rtl8188eu: Address warning in createbss_hdl()

The code issues a warning as follows:

[ 817.111258] WARNING: CPU: 5 PID: 772 at createbss_hdl+0x120/0x148 [8188eu]
[ 817.111502] Modules linked in: 8188eu(O) cfg80211 lib80211 [last unloaded: 8188eu]
[ 817.111520] CPU: 5 PID: 772 Comm: RTW_CMD_THREAD Tainted: G WC O 5.10.145-rt74+g1594b25154a2 #1
[ 817.111527] Hardware name: NXP S32G399A-RDB3 (DT)
[ 817.111531] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)
[ 817.111537] pc : createbss_hdl+0x120/0x148 [8188eu]
[ 817.111672] lr : rtw_cmd_thread+0x454/0x548 [8188eu]
[ 817.111806] sp : ffffffc013db3da0
[ 817.111808] x29: ffffffc013db3da0 x28: ffffffc0089c9168
[ 817.111815] x27: ffffffc008909f74 x26: 0000000000001400
[ 817.111821] x25: ffffffc0089c90f8 x24: ffffffc011010320
[ 817.111827] x23: ffffffc011010400 x22: 000000010001f8f3
[ 817.111833] x21: ffffffc011010350 x20: ffffffc01100f000
[ 817.111839] x19: ffffffc01100f000 x18: 0000000000000000
[ 817.111845] x17: 0000000000000001 x16: 0000000000000000
[ 817.111851] x15: 001fffffffffffff x14: 00000000001d7000
[ 817.111857] x13: 0000000000000370 x12: 0000000000000000
[ 817.111863] x11: 0000000000000370 x10: 00000000000008e0
[ 817.111868] x9 : ffffffc013db3960 x8 : ffffff880230eb00
[ 817.111874] x7 : 0000000000000001 x6 : ffffff8804ea9206
[ 817.111880] x5 : 0000800020000000 x4 : 0000000000000000
[ 817.111886] x3 : 000000000000ffff x2 : 0000000000000006
[ 817.111893] x1 : ffffff8804ea9200 x0 : 0000000000000000
[ 817.111900] Call trace:
[ 817.111903] createbss_hdl+0x120/0x148 [8188eu]
[ 817.112037] rtw_cmd_thread+0x454/0x548 [8188eu]
[ 817.112170] kthread+0x178/0x180
[ 817.112184] ret_from_fork+0x10/0x30
[ 817.112193] ---[ end trace 00f853683c01e7a3 ]---

My investigation shows that the test for an invalid length was placed after
the memcpy() call that generates this warning.

The fix is to move the test above the memcpy, and to increase the maximum
size of the IE buffer.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
This commit is contained in:
Larry Finger 2023-06-30 11:28:23 -05:00
parent f435a10625
commit 573b2f4e6e
2 changed files with 5 additions and 5 deletions

View file

@ -12891,15 +12891,15 @@ u8 createbss_hdl(_adapter *padapter, u8 *pbuf)
/* clear CAM */ /* clear CAM */
flush_all_cam_entry(padapter); flush_all_cam_entry(padapter);
pdev_network->Length = get_WLAN_BSSID_EX_sz(pdev_network);
memcpy(pnetwork, pdev_network, FIELD_OFFSET(WLAN_BSSID_EX, IELength));
pnetwork->IELength = pdev_network->IELength;
if (pnetwork->IELength > MAX_IE_SZ) { if (pnetwork->IELength > MAX_IE_SZ) {
ret = H2C_PARAMETERS_ERROR; ret = H2C_PARAMETERS_ERROR;
goto ibss_post_hdl; goto ibss_post_hdl;
} }
pdev_network->Length = get_WLAN_BSSID_EX_sz(pdev_network);
memcpy(pnetwork, pdev_network, pdev_network->IELength);
pnetwork->IELength = pdev_network->IELength;
memcpy(pnetwork->IEs, pdev_network->IEs, pnetwork->IELength); memcpy(pnetwork->IEs, pdev_network->IEs, pnetwork->IELength);
start_create_ibss(padapter); start_create_ibss(padapter);
} else { } else {

View file

@ -5,7 +5,7 @@
#define __WLAN_BSSDEF_H__ #define __WLAN_BSSDEF_H__
#define MAX_IE_SZ 768 #define MAX_IE_SZ 1024
#define NDIS_802_11_LENGTH_SSID 32 #define NDIS_802_11_LENGTH_SSID 32
#define NDIS_802_11_LENGTH_RATES 8 #define NDIS_802_11_LENGTH_RATES 8