ath9k: Fix regression in channelwidth switch at the same channel

The commit "ath9k: Fix invalid noisefloor reading due to channel update"
preserves the current channel noisefloor readings before updating
channel type at the same channel index. It is also updating the curchan
pointer. As survey updation is also referring curchan pointer to fetch
the appropriate index, which might leads to invalid memory access. This
patch partially reverts the change and stores the noise floor history
buffer before updating channel type w/o updating curchan.

Cc: stable@kernel.org
Cc: Gary Morain <gmorain@google.com>
Cc: Paul Stewart <pstew@google.com>
Reported-by: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Rajkumar Manoharan 2012-01-09 15:37:53 +05:30 committed by John W. Linville
parent c40701eacb
commit 1a19f77f36
2 changed files with 3 additions and 6 deletions

View File

@ -400,6 +400,7 @@ bool ath9k_hw_getnf(struct ath_hw *ah, struct ath9k_channel *chan)
ah->noise = ath9k_hw_getchan_noise(ah, chan); ah->noise = ath9k_hw_getchan_noise(ah, chan);
return true; return true;
} }
EXPORT_SYMBOL(ath9k_hw_getnf);
void ath9k_init_nfcal_hist_buffer(struct ath_hw *ah, void ath9k_init_nfcal_hist_buffer(struct ath_hw *ah,
struct ath9k_channel *chan) struct ath9k_channel *chan)

View File

@ -1629,7 +1629,6 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed)
if (changed & IEEE80211_CONF_CHANGE_CHANNEL) { if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
struct ieee80211_channel *curchan = hw->conf.channel; struct ieee80211_channel *curchan = hw->conf.channel;
struct ath9k_channel old_chan;
int pos = curchan->hw_value; int pos = curchan->hw_value;
int old_pos = -1; int old_pos = -1;
unsigned long flags; unsigned long flags;
@ -1654,11 +1653,8 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed)
* Preserve the current channel values, before updating * Preserve the current channel values, before updating
* the same channel * the same channel
*/ */
if (old_pos == pos) { if (ah->curchan && (old_pos == pos))
memcpy(&old_chan, &sc->sc_ah->channels[pos], ath9k_hw_getnf(ah, ah->curchan);
sizeof(struct ath9k_channel));
ah->curchan = &old_chan;
}
ath9k_cmn_update_ichannel(&sc->sc_ah->channels[pos], ath9k_cmn_update_ichannel(&sc->sc_ah->channels[pos],
curchan, conf->channel_type); curchan, conf->channel_type);