rt2x00: Validate firmware in driver
authorIvo van Doorn <ivdoorn@gmail.com>
Tue, 27 Jan 2009 23:33:47 +0000 (00:33 +0100)
committerJohn W. Linville <linville@tuxdriver.com>
Mon, 9 Feb 2009 20:03:35 +0000 (15:03 -0500)
The get_firmware_crc() callback function isn't flexible
enough when dealing with multiple firmware versions.
It might in some cases be possible that the firmware
file contains multiple CRC checksums.

Create the check_firmware() callback function where the driver
has complete freedom in how to validate the firmware.

Signed-off-by: Ivo van Doorn <IvDoorn@gmail.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/rt2x00/rt2x00.h
drivers/net/wireless/rt2x00/rt2x00firmware.c
drivers/net/wireless/rt2x00/rt2x00reg.h
drivers/net/wireless/rt2x00/rt61pci.c
drivers/net/wireless/rt2x00/rt73usb.c

index 94fb571667fef830880b5bca4c7ddc6ea53d45db..84bd6f19acb0749be1dd6200a99fbe595ca8da49 100644 (file)
@@ -468,9 +468,10 @@ struct rt2x00lib_ops {
         */
        int (*probe_hw) (struct rt2x00_dev *rt2x00dev);
        char *(*get_firmware_name) (struct rt2x00_dev *rt2x00dev);
-       u16 (*get_firmware_crc) (const void *data, const size_t len);
-       int (*load_firmware) (struct rt2x00_dev *rt2x00dev, const void *data,
-                             const size_t len);
+       int (*check_firmware) (struct rt2x00_dev *rt2x00dev,
+                              const u8 *data, const size_t len);
+       int (*load_firmware) (struct rt2x00_dev *rt2x00dev,
+                             const u8 *data, const size_t len);
 
        /*
         * Device initialization/deinitialization handlers.
index 2a7e8bc0016b77066820d71b3f003a18843aff66..d2deea2f2679423952dd19b3324e94042857713c 100644 (file)
@@ -35,7 +35,6 @@ static int rt2x00lib_request_firmware(struct rt2x00_dev *rt2x00dev)
        const struct firmware *fw;
        char *fw_name;
        int retval;
-       u16 crc;
 
        /*
         * Read correct firmware from harddisk.
@@ -61,16 +60,26 @@ static int rt2x00lib_request_firmware(struct rt2x00_dev *rt2x00dev)
                return -ENOENT;
        }
 
-       crc = rt2x00dev->ops->lib->get_firmware_crc(fw->data, fw->size);
-       if (crc != (fw->data[fw->size - 2] << 8 | fw->data[fw->size - 1])) {
-               ERROR(rt2x00dev, "Firmware checksum error.\n");
-               retval = -ENOENT;
-               goto exit;
-       }
-
        INFO(rt2x00dev, "Firmware detected - version: %d.%d.\n",
             fw->data[fw->size - 4], fw->data[fw->size - 3]);
 
+       retval = rt2x00dev->ops->lib->check_firmware(rt2x00dev, fw->data, fw->size);
+       switch (retval) {
+       case FW_OK:
+               break;
+       case FW_BAD_CRC:
+               ERROR(rt2x00dev, "Firmware checksum error.\n");
+               goto exit;
+       case FW_BAD_LENGTH:
+               ERROR(rt2x00dev,
+                     "Invalid firmware file length (len=%zu)\n", fw->size);
+               goto exit;
+       case FW_BAD_VERSION:
+               ERROR(rt2x00dev,
+                     "Current firmware does not support detected chipset.\n");
+               goto exit;
+       };
+
        rt2x00dev->fw = fw;
 
        return 0;
@@ -78,7 +87,7 @@ static int rt2x00lib_request_firmware(struct rt2x00_dev *rt2x00dev)
 exit:
        release_firmware(fw);
 
-       return retval;
+       return -ENOENT;
 }
 
 int rt2x00lib_load_firmware(struct rt2x00_dev *rt2x00dev)
index 9ddc2d07eef8ad6413c9ca42c4e3caf2c51fb789..861322d97fceef064cb46d137bca42e288d75dd6 100644 (file)
@@ -134,6 +134,16 @@ enum rate_modulation {
        RATE_MODE_HT_GREENFIELD = 3,
 };
 
+/*
+ * Firmware validation error codes
+ */
+enum firmware_errors {
+       FW_OK,
+       FW_BAD_CRC,
+       FW_BAD_LENGTH,
+       FW_BAD_VERSION,
+};
+
 /*
  * Register handlers.
  * We store the position of a register field inside a field structure,
index c7ad1b3d4765e4be3766ecf52795998f28db965c..0be147f364e718271539b4f17adf03291a25d37a 100644 (file)
@@ -1176,34 +1176,41 @@ static char *rt61pci_get_firmware_name(struct rt2x00_dev *rt2x00dev)
        return fw_name;
 }
 
-static u16 rt61pci_get_firmware_crc(const void *data, const size_t len)
+static int rt61pci_check_firmware(struct rt2x00_dev *rt2x00dev,
+                                 const u8 *data, const size_t len)
 {
+       u16 fw_crc;
        u16 crc;
 
        /*
-        * Use the crc itu-t algorithm.
+        * Only support 8kb firmware files.
+        */
+       if (len != 8192)
+               return FW_BAD_LENGTH;
+
+       /*
         * The last 2 bytes in the firmware array are the crc checksum itself,
         * this means that we should never pass those 2 bytes to the crc
         * algorithm.
         */
+       fw_crc = (data[len - 2] << 8 | data[len - 1]);
+
+       /*
+        * Use the crc itu-t algorithm.
+        */
        crc = crc_itu_t(0, data, len - 2);
        crc = crc_itu_t_byte(crc, 0);
        crc = crc_itu_t_byte(crc, 0);
 
-       return crc;
+       return (fw_crc == crc) ? FW_OK : FW_BAD_CRC;
 }
 
-static int rt61pci_load_firmware(struct rt2x00_dev *rt2x00dev, const void *data,
-                                const size_t len)
+static int rt61pci_load_firmware(struct rt2x00_dev *rt2x00dev,
+                                const u8 *data, const size_t len)
 {
        int i;
        u32 reg;
 
-       if (len != 8192) {
-               ERROR(rt2x00dev, "Invalid firmware file length (len=%zu)\n", len);
-               return -ENOENT;
-       }
-
        /*
         * Wait for stable hardware.
         */
@@ -2750,7 +2757,7 @@ static const struct rt2x00lib_ops rt61pci_rt2x00_ops = {
        .irq_handler            = rt61pci_interrupt,
        .probe_hw               = rt61pci_probe_hw,
        .get_firmware_name      = rt61pci_get_firmware_name,
-       .get_firmware_crc       = rt61pci_get_firmware_crc,
+       .check_firmware         = rt61pci_check_firmware,
        .load_firmware          = rt61pci_load_firmware,
        .initialize             = rt2x00pci_initialize,
        .uninitialize           = rt2x00pci_uninitialize,
index 24e97b341cf8d2abb84f2aaba3f363e66bb6174c..be791a43c0546167ead05ccbf04e08ec7eb38bf1 100644 (file)
@@ -1061,35 +1061,42 @@ static char *rt73usb_get_firmware_name(struct rt2x00_dev *rt2x00dev)
        return FIRMWARE_RT2571;
 }
 
-static u16 rt73usb_get_firmware_crc(const void *data, const size_t len)
+static int rt73usb_check_firmware(struct rt2x00_dev *rt2x00dev,
+                                 const u8 *data, const size_t len)
 {
+       u16 fw_crc;
        u16 crc;
 
        /*
-        * Use the crc itu-t algorithm.
+        * Only support 2kb firmware files.
+        */
+       if (len != 2048)
+               return FW_BAD_LENGTH;
+
+       /*
         * The last 2 bytes in the firmware array are the crc checksum itself,
         * this means that we should never pass those 2 bytes to the crc
         * algorithm.
         */
+       fw_crc = (data[len - 2] << 8 | data[len - 1]);
+
+       /*
+        * Use the crc itu-t algorithm.
+        */
        crc = crc_itu_t(0, data, len - 2);
        crc = crc_itu_t_byte(crc, 0);
        crc = crc_itu_t_byte(crc, 0);
 
-       return crc;
+       return (fw_crc == crc) ? FW_OK : FW_BAD_CRC;
 }
 
-static int rt73usb_load_firmware(struct rt2x00_dev *rt2x00dev, const void *data,
-                                const size_t len)
+static int rt73usb_load_firmware(struct rt2x00_dev *rt2x00dev,
+                                const u8 *data, const size_t len)
 {
        unsigned int i;
        int status;
        u32 reg;
 
-       if (len != 2048) {
-               ERROR(rt2x00dev, "Invalid firmware file length (len=%zu)\n", len);
-               return -ENOENT;
-       }
-
        /*
         * Wait for stable hardware.
         */
@@ -2278,7 +2285,7 @@ static const struct ieee80211_ops rt73usb_mac80211_ops = {
 static const struct rt2x00lib_ops rt73usb_rt2x00_ops = {
        .probe_hw               = rt73usb_probe_hw,
        .get_firmware_name      = rt73usb_get_firmware_name,
-       .get_firmware_crc       = rt73usb_get_firmware_crc,
+       .check_firmware         = rt73usb_check_firmware,
        .load_firmware          = rt73usb_load_firmware,
        .initialize             = rt2x00usb_initialize,
        .uninitialize           = rt2x00usb_uninitialize,