Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / dba5dc1ae9764902f46d5225c9ff40e4f7b614c7^! / . / drivers / net / wireless / rt2x00 / rt2x00usb.c
commitdba5dc1ae9764902f46d5225c9ff40e4f7b614c7[log] [tgz]
authorIvo van Doorn <ivdoorn@gmail.com>Mon Dec 13 12:36:18 2010 +0100
committerJohn W. Linville <linville@tuxdriver.com>Mon Dec 13 15:23:36 2010 -0500
tree693be19fa299bad11310e394fb06c0d4effb898b
parent64e7d72384c2ecef5a892b2243623af265dd83cc [diff] [blame]
rt2x00: Introduce extra queue entry sanity flag

Add a queue entry flag ENTRY_DATA_STATUS_PENDING,
which can be used to indicate a queue entry has
returned from the hardware and is waiting for
status processing. Using this flag we can add
some extra sanity checks to prevent queue corruption.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Acked-by: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c
index cd29ebc..8a16b51 100644
--- a/drivers/net/wireless/rt2x00/rt2x00usb.c
+++ b/drivers/net/wireless/rt2x00/rt2x00usb.c

@@ -195,7 +195,8 @@
 		while (!rt2x00queue_empty(queue)) {
 			entry = rt2x00queue_get_entry(queue, Q_INDEX_DONE);
 
-			if (test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags))
+			if (test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags) ||
+			    !test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))
 				break;
 
 			rt2x00usb_work_txdone_entry(entry);
@@ -237,7 +238,8 @@
 	u32 length;
 	int status;
 
-	if (!test_and_clear_bit(ENTRY_DATA_PENDING, &entry->flags))
+	if (!test_and_clear_bit(ENTRY_DATA_PENDING, &entry->flags) ||
+	    test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))
 		return;
 
 	/*
@@ -275,7 +277,8 @@
 	while (!rt2x00queue_empty(rt2x00dev->rx)) {
 		entry = rt2x00queue_get_entry(rt2x00dev->rx, Q_INDEX_DONE);
 
-		if (test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags))
+		if (test_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags) ||
+		    !test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))
 			break;
 
 		/*
@@ -327,7 +330,8 @@
 	struct queue_entry_priv_usb *entry_priv = entry->priv_data;
 	int status;
 
-	if (test_and_set_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags))
+	if (test_and_set_bit(ENTRY_OWNER_DEVICE_DATA, &entry->flags) ||
+	    test_bit(ENTRY_DATA_STATUS_PENDING, &entry->flags))
 		return;
 
 	rt2x00lib_dmastart(entry);