From: David Woodhouse Date: Mon, 17 Dec 2007 04:26:54 +0000 (-0500) Subject: libertas: fix buffer handling of PS_MODE commands and responses X-Git-Tag: firefly_0821_release~23655^2~308 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=38bfab1a01c66cb1a5001dc702b0856b2f942fd5;p=firefly-linux-kernel-4.4.55.git libertas: fix buffer handling of PS_MODE commands and responses Commit 5b8845345e7385d2eb37fac22ba9ab6905988be5 (or, in case the git workflow is broken and patches get recommitted, the commit entitled 'libertas: rename and re-type bufvirtualaddr to cmdbuf' by dcbw), introduced a number of bugs where we once had a pointer to a command _payload_, but now we use the pointer to the command header instead. The fix isn't wonderfully pretty for now, but it'll get better when we finish converting all commands so the structures include the header. Signed-off-by: David Woodhouse Signed-off-by: John W. Linville --- diff --git a/drivers/net/wireless/libertas/cmd.c b/drivers/net/wireless/libertas/cmd.c index 7682b9d27de3..2765b9c20851 100644 --- a/drivers/net/wireless/libertas/cmd.c +++ b/drivers/net/wireless/libertas/cmd.c @@ -1175,7 +1175,7 @@ static void lbs_queue_cmd(struct lbs_private *priv, /* Exit_PS command needs to be queued in the header always. */ if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) { - struct cmd_ds_802_11_ps_mode *psm = (void *) cmdnode->cmdbuf; + struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf[1]; if (psm->action == cpu_to_le16(CMD_SUBCMD_EXIT_PS)) { if (priv->psstate != PS_STATE_FULL_POWER) @@ -1889,7 +1889,7 @@ int lbs_execute_next_command(struct lbs_private *priv) * PS command. Ignore it if it is not Exit_PS. * otherwise send it down immediately. */ - struct cmd_ds_802_11_ps_mode *psm = (void *)cmd; + struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1]; lbs_deb_host( "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n", diff --git a/drivers/net/wireless/libertas/cmdresp.c b/drivers/net/wireless/libertas/cmdresp.c index ef63c376c552..c05fef04c432 100644 --- a/drivers/net/wireless/libertas/cmdresp.c +++ b/drivers/net/wireless/libertas/cmdresp.c @@ -678,7 +678,7 @@ int lbs_process_rx_command(struct lbs_private *priv) priv->cur_cmd_retcode = result; if (respcmd == CMD_RET(CMD_802_11_PS_MODE)) { - struct cmd_ds_802_11_ps_mode *psmode = (void *) resp; + struct cmd_ds_802_11_ps_mode *psmode = (void *) &resp[1]; u16 action = le16_to_cpu(psmode->action); lbs_deb_host(