re: kern/54486: athn driver panics on arm

To: gnats-bugs%netbsd.org@localhost
Subject: re: kern/54486: athn driver panics on arm
From: matthew green <mrg%eterna.com.au@localhost>
Date: Sat, 24 Aug 2019 10:21:19 +1000

could you try this patch?


.mrg.


Index: if_athn_usb.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/if_athn_usb.c,v
retrieving revision 1.34
diff -p -u -r1.34 if_athn_usb.c
--- if_athn_usb.c	3 Jun 2019 09:58:31 -0000	1.34
+++ if_athn_usb.c	24 Aug 2019 00:20:44 -0000
@@ -2450,8 +2450,8 @@ athn_usb_tx(struct athn_softc *sc, struc
 	struct ieee80211_key *k = NULL;
 	struct ar_stream_hdr *hdr;
 	struct ar_htc_frame_hdr *htc;
-	struct ar_tx_frame *txf;
 	struct ar_tx_mgmt *txm;
+	uint8_t *next;
 	uint8_t *frm;
 	uint8_t sta_index, qid, tid;
 	int error, s, xferlen;
@@ -2497,30 +2497,35 @@ athn_usb_tx(struct athn_softc *sc, struc
 
 	/* NB: We don't take advantage of USB Tx stream mode for now. */
 	hdr = (struct ar_stream_hdr *)data->buf;
+	next = data->buf + sizeof(*hdr);
 	hdr->tag = htole16(AR_USB_TX_STREAM_TAG);
 
-	htc = (struct ar_htc_frame_hdr *)&hdr[1];
+	htc = (struct ar_htc_frame_hdr *)next;
+	next = next + sizeof(*htc);
 	memset(htc, 0, sizeof(*htc));
 	if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
 	    IEEE80211_FC0_TYPE_DATA) {
 		htc->endpoint_id = usc->usc_ep_data[qid];
+		struct ar_tx_frame txf = {0};
+		struct ar_tx_frame *txfp;
 
-		txf = (struct ar_tx_frame *)&htc[1];
-		memset(txf, 0, sizeof(*txf));
-		txf->data_type = AR_HTC_NORMAL;
-		txf->node_idx = sta_index;
-		txf->vif_idx = 0;
-		txf->tid = tid;
+		txf.data_type = AR_HTC_NORMAL;
+		txf.node_idx = sta_index;
+		txf.vif_idx = 0;
+		txf.tid = tid;
 		if (m->m_pkthdr.len + IEEE80211_CRC_LEN > ic->ic_rtsthreshold)
-			txf->flags |= htobe32(AR_HTC_TX_RTSCTS);
+			txf.flags |= htobe32(AR_HTC_TX_RTSCTS);
 		else if (ic->ic_flags & IEEE80211_F_USEPROT) {
 			if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
-				txf->flags |= htobe32(AR_HTC_TX_CTSONLY);
+				txf.flags |= htobe32(AR_HTC_TX_CTSONLY);
 			else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
-				txf->flags |= htobe32(AR_HTC_TX_RTSCTS);
+				txf.flags |= htobe32(AR_HTC_TX_RTSCTS);
 		}
-		txf->key_idx = 0xff;
-		frm = (uint8_t *)&txf[1];
+		txf.key_idx = 0xff;
+		txfp = (struct ar_tx_frame *)next;
+		next = next + sizeof *txfp;
+		memcpy(txfp, &txf, sizeof txf);
+		frm = next;
 	} else {
 		htc->endpoint_id = usc->usc_ep_mgmt;

References:
- Re: kern/54486: athn driver panics on arm
  - From: Andreas Gustafsson

Prev by Date: re: kern/54486: athn driver panics on arm
Next by Date: re: kern/54486: athn driver panics on arm
Previous by Thread: re: kern/54486: athn driver panics on arm
Next by Thread: re: kern/54486: athn driver panics on arm
Indexes:

Home | Main Index | Thread Index | Old Index