queues, the driver would currently try to interpret
those as REPLY_RX_MPDU_CMD and, if the notification was small,
access invalid memory.
Prevent that by checking for REPLY_RX_MPDU_CMD explicitly which
allows ignoring unexpected notifications.
Signed-off-by: Johannes Berg <johannes.b...@intel.com>
Signed-off-by: Luca Coelho <luciano.coe...@intel.com>
---
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
index 55d9096..43ea1e5 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/ops.c
@@ -1672,7 +1672,7 @@ static void iwl_mvm_rx_mq_rss(struct iwl_op_mode *op_mode,
else if (unlikely(pkt->hdr.cmd == RX_QUEUES_NOTIFICATION &&
pkt->hdr.group_id == DATA_PATH_GROUP))
iwl_mvm_rx_queue_notif(mvm, rxb, queue);
- else
+ else if (likely(pkt->hdr.cmd == REPLY_RX_MPDU_CMD))
iwl_mvm_rx_mpdu_mq(mvm, napi, rxb, queue);
}
--
2.9.3
