libertas: fix buffer handling of PS_MODE commands and responses
authorDavid Woodhouse <dwmw2@infradead.org>
Mon, 17 Dec 2007 04:26:54 +0000 (23:26 -0500)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 23:07:40 +0000 (15:07 -0800)
Commit 5b8845345e7385d2eb37fac22ba9ab6905988be5 (or, in case the git
workflow is broken and patches get recommitted, the commit entitled
'libertas: rename and re-type bufvirtualaddr to cmdbuf' by dcbw),
introduced a number of bugs where we once had a pointer to a command
_payload_, but now we use the pointer to the command header instead.

The fix isn't wonderfully pretty for now, but it'll get better when we
finish converting all commands so the structures include the header.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/libertas/cmd.c
drivers/net/wireless/libertas/cmdresp.c

index 7682b9d..2765b9c 100644 (file)
@@ -1175,7 +1175,7 @@ static void lbs_queue_cmd(struct lbs_private *priv,
 
        /* Exit_PS command needs to be queued in the header always. */
        if (le16_to_cpu(cmdnode->cmdbuf->command) == CMD_802_11_PS_MODE) {
-               struct cmd_ds_802_11_ps_mode *psm = (void *) cmdnode->cmdbuf;
+               struct cmd_ds_802_11_ps_mode *psm = (void *) &cmdnode->cmdbuf[1];
 
                if (psm->action == cpu_to_le16(CMD_SUBCMD_EXIT_PS)) {
                        if (priv->psstate != PS_STATE_FULL_POWER)
@@ -1889,7 +1889,7 @@ int lbs_execute_next_command(struct lbs_private *priv)
                                 * PS command. Ignore it if it is not Exit_PS.
                                 * otherwise send it down immediately.
                                 */
-                               struct cmd_ds_802_11_ps_mode *psm = (void *)cmd;
+                               struct cmd_ds_802_11_ps_mode *psm = (void *)&cmd[1];
 
                                lbs_deb_host(
                                       "EXEC_NEXT_CMD: PS cmd, action 0x%02x\n",
index ef63c37..c05fef0 100644 (file)
@@ -678,7 +678,7 @@ int lbs_process_rx_command(struct lbs_private *priv)
        priv->cur_cmd_retcode = result;
 
        if (respcmd == CMD_RET(CMD_802_11_PS_MODE)) {
-               struct cmd_ds_802_11_ps_mode *psmode = (void *) resp;
+               struct cmd_ds_802_11_ps_mode *psmode = (void *) &resp[1];
                u16 action = le16_to_cpu(psmode->action);
 
                lbs_deb_host(