From f4edfc69a352d8de7bb1b334d514c9f611692b5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Mon, 25 Apr 2016 15:32:20 +0000 Subject: [PATCH] mac80211: add brcmfmac regression ("NULL pointer dereference") fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rafał Miłecki SVN-Revision: 49222 --- ...fmac-add-missing-eth_type_trans-call.patch | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 package/kernel/mac80211/patches/860-brcmfmac-add-missing-eth_type_trans-call.patch diff --git a/package/kernel/mac80211/patches/860-brcmfmac-add-missing-eth_type_trans-call.patch b/package/kernel/mac80211/patches/860-brcmfmac-add-missing-eth_type_trans-call.patch new file mode 100644 index 0000000000..7100820710 --- /dev/null +++ b/package/kernel/mac80211/patches/860-brcmfmac-add-missing-eth_type_trans-call.patch @@ -0,0 +1,26 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Subject: [PATCH] brcmfmac: add missing eth_type_trans call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There are 2 protocols supported by brcmfmac and msgbuf one was missing a +proper skb setup before passing it to the netif. This was triggering +"NULL pointer dereference". + +Fixes: 9c349892ccc9 ("brcmfmac: revise handling events in receive path") +Signed-off-by: Rafał Miłecki +--- + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c +@@ -1157,6 +1157,9 @@ brcmf_msgbuf_process_rx_complete(struct brcmf_msgbuf *msgbuf, void *buf) + brcmu_pkt_buf_free_skb(skb); + return; + } ++ ++ skb->protocol = eth_type_trans(skb, ifp->ndev); ++ + brcmf_netif_rx(ifp, skb); + } +