iwlagn: use huge command for beacon
Johannes Berg [Wed, 6 Apr 2011 19:28:56 +0000 (12:28 -0700)]
When testing some new P2P code, Angie found that the
driver might crash because the beacon command ended
up being bigger than a regular command. This is quite
obvious -- a normal command is limited to roughly 360
bytes but a beacon may be much larger of course.

To fix this, use the huge command buffer.

Reported-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>

drivers/net/wireless/iwlwifi/iwl-agn.c

index 0daeded..3cfd7eb 100644 (file)
@@ -253,6 +253,10 @@ int iwlagn_send_beacon_cmd(struct iwl_priv *priv)
        struct iwl_frame *frame;
        unsigned int frame_size;
        int rc;
+       struct iwl_host_cmd cmd = {
+               .id = REPLY_TX_BEACON,
+               .flags = CMD_SIZE_HUGE,
+       };
 
        frame = iwl_get_free_frame(priv);
        if (!frame) {
@@ -268,8 +272,10 @@ int iwlagn_send_beacon_cmd(struct iwl_priv *priv)
                return -EINVAL;
        }
 
-       rc = iwl_send_cmd_pdu(priv, REPLY_TX_BEACON, frame_size,
-                             &frame->u.cmd[0]);
+       cmd.len = frame_size;
+       cmd.data = &frame->u.cmd[0];
+
+       rc = iwl_send_cmd_sync(priv, &cmd);
 
        iwl_free_frame(priv, frame);