libertas: ensure response buffer size is always set for lbs_cmd_with_response

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

drivers/net/wireless/libertas/cmd.c

@@ -115,6 +115,7 @@ int lbs_host_sleep_cfg(struct lbs_private *priv, uint32_t criteria)
 	struct cmd_ds_host_sleep cmd_config;
 	int ret;
 
+	cmd_config.hdr.size = cpu_to_le16(sizeof(cmd_config));
 	cmd_config.criteria = cpu_to_le32(criteria);
 	cmd_config.gpio = priv->wol_gpio;
 	cmd_config.gap = priv->wol_gap;
@@ -1101,7 +1102,7 @@ int lbs_mesh_access(struct lbs_private *priv, uint16_t cmd_action,
 	lbs_deb_enter_args(LBS_DEB_CMD, "action %d", cmd_action);
 
 	cmd->hdr.command = cpu_to_le16(CMD_MESH_ACCESS);
-	cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_mesh_access) + S_DS_GEN);
+	cmd->hdr.size = cpu_to_le16(sizeof(*cmd));
 	cmd->hdr.result = 0;
 
 	cmd->action = cpu_to_le16(cmd_action);
@@ -1121,6 +1122,7 @@ int lbs_mesh_config(struct lbs_private *priv, uint16_t enable, uint16_t chan)
 	cmd.action = cpu_to_le16(enable);
 	cmd.channel = cpu_to_le16(chan);
 	cmd.type = cpu_to_le16(priv->mesh_tlv);
+	cmd.hdr.size = cpu_to_le16(sizeof(cmd));
 
 	if (enable) {
 		cmd.length = cpu_to_le16(priv->mesh_ssid_len);

drivers/net/wireless/libertas/cmd.h

@@ -9,6 +9,10 @@
 #define lbs_cmd(priv, cmdnr, cmd, cb, cb_arg)	\
 	__lbs_cmd(priv, cmdnr, &(cmd)->hdr, sizeof(*(cmd)), cb, cb_arg)
 
+
+/* lbs_cmd_with_response() infers the size of the command to be _sent_
+   and requires that the caller sets cmd->size to the (LE) size of
+   the _response_ buffer. */
 #define lbs_cmd_with_response(priv, cmdnr, cmd)	\
 	lbs_cmd(priv, cmdnr, cmd, lbs_cmd_copyback, (unsigned long) (cmd))
 

drivers/net/wireless/libertas/if_usb.c

@@ -106,6 +106,7 @@ static void if_usb_set_boot2_ver(struct lbs_private *priv)
 {
 	struct cmd_ds_set_boot2_ver b2_cmd;
 
+	b2_cmd.hdr.size = cpu_to_le16(sizeof(b2_cmd));
 	b2_cmd.action = 0;
 	b2_cmd.version = priv->boot2_version;