Staging: bcm: Fix information leak in ioctl: IOCTL_BCM_REGISTER_READ_PRIVATE, IOCTL_B...
authorKevin McKinney <klmckinney1@gmail.com>
Sun, 6 Nov 2011 14:40:11 +0000 (09:40 -0500)
committerGreg Kroah-Hartman <gregkh@suse.de>
Sun, 27 Nov 2011 01:11:58 +0000 (17:11 -0800)
This patch fixes an information leak in ioctl
IOCTL_BCM_REGISTER_READ_PRIVATE and
IOCTL_BCM_EEPROM_REGISTER_READ when determining
the number of bytes to copy to user space.  Function,
usb_control_msg, returns the correct number of
bytes from the hardware.  Instead of using
this value, we were using a value derived from
user space. In this case, this value could be more
than the hardware allocated.  Therefore, this
patch copies the proper number of bytes from
the hardware, and uses this value as the maximum
number of bytes for user space.

Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/staging/bcm/Bcmchar.c
drivers/staging/bcm/InterfaceDld.c
drivers/staging/bcm/InterfaceIdleMode.c
drivers/staging/bcm/InterfaceInit.c
drivers/staging/bcm/InterfaceMisc.c
drivers/staging/bcm/Misc.c
drivers/staging/bcm/nvm.c

index 2fa658eb74dcda1e40fb1e8115a3d1281cccce30..e110d0e68872dfa2421d65f02440f1bab6d4f363 100644 (file)
@@ -161,6 +161,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
        INT Status = STATUS_FAILURE;
        int timeout = 0;
        IOCTL_BUFFER IoBuffer;
+       int bytes;
 
        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Parameters Passed to control IOCTL cmd=0x%X arg=0x%lX", cmd, arg);
 
@@ -230,11 +231,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                if (!temp_buff)
                        return -ENOMEM;
 
-               Status = rdmalt(Adapter, (UINT)sRdmBuffer.Register,
+               bytes = rdmalt(Adapter, (UINT)sRdmBuffer.Register,
                                (PUINT)temp_buff, Bufflen);
-               if (Status == STATUS_SUCCESS) {
-                       if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, IoBuffer.OutputLength))
+               if (bytes > 0) {
+                       Status = STATUS_SUCCESS;
+                       if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, bytes))
                                Status = -EFAULT;
+               } else {
+                       Status = bytes;
                }
 
                kfree(temp_buff);
@@ -318,11 +322,15 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                }
 
                uiTempVar = sRdmBuffer.Register & EEPROM_REJECT_MASK;
-               Status = rdmaltWithLock(Adapter, (UINT)sRdmBuffer.Register, (PUINT)temp_buff, IoBuffer.OutputLength);
+               bytes = rdmaltWithLock(Adapter, (UINT)sRdmBuffer.Register, (PUINT)temp_buff, IoBuffer.OutputLength);
 
-               if (Status == STATUS_SUCCESS)
-                       if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, IoBuffer.OutputLength))
+               if (bytes > 0) {
+                       Status = STATUS_SUCCESS;
+                       if (copy_to_user(IoBuffer.OutputBuffer, temp_buff, bytes))
                                Status = -EFAULT;
+               } else {
+                       Status = bytes;
+               }
 
                kfree(temp_buff);
                break;
@@ -437,12 +445,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        }
                }
 
-               Status = rdmaltWithLock(Adapter, (UINT)GPIO_MODE_REGISTER, (PUINT)ucResetValue, sizeof(UINT));
-
-               if (STATUS_SUCCESS != Status) {
+               bytes = rdmaltWithLock(Adapter, (UINT)GPIO_MODE_REGISTER, (PUINT)ucResetValue, sizeof(UINT));
+               if (bytes < 0) {
+                       Status = bytes;
                        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,
                                        "GPIO_MODE_REGISTER read failed");
                        break;
+               } else {
+                       Status = STATUS_SUCCESS;
                }
 
                /* Set the gpio mode register to output */
@@ -519,12 +529,15 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                uiBit = gpio_info.uiGpioNumber;
 
                /* Set the gpio output register */
-               Status = rdmaltWithLock(Adapter, (UINT)GPIO_PIN_STATE_REGISTER,
+               bytes = rdmaltWithLock(Adapter, (UINT)GPIO_PIN_STATE_REGISTER,
                                        (PUINT)ucRead, sizeof(UINT));
 
-               if (Status != STATUS_SUCCESS) {
+               if (bytes < 0) {
+                       Status = bytes;
                        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "RDM Failed\n");
                        return Status;
+               } else {
+                       Status = STATUS_SUCCESS;
                }
        }
        break;
@@ -590,11 +603,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                }
 
                if (pgpio_multi_info[WIMAX_IDX].uiGPIOMask) {
-                       Status = rdmaltWithLock(Adapter, (UINT)GPIO_PIN_STATE_REGISTER, (PUINT)ucResetValue, sizeof(UINT));
+                       bytes = rdmaltWithLock(Adapter, (UINT)GPIO_PIN_STATE_REGISTER, (PUINT)ucResetValue, sizeof(UINT));
 
-                       if (Status != STATUS_SUCCESS) {
+                       if (bytes < 0) {
+                               Status = bytes;
                                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "RDM to GPIO_PIN_STATE_REGISTER Failed.");
                                return Status;
+                       } else {
+                               Status = STATUS_SUCCESS;
                        }
 
                        pgpio_multi_info[WIMAX_IDX].uiGPIOValue = (*(UINT *)ucResetValue &
@@ -629,11 +645,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                if (copy_from_user(&gpio_multi_mode, IoBuffer.InputBuffer, IoBuffer.InputLength))
                        return -EFAULT;
 
-               Status = rdmaltWithLock(Adapter, (UINT)GPIO_MODE_REGISTER, (PUINT)ucResetValue, sizeof(UINT));
+               bytes = rdmaltWithLock(Adapter, (UINT)GPIO_MODE_REGISTER, (PUINT)ucResetValue, sizeof(UINT));
 
-               if (STATUS_SUCCESS != Status) {
+               if (bytes < 0) {
+                       Status = bytes;
                        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Read of GPIO_MODE_REGISTER failed");
                        return Status;
+               } else {
+                       Status = STATUS_SUCCESS;
                }
 
                /* Validating the request */
index bcd86bbef2fdaf172515fbf8389dd99646a2c249..65c352f35681d352baf8bd6295ede0a90ff8d287 100644 (file)
@@ -62,6 +62,7 @@ int InterfaceFileReadbackFromChip(PVOID arg, struct file *flp, unsigned int on_c
        static int fw_down;
        INT Status = STATUS_SUCCESS;
        PS_INTERFACE_ADAPTER psIntfAdapter = (PS_INTERFACE_ADAPTER)arg;
+       int bytes;
 
        buff = kmalloc(MAX_TRANSFER_CTRL_BYTE_USB, GFP_DMA);
        buff_readback = kmalloc(MAX_TRANSFER_CTRL_BYTE_USB , GFP_DMA);
@@ -94,8 +95,9 @@ int InterfaceFileReadbackFromChip(PVOID arg, struct file *flp, unsigned int on_c
                        break;
                }
 
-               Status = InterfaceRDM(psIntfAdapter, on_chip_loc, buff_readback, len);
-               if (Status) {
+               bytes = InterfaceRDM(psIntfAdapter, on_chip_loc, buff_readback, len);
+               if (bytes < 0) {
+                       Status = bytes;
                        BCM_DEBUG_PRINT(psIntfAdapter->psAdapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "RDM of len %d Failed! %d", len, reg);
                        goto exit;
                }
@@ -302,6 +304,7 @@ static INT buffRdbkVerify(PMINI_ADAPTER Adapter, PUCHAR mappedbuffer, UINT u32Fi
        UINT len = u32FirmwareLength;
        INT retval = STATUS_SUCCESS;
        PUCHAR readbackbuff = kzalloc(MAX_TRANSFER_CTRL_BYTE_USB, GFP_KERNEL);
+       int bytes;
 
        if (NULL == readbackbuff) {
                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "MEMORY ALLOCATION FAILED");
@@ -310,9 +313,10 @@ static INT buffRdbkVerify(PMINI_ADAPTER Adapter, PUCHAR mappedbuffer, UINT u32Fi
 
        while (u32FirmwareLength && !retval) {
                len = MIN_VAL(u32FirmwareLength, MAX_TRANSFER_CTRL_BYTE_USB);
-               retval = rdm(Adapter, u32StartingAddress, readbackbuff, len);
+               bytes = rdm(Adapter, u32StartingAddress, readbackbuff, len);
 
-               if (retval) {
+               if (bytes < 0) {
+                       retval = bytes;
                        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "rdm failed with status %d", retval);
                        break;
                }
index 96fa4ead7930052f3abb3ad9e123eab84f051aca..faeb03e62c06c3174adea0499436bc9d282a9531 100644 (file)
@@ -46,6 +46,7 @@ int InterfaceIdleModeRespond(PMINI_ADAPTER Adapter, unsigned int* puiBuffer)
 {
        int     status = STATUS_SUCCESS;
        unsigned int    uiRegRead = 0;
+       int bytes;
 
        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, IDLE_MODE, DBG_LVL_ALL,"SubType of Message :0x%X", ntohl(*puiBuffer));
 
@@ -77,16 +78,16 @@ int InterfaceIdleModeRespond(PMINI_ADAPTER Adapter, unsigned int* puiBuffer)
                        else if(Adapter->ulPowerSaveMode != DEVICE_POWERSAVE_MODE_AS_PROTOCOL_IDLE_MODE)
                        {
                                //clear on read Register
-                               status = rdmalt(Adapter, DEVICE_INT_OUT_EP_REG0, &uiRegRead, sizeof(uiRegRead));
-                               if(status)
-                               {
+                               bytes = rdmalt(Adapter, DEVICE_INT_OUT_EP_REG0, &uiRegRead, sizeof(uiRegRead));
+                               if (bytes < 0) {
+                                       status = bytes;
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "rdm failed while clearing H/W Abort Reg0");
                                        return status;
                                }
                                //clear on read Register
-                               status = rdmalt (Adapter, DEVICE_INT_OUT_EP_REG1, &uiRegRead, sizeof(uiRegRead));
-                               if(status)
-                               {
+                               bytes = rdmalt(Adapter, DEVICE_INT_OUT_EP_REG1, &uiRegRead, sizeof(uiRegRead));
+                               if (bytes < 0) {
+                                       status = bytes;
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "rdm failed while clearing H/W Abort     Reg1");
                                        return status;
                                }
@@ -117,9 +118,9 @@ int InterfaceIdleModeRespond(PMINI_ADAPTER Adapter, unsigned int* puiBuffer)
                                        Adapter->chip_id== BCS220_3)
                        {
 
-                               status = rdmalt(Adapter, HPM_CONFIG_MSW, &uiRegRead, sizeof(uiRegRead));
-                               if(status)
-                               {
+                               bytes = rdmalt(Adapter, HPM_CONFIG_MSW, &uiRegRead, sizeof(uiRegRead));
+                               if (bytes < 0) {
+                                       status = bytes;
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, IDLE_MODE, DBG_LVL_ALL, "rdm failed while Reading HPM_CONFIG_LDO145 Reg 0\n");
                                        return status;
                                }
@@ -266,6 +267,8 @@ void InterfaceHandleShutdownModeWakeup(PMINI_ADAPTER Adapter)
 {
        unsigned int uiRegVal = 0;
        INT Status = 0;
+       int bytes;
+
        if(Adapter->ulPowerSaveMode == DEVICE_POWERSAVE_MODE_AS_MANUAL_CLOCK_GATING)
        {
                // clear idlemode interrupt.
@@ -282,16 +285,16 @@ void InterfaceHandleShutdownModeWakeup(PMINI_ADAPTER Adapter)
        {
 
         //clear Interrupt EP registers.
-               Status = rdmalt(Adapter,DEVICE_INT_OUT_EP_REG0, &uiRegVal, sizeof(uiRegVal));
-               if(Status)
-               {
+               bytes = rdmalt(Adapter,DEVICE_INT_OUT_EP_REG0, &uiRegVal, sizeof(uiRegVal));
+               if (bytes < 0) {
+                       Status = bytes;
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"RDM of DEVICE_INT_OUT_EP_REG0 failed with Err :%d", Status);
                        return;
                }
 
-        Status = rdmalt(Adapter,DEVICE_INT_OUT_EP_REG1, &uiRegVal, sizeof(uiRegVal));
-               if(Status)
-               {
+               bytes = rdmalt(Adapter,DEVICE_INT_OUT_EP_REG1, &uiRegVal, sizeof(uiRegVal));
+               if (bytes < 0) {
+                       Status = bytes;
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"RDM of DEVICE_INT_OUT_EP_REG1 failed with Err :%d", Status);
                        return;
                }
index a09d35108f04b6a3f78c3d22612e303776a467fe..8e3c586a699c86722610acb3ace3f35ba1f929f3 100644 (file)
@@ -68,7 +68,7 @@ static void InterfaceAdapterFree(PS_INTERFACE_ADAPTER psIntfAdapter)
 static void ConfigureEndPointTypesThroughEEPROM(PMINI_ADAPTER Adapter)
 {
        unsigned long ulReg = 0;
-       int ret;
+       int bytes;
 
        /* Program EP2 MAX_PKT_SIZE */
        ulReg = ntohl(EP2_MPS_REG);
@@ -94,8 +94,8 @@ static void ConfigureEndPointTypesThroughEEPROM(PMINI_ADAPTER Adapter)
        BeceemEEPROMBulkWrite(Adapter, (PUCHAR)&ulReg, 0x140, 4, TRUE);
 
        /* Program TX EP as interrupt(Alternate Setting) */
-       ret = rdmalt(Adapter, 0x0F0110F8, (u32 *)&ulReg, sizeof(u32));
-       if (ret) {
+       bytes = rdmalt(Adapter, 0x0F0110F8, (u32 *)&ulReg, sizeof(u32));
+       if (bytes < 0) {
                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL,
                        "reading of Tx EP failed\n");
                return;
@@ -430,6 +430,7 @@ static int InterfaceAdapterInit(PS_INTERFACE_ADAPTER psIntfAdapter)
        int usedIntOutForBulkTransfer = 0 ;
        BOOLEAN bBcm16 = FALSE;
        UINT uiData = 0;
+       int bytes;
 
        /* Store the usb dev into interface adapter */
        psIntfAdapter->udev = usb_get_dev(interface_to_usbdev(psIntfAdapter->interface));
@@ -438,9 +439,10 @@ static int InterfaceAdapterInit(PS_INTERFACE_ADAPTER psIntfAdapter)
        psIntfAdapter->psAdapter->interface_rdm = BcmRDM;
        psIntfAdapter->psAdapter->interface_wrm = BcmWRM;
 
-       retval = rdmalt(psIntfAdapter->psAdapter, CHIP_ID_REG,
+       bytes = rdmalt(psIntfAdapter->psAdapter, CHIP_ID_REG,
                        (u32 *)&(psIntfAdapter->psAdapter->chip_id), sizeof(u32));
-       if (retval) {
+       if (bytes < 0) {
+               retval = bytes;
                BCM_DEBUG_PRINT(psIntfAdapter->psAdapter, DBG_TYPE_PRINTK, 0, 0, "CHIP ID Read Failed\n");
                return retval;
        }
index 61f878b4f56c1de900d55941e42c6a63bce3e3bd..2218faeaf8acc37944c1b34a878b47d6d3e28a23 100644 (file)
@@ -5,7 +5,7 @@ INT InterfaceRDM(PS_INTERFACE_ADAPTER psIntfAdapter,
                PVOID buff,
                INT len)
 {
-       int retval = 0;
+       int bytes;
        USHORT usRetries = 0;
 
        if (psIntfAdapter == NULL) {
@@ -30,7 +30,7 @@ INT InterfaceRDM(PS_INTERFACE_ADAPTER psIntfAdapter,
        psIntfAdapter->psAdapter->DeviceAccess = TRUE;
 
        do {
-               retval = usb_control_msg(psIntfAdapter->udev,
+               bytes = usb_control_msg(psIntfAdapter->udev,
                                        usb_rcvctrlpipe(psIntfAdapter->udev, 0),
                                        0x02,
                                        0xC2,
@@ -41,22 +41,20 @@ INT InterfaceRDM(PS_INTERFACE_ADAPTER psIntfAdapter,
                                        5000);
 
                usRetries++;
-               if (-ENODEV == retval) {
+               if (-ENODEV == bytes) {
                        psIntfAdapter->psAdapter->device_removed = TRUE;
                        break;
                }
 
-       } while ((retval < 0) && (usRetries < MAX_RDM_WRM_RETIRES));
+       } while ((bytes < 0) && (usRetries < MAX_RDM_WRM_RETIRES));
 
-       if (retval < 0) {
-               BCM_DEBUG_PRINT(psIntfAdapter->psAdapter, DBG_TYPE_OTHERS, RDM, DBG_LVL_ALL, "RDM failed status :%d, retires :%d", retval, usRetries);
-               psIntfAdapter->psAdapter->DeviceAccess = FALSE;
-               return retval;
-       } else {
-               BCM_DEBUG_PRINT(psIntfAdapter->psAdapter, DBG_TYPE_OTHERS, RDM, DBG_LVL_ALL, "RDM sent %d", retval);
-               psIntfAdapter->psAdapter->DeviceAccess = FALSE;
-               return STATUS_SUCCESS;
-       }
+       if (bytes < 0)
+               BCM_DEBUG_PRINT(psIntfAdapter->psAdapter, DBG_TYPE_OTHERS, RDM, DBG_LVL_ALL, "RDM failed status :%d, retires :%d", bytes, usRetries);
+       else
+               BCM_DEBUG_PRINT(psIntfAdapter->psAdapter, DBG_TYPE_OTHERS, RDM, DBG_LVL_ALL, "RDM sent %d", bytes);
+
+       psIntfAdapter->psAdapter->DeviceAccess = FALSE;
+       return bytes;
 }
 
 INT InterfaceWRM(PS_INTERFACE_ADAPTER psIntfAdapter,
index e9f29d5975186ca99a36be687a3cfdb01f7e4a9f..c7725e141fd57eab697d94dabd21de2264fa7b69 100644 (file)
@@ -814,6 +814,7 @@ int reset_card_proc(PMINI_ADAPTER ps_adapter)
        PMINI_ADAPTER Adapter = GET_BCM_ADAPTER(gblpnetdev);
        PS_INTERFACE_ADAPTER psIntfAdapter = NULL;
        unsigned int value = 0, uiResetValue = 0;
+       int bytes;
 
        psIntfAdapter = ((PS_INTERFACE_ADAPTER)(ps_adapter->pvInterfaceAdapter));
        ps_adapter->bDDRInitDone = FALSE;
@@ -848,8 +849,9 @@ int reset_card_proc(PMINI_ADAPTER ps_adapter)
                        ps_adapter->chip_id == BCS250_BC ||
                        ps_adapter->chip_id == BCS220_3) {
 
-                       retval = rdmalt(ps_adapter, HPM_CONFIG_LDO145, &value, sizeof(value));
-                       if (retval < 0) {
+                       bytes = rdmalt(ps_adapter, HPM_CONFIG_LDO145, &value, sizeof(value));
+                       if (bytes < 0) {
+                               retval = bytes;
                                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "read failed with status :%d", retval);
                                goto err_exit;
                        }
@@ -862,8 +864,9 @@ int reset_card_proc(PMINI_ADAPTER ps_adapter)
                        }
                }
        } else {
-               retval = rdmalt(ps_adapter, 0x0f007018, &value, sizeof(value));
-               if (retval < 0) {
+               bytes = rdmalt(ps_adapter, 0x0f007018, &value, sizeof(value));
+               if (bytes < 0) {
+                       retval = bytes;
                        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "read failed with status :%d", retval);
                        goto err_exit;
                }
@@ -925,11 +928,16 @@ err_exit:
 
 int run_card_proc(PMINI_ADAPTER ps_adapter)
 {
+       int status = STATUS_SUCCESS;
+       int bytes;
+
        unsigned int value = 0;
        {
-               if (rdmalt(ps_adapter, CLOCK_RESET_CNTRL_REG_1, &value, sizeof(value)) < 0) {
+               bytes = rdmalt(ps_adapter, CLOCK_RESET_CNTRL_REG_1, &value, sizeof(value));
+               if (bytes < 0) {
+                       status = bytes;
                        BCM_DEBUG_PRINT(ps_adapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "%s:%d\n", __func__, __LINE__);
-                       return STATUS_FAILURE;
+                       return status;
                }
 
                if (ps_adapter->bFlashBoot)
@@ -942,7 +950,7 @@ int run_card_proc(PMINI_ADAPTER ps_adapter)
                        return STATUS_FAILURE;
                }
        }
-       return STATUS_SUCCESS;
+       return status;
 }
 
 int InitCardAndDownloadFirmware(PMINI_ADAPTER ps_adapter)
@@ -1215,6 +1223,7 @@ static unsigned char *ReadMacAddrEEPROM(PMINI_ADAPTER Adapter, ulong dwAddress)
        int status = 0, i = 0;
        unsigned int temp = 0;
        unsigned char *pucmacaddr = kmalloc(MAC_ADDRESS_SIZE, GFP_KERNEL);
+       int bytes;
 
        if (!pucmacaddr) {
                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "No Buffers to Read the EEPROM Address\n");
@@ -1231,8 +1240,9 @@ static unsigned char *ReadMacAddrEEPROM(PMINI_ADAPTER Adapter, ulong dwAddress)
        }
 
        for (i = 0; i < MAC_ADDRESS_SIZE; i++) {
-               status = rdmalt(Adapter, EEPROM_READ_DATA_Q_REG, &temp, sizeof(temp));
-               if (status != STATUS_SUCCESS) {
+               bytes = rdmalt(Adapter, EEPROM_READ_DATA_Q_REG, &temp, sizeof(temp));
+               if (bytes < 0) {
+                       status = bytes;
                        BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "rdm Failed..\n");
                        kfree(pucmacaddr);
                        pucmacaddr = NULL;
@@ -1574,11 +1584,13 @@ void update_per_sf_desc_cnts(PMINI_ADAPTER Adapter)
 {
        INT iIndex = 0;
        u32 uibuff[MAX_TARGET_DSX_BUFFERS];
+       int bytes;
 
        if (!atomic_read(&Adapter->uiMBupdate))
                return;
 
-       if (rdmaltWithLock(Adapter, TARGET_SFID_TXDESC_MAP_LOC, (PUINT)uibuff, sizeof(UINT) * MAX_TARGET_DSX_BUFFERS) < 0) {
+       bytes = rdmaltWithLock(Adapter, TARGET_SFID_TXDESC_MAP_LOC, (PUINT)uibuff, sizeof(UINT) * MAX_TARGET_DSX_BUFFERS);
+       if (bytes < 0) {
                BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "rdm failed\n");
                return;
        }
index 3de0daf5edb2ac73c7b7b6406e70c7930a936d40..7d703cb3c5e0e2e81e3ee1ba84fe41cb78e09f84 100644 (file)
@@ -78,7 +78,7 @@ static UCHAR ReadEEPROMStatusRegister( PMINI_ADAPTER Adapter )
        {
                value=0;
                uiStatus = 0 ;
-               rdmalt( Adapter, EEPROM_SPI_Q_STATUS1_REG,&uiStatus, sizeof(uiStatus));
+               rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG, &uiStatus, sizeof(uiStatus));
                if(Adapter->device_removed == TRUE)
                {
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Modem has got removed hence exiting....");
@@ -93,7 +93,7 @@ static UCHAR ReadEEPROMStatusRegister( PMINI_ADAPTER Adapter )
                        wrmalt( Adapter, EEPROM_SPI_Q_STATUS1_REG, &value, sizeof(value));
 
                        value =0;
-                       rdmalt(Adapter, EEPROM_READ_DATAQ_REG,&value, sizeof(value));
+                       rdmalt(Adapter, EEPROM_READ_DATAQ_REG, &value, sizeof(value));
                        uiData = (UCHAR)value;
 
                        break;
@@ -102,8 +102,8 @@ static UCHAR ReadEEPROMStatusRegister( PMINI_ADAPTER Adapter )
                dwRetries-- ;
                if ( dwRetries == 0 )
                {
-                        rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG,&value, sizeof(value));
-                        rdmalt(Adapter, EEPROM_SPI_Q_STATUS_REG,&value1, sizeof(value1));
+                        rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG, &value, sizeof(value));
+                        rdmalt(Adapter, EEPROM_SPI_Q_STATUS_REG, &value1, sizeof(value1));
                         BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"0x3004 = %x 0x3008 = %x, retries = %d failed.\n",value,value1,  MAX_EEPROM_RETRIES*RETRIES_PER_DELAY);
                        return uiData;
                }
@@ -158,7 +158,7 @@ INT ReadBeceemEEPROMBulk( PMINI_ADAPTER Adapter,
                {
 
                uiStatus = 0;
-               rdmalt( Adapter, EEPROM_SPI_Q_STATUS1_REG, &uiStatus, sizeof(uiStatus));
+               rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG, &uiStatus, sizeof(uiStatus));
                if(Adapter->device_removed == TRUE)
                {
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Modem has got Removed.hence exiting from loop...");
@@ -202,8 +202,8 @@ INT ReadBeceemEEPROMBulk( PMINI_ADAPTER Adapter,
                {
                        value=0;
                        value1=0;
-                       rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG,&value, sizeof(value));
-                       rdmalt(Adapter, EEPROM_SPI_Q_STATUS_REG,&value1, sizeof(value1));
+                       rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG, &value, sizeof(value));
+                       rdmalt(Adapter, EEPROM_SPI_Q_STATUS_REG, &value1, sizeof(value1));
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "dwNumWords %d 0x3004 = %x 0x3008 = %x  retries = %d failed.\n", dwNumWords, value,  value1,  MAX_EEPROM_RETRIES*RETRIES_PER_DELAY);
                        return STATUS_FAILURE;
                }
@@ -217,22 +217,22 @@ INT ReadBeceemEEPROMBulk( PMINI_ADAPTER Adapter,
                pvalue = (PUCHAR)(pdwData + dwIndex);
 
                value =0;
-               rdmalt(Adapter, EEPROM_READ_DATAQ_REG,&value, sizeof(value));
+               rdmalt(Adapter, EEPROM_READ_DATAQ_REG, &value, sizeof(value));
 
                pvalue[0] = value;
 
                value = 0;
-               rdmalt(Adapter, EEPROM_READ_DATAQ_REG,&value, sizeof(value));
+               rdmalt(Adapter, EEPROM_READ_DATAQ_REG, &value, sizeof(value));
 
                pvalue[1] = value;
 
                value =0;
-               rdmalt(Adapter, EEPROM_READ_DATAQ_REG,&value, sizeof(value));
+               rdmalt(Adapter, EEPROM_READ_DATAQ_REG, &value, sizeof(value));
 
                pvalue[2] = value;
 
                value = 0;
-               rdmalt(Adapter, EEPROM_READ_DATAQ_REG,&value, sizeof(value));
+               rdmalt(Adapter, EEPROM_READ_DATAQ_REG, &value, sizeof(value));
 
                pvalue[3] = value;
        }
@@ -445,6 +445,7 @@ static INT BeceemFlashBulkRead(
        UINT uiBytesToRead = uiNumBytes;
        INT Status = 0;
        UINT uiPartOffset = 0;
+       int bytes;
 
        if(Adapter->device_removed )
        {
@@ -469,9 +470,9 @@ static INT BeceemFlashBulkRead(
                uiBytesToRead = MAX_RW_SIZE - (uiOffset%MAX_RW_SIZE);
                uiBytesToRead = MIN(uiNumBytes,uiBytesToRead);
 
-               if(rdm(Adapter,uiPartOffset, (PCHAR)pBuffer+uiIndex,uiBytesToRead))
-               {
-                       Status = -1;
+               bytes = rdm(Adapter, uiPartOffset, (PCHAR)pBuffer+uiIndex, uiBytesToRead);
+               if (bytes < 0) {
+                       Status = bytes;
                        Adapter->SelectedChip = RESET_CHIP_SELECT;
                        return Status;
                }
@@ -488,9 +489,9 @@ static INT BeceemFlashBulkRead(
 
                uiBytesToRead = MIN(uiNumBytes,MAX_RW_SIZE);
 
-               if(rdm(Adapter,uiPartOffset, (PCHAR)pBuffer+uiIndex,uiBytesToRead))
-               {
-                       Status = -1;
+               bytes = rdm(Adapter, uiPartOffset, (PCHAR)pBuffer+uiIndex, uiBytesToRead);
+               if (bytes < 0) {
+                       Status = bytes;
                        break;
                }
 
@@ -613,6 +614,7 @@ static INT FlashSectorErase(PMINI_ADAPTER Adapter,
        UINT iIndex = 0, iRetries = 0;
        UINT uiStatus = 0;
        UINT value;
+       int bytes;
 
        for(iIndex=0;iIndex<numOfSectors;iIndex++)
        {
@@ -632,10 +634,11 @@ static INT FlashSectorErase(PMINI_ADAPTER Adapter,
                                return STATUS_FAILURE;
                        }
 
-                       if(rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus)) < 0 )
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Reading status of FLASH_SPI_READQ_REG fails");
-                               return STATUS_FAILURE;
+                       bytes = rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus));
+                       if (bytes < 0) {
+                               uiStatus = bytes;
+                               BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Reading status of FLASH_SPI_READQ_REG fails");
+                               return uiStatus;
                        }
                        iRetries++;
                        //After every try lets make the CPU free for 10 ms. generally time taken by the
@@ -679,6 +682,7 @@ static INT flashByteWrite(
 
        UINT value;
        ULONG ulData = *(PUCHAR)pData;
+       int bytes;
 
 //
 // need not write 0xFF because write requires an erase and erase will
@@ -720,10 +724,11 @@ static INT flashByteWrite(
                        return STATUS_FAILURE;
                }
                //__udelay(1);
-               if(rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus)) < 0)
-               {
-                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Reading status of FLASH_SPI_READQ_REG fails");
-                       return STATUS_FAILURE;
+               bytes = rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus));
+               if (bytes < 0) {
+                       uiStatus = bytes;
+                       BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Reading status of FLASH_SPI_READQ_REG fails");
+                       return uiStatus;
                }
                iRetries--;
                if( iRetries && ((iRetries % FLASH_PER_RETRIES_DELAY) == 0))
@@ -771,6 +776,7 @@ static INT flashWrite(
 
        UINT value;
        UINT uiErasePattern[4] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+       int bytes;
 //
 // need not write 0xFFFFFFFF because write requires an erase and erase will
 // make whole sector 0xFFFFFFFF.
@@ -803,10 +809,11 @@ static INT flashWrite(
                        return STATUS_FAILURE;
                }
                //__udelay(1);
-               if(rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus)) < 0 )
-               {
-                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Reading status of FLASH_SPI_READQ_REG fails");
-                       return STATUS_FAILURE;
+               bytes = rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus));
+               if (bytes < 0) {
+                       uiStatus = bytes;
+                       BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Reading status of FLASH_SPI_READQ_REG fails");
+                       return uiStatus;
                }
 
                iRetries--;
@@ -849,6 +856,7 @@ static INT flashByteWriteStatus(
        INT  iRetries = MAX_FLASH_RETRIES * FLASH_PER_RETRIES_DELAY; //3
        ULONG ulData  = *(PUCHAR)pData;
        UINT value;
+       int bytes;
 
 //
 // need not write 0xFFFFFFFF because write requires an erase and erase will
@@ -891,10 +899,11 @@ static INT flashByteWriteStatus(
                        return STATUS_FAILURE;
                }
                //__udelay(1);
-               if(rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus)) < 0)
-               {
-                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Reading status of FLASH_SPI_READQ_REG fails");
-                       return STATUS_FAILURE;
+               bytes = rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus));
+               if (bytes < 0) {
+                       uiStatus = bytes;
+                       BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Reading status of FLASH_SPI_READQ_REG fails");
+                       return uiStatus;
                }
 
                iRetries--;
@@ -935,6 +944,7 @@ static INT flashWriteStatus(
        //UINT uiReadBack = 0;
        UINT value;
        UINT uiErasePattern[4] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+       int bytes;
 
 //
 // need not write 0xFFFFFFFF because write requires an erase and erase will
@@ -967,10 +977,11 @@ static INT flashWriteStatus(
                        return STATUS_FAILURE;
                }
                //__udelay(1);
-               if(rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus)) < 0)
-               {
-                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Reading status of FLASH_SPI_READQ_REG fails");
-                       return STATUS_FAILURE;
+               bytes = rdmalt(Adapter, FLASH_SPI_READQ_REG, &uiStatus, sizeof(uiStatus));
+               if (bytes < 0) {
+                       uiStatus = bytes;
+                       BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Reading status of FLASH_SPI_READQ_REG fails");
+                       return uiStatus;
                }
                iRetries--;
                //this will ensure that in there will be no changes in the current path.
@@ -1841,7 +1852,7 @@ static INT BeceemEEPROMWritePage( PMINI_ADAPTER Adapter, UINT uiData[], UINT uiO
         * What we are checking if the previous write has completed, and this
         * may take time. We should wait till the Empty bit is set. */
        uiStatus = 0;
-       rdmalt( Adapter, EEPROM_SPI_Q_STATUS1_REG,&uiStatus, sizeof(uiStatus)) ;
+       rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG, &uiStatus, sizeof(uiStatus));
        while ( ( uiStatus & EEPROM_WRITE_QUEUE_EMPTY ) == 0 )
        {
                uiRetries--;
@@ -1855,7 +1866,7 @@ static INT BeceemEEPROMWritePage( PMINI_ADAPTER Adapter, UINT uiData[], UINT uiO
                                        msleep(1);
 
                uiStatus = 0;
-               rdmalt( Adapter, EEPROM_SPI_Q_STATUS1_REG,&uiStatus, sizeof(uiStatus)) ;
+               rdmalt(Adapter, EEPROM_SPI_Q_STATUS1_REG, &uiStatus, sizeof(uiStatus));
                if(Adapter->device_removed == TRUE)
                {
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Modem got removed hence exiting from loop....");
@@ -2500,7 +2511,7 @@ static ULONG BcmReadFlashRDID(PMINI_ADAPTER Adapter)
 // Read SPI READQ REG. The output will be WWXXYYZZ.
 // The ID is 3Bytes long and is WWXXYY. ZZ needs to be Ignored.
 //
-       rdmalt(Adapter, FLASH_SPI_READQ_REG,(PUINT)&ulRDID, sizeof(ulRDID));
+       rdmalt(Adapter, FLASH_SPI_READQ_REG, (PUINT)&ulRDID, sizeof(ulRDID));
 
        return (ulRDID >>8);
 
@@ -4735,8 +4746,8 @@ static INT BcmDoChipSelect(PMINI_ADAPTER Adapter, UINT offset)
        Adapter->SelectedChip = ChipNum ;
 
        //bit[13..12]  will select the appropriate chip
-       rdmalt(Adapter,FLASH_CONFIG_REG, &FlashConfig, 4);
-       rdmalt(Adapter,FLASH_GPIO_CONFIG_REG, &GPIOConfig, 4);
+       rdmalt(Adapter, FLASH_CONFIG_REG, &FlashConfig, 4);
+       rdmalt(Adapter, FLASH_GPIO_CONFIG_REG, &GPIOConfig, 4);
 
        {
                switch(ChipNum)