qmi_wwan: add support for QMAP padding in the RX path

The QMAP code in the qmi_wwan driver is based on the CodeAurora GobiNet
driver which does not process QMAP padding in the RX path correctly.
Add support for QMAP padding to qmimux_rx_fixup() according to the
description of the rmnet driver.

Fixes: c6adf77953bc ("net: usb: qmi_wwan: add qmap mux protocol support")
Cc: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index d9a6699abe592d8ef82d03f3040734f7cc3c6d0f..fd3d078a1923dca1f7e7214cc032ef9419063da6 100644 (file)
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -153,7 +153,7 @@ static bool qmimux_has_slaves(struct usbnet *dev)
 
 static int qmimux_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
 {
-       unsigned int len, offset = 0;
+       unsigned int len, offset = 0, pad_len, pkt_len;
        struct qmimux_hdr *hdr;
        struct net_device *net;
        struct sk_buff *skbn;
@@ -171,10 +171,16 @@ static int qmimux_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
                if (hdr->pad & 0x80)
                        goto skip;
 
+               /* extract padding length and check for valid length info */
+               pad_len = hdr->pad & 0x3f;
+               if (len == 0 || pad_len >= len)
+                       goto skip;
+               pkt_len = len - pad_len;
+
                net = qmimux_find_dev(dev, hdr->mux_id);
                if (!net)
                        goto skip;
-               skbn = netdev_alloc_skb(net, len);
+               skbn = netdev_alloc_skb(net, pkt_len);
                if (!skbn)
                        return 0;
                skbn->dev = net;
@@ -191,7 +197,7 @@ static int qmimux_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
                        goto skip;
                }
 
-               skb_put_data(skbn, skb->data + offset + qmimux_hdr_sz, len);
+               skb_put_data(skbn, skb->data + offset + qmimux_hdr_sz, pkt_len);
                if (netif_rx(skbn) != NET_RX_SUCCESS)
                        return 0;