wlcore: add space for private area when allocating fw_status

When allocating the fw_status structure, the space for the
lower-driver private area was missing.  This was causing an illegal
write outside the allocated area, which was causing random oopses
around the kernel.

Signed-off-by: Luciano Coelho <coelho@ti.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>

diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c
index 395da0b3377b628a8d4dd514486e3b4ab5f3ada6..bc33ee25f7d19655f7d1d64489dfb3cd9b080346 100644 (file)
--- a/drivers/net/wireless/ti/wlcore/main.c
+++ b/drivers/net/wireless/ti/wlcore/main.c
@@ -904,7 +904,8 @@ static void wl1271_fw_wakeup(struct wl1271 *wl)
 static int wl1271_setup(struct wl1271 *wl)
 {
        wl->fw_status_1 = kmalloc(WLCORE_FW_STATUS_1_LEN(wl->num_rx_desc) +
-                                 sizeof(*wl->fw_status_2), GFP_KERNEL);
+                                 sizeof(*wl->fw_status_2) +
+                                 wl->fw_status_priv_len, GFP_KERNEL);
        if (!wl->fw_status_1)
                return -ENOMEM;