@@ -270,12 +270,14 @@ enum hif_tmplt {
HIF_TMPLT_NA = 0x7
};
+#define HIF_API_MAX_TEMPLATE_FRAME_SIZE 700
+
struct hif_mib_template_frame {
u8 frame_type;
u8 init_rate:7;
u8 mode:1;
__le16 frame_length;
- u8 frame[700];
+ u8 frame[];
} __packed;
struct hif_mib_beacon_wake_up_period {
@@ -148,6 +148,7 @@ int hif_set_template_frame(struct wfx_vif *wvif, struct sk_buff *skb,
{
struct hif_mib_template_frame *arg;
+ WARN(skb->len > HIF_API_MAX_TEMPLATE_FRAME_SIZE, "frame is too big");
skb_push(skb, 4);
arg = (struct hif_mib_template_frame *)skb->data;
skb_pull(skb, 4);
@@ -155,7 +156,7 @@ int hif_set_template_frame(struct wfx_vif *wvif, struct sk_buff *skb,
arg->frame_type = frame_type;
arg->frame_length = cpu_to_le16(skb->len);
return hif_write_mib(wvif->wdev, wvif->id, HIF_MIB_ID_TEMPLATE_FRAME,
- arg, sizeof(*arg));
+ arg, sizeof(*arg) + skb->len);
}
int hif_set_mfp(struct wfx_vif *wvif, bool capable, bool required)