no crash! fix the buffer free bug on `p_csi`

2019-01-14 15:48:48 -06:00 · 2019-01-14 15:48:48 -06:00 · db47c654cc
parent 12a7f0af44
commit db47c654cc
3 changed files with 15 additions and 9 deletions
--- a/src/csi_extraction.c
+++ b/src/csi_extraction.c
@ -149,9 +149,15 @@ create_new_csi_frame(struct wl_info *wl, struct sk_buff *p, struct wlc_d11rxhdr

    missing_csi_frames = wlc_rxhdr->rxhdr.NexmonExt;

+    // before create, first free the buffer no matter what
+    pkt_buf_free_skb(osh, p_csi, 0);
    // create new csi frame
    p_csi = pkt_buf_get_skb(osh, sizeof(struct csi_udp_frame) + missing_csi_frames * (RX_HDR_LEN * 2));
-    printf("p_csi = %X, missing_frame = %d\n", p_csi, missing_csi_frames);
+
+    if (!p_csi) {
+        printf("failed to allocate new %d-byte packet\n", sizeof(struct csi_udp_frame) + missing_csi_frames * (RX_HDR_LEN * 2));
+        return;
+    }
    inserted_csi_values = 0;

    struct csi_udp_frame *udpfrm = (struct csi_udp_frame *) p_csi->data;
@ -236,8 +242,8 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc
                printf("xmit\n");
                wl->dev->chained->funcs->xmit(wl->dev, wl->dev->chained, p_csi);
                printf("sent\n");
+                pkt_buf_free_skb(osh, p_csi, 0);
                p_csi = 0;
-                //pkt_buf_free_skb(osh, p_csi, 0);
                //printf("cleaning p_csi done\n");
                //p_csi = 0;
            }
@ -262,7 +268,7 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc
    } else if (p_csi != 0) {
        printf("missing csi, re-initializing p_csi\n");
        pkt_buf_free_skb(osh, p_csi, 0);
-        //p_csi = 0;
+        p_csi = 0;
    }
    // only continue processing this frame, if it is not a csi frame
    // printf("start non-csi frame\n");
--- a/src/ucode.asm
+++ b/src/ucode.asm
@ -2908,9 +2908,9 @@ spin_rx_end:
 jne [6,off1], SPARE1, skip+
 mov [CMP_DST_MAC_2], SPARE1
 jne [7,off1], SPARE1, skip+
- add [COUNTER], 1, [COUNTER]
- and [COUNTER], 0x3, [COUNTER]
- jne [COUNTER], 0, skip+
+ //add [COUNTER], 1, [COUNTER]
+ //and [COUNTER], 0x3, [COUNTER]
+ //jne [COUNTER], 0, skip+
 mov 1, r55
 or [5,off1], 0x0, [CMP_DST_MAC_SAVE_0]
 or [6,off1], 0x0, [CMP_DST_MAC_SAVE_1]
--- a/src/ucode.patch
+++ b/src/ucode.patch
@ -75,9 +75,9 @@
 + jne [6,off1], SPARE1, skip+
 + mov [CMP_DST_MAC_2], SPARE1
 + jne [7,off1], SPARE1, skip+
-+ add [COUNTER], 1, [COUNTER]
-+ and [COUNTER], 0x3, [COUNTER]
-+ jne [COUNTER], 0, skip+
+ //add [COUNTER], 1, [COUNTER]
+ //and [COUNTER], 0x3, [COUNTER]
+ //jne [COUNTER], 0, skip+
 + mov 1, r55
 + or [5,off1], 0x0, [CMP_DST_MAC_SAVE_0]
 + or [6,off1], 0x0, [CMP_DST_MAC_SAVE_1]