From: Ian Abbott Date: Wed, 4 Jan 2017 10:55:37 +0000 (+0000) Subject: staging: comedi: daqboard2000: check firmware length X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7cff0b776a7a5d60b9323ece37619ef95e92d12e;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git staging: comedi: daqboard2000: check firmware length Firmware files for DAQBoard/2000 have a header, which is skipped, followed by a sequence of FPGA configuration bytes to be programmed in pairs. The FPGA configuration bytes start with the sequence 0xff, 0x20. Make the firmware loading callback function `daqboard2000_load_firmware()` return an error `-EINVAL` if the FPGA start sequence is not found, or the remaining length is not a multiple of 2. The firmware loading callback tries to program the FPGA up to 3 times until it succeeds or it has tried too many times. Currently, it searches for the FPGA start sequence in the firmware data each time through the retry loop. Change it to adjust the start position and length before entering the loop. Signed-off-by: Ian Abbott Reviewed-by: H Hartley Sweeten Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/comedi/drivers/daqboard2000.c b/drivers/staging/comedi/drivers/daqboard2000.c index e73baba7c312..49feec39c4c6 100644 --- a/drivers/staging/comedi/drivers/daqboard2000.c +++ b/drivers/staging/comedi/drivers/daqboard2000.c @@ -511,6 +511,26 @@ static int daqboard2000_load_firmware(struct comedi_device *dev, int retry; size_t i; + /* Look for FPGA start sequence in firmware. */ + for (i = 0; i + 1 < len; i++) { + if (cpld_array[i] == 0xff && cpld_array[i + 1] == 0x20) + break; + } + if (i + 1 >= len) { + dev_err(dev->class_dev, "bad firmware - no start sequence\n"); + return -EINVAL; + } + /* Check length is even. */ + if ((len - i) & 1) { + dev_err(dev->class_dev, + "bad firmware - odd length (%zu = %zu - %zu)\n", + len - i, len, i); + return -EINVAL; + } + /* Strip firmware header. */ + cpld_array += i; + len -= i; + /* Check to make sure the serial eeprom is present on the board */ cntrl = readl(devpriv->plx + PLX_REG_CNTRL); if (!(cntrl & PLX_CNTRL_EEPRESENT)) @@ -521,11 +541,6 @@ static int daqboard2000_load_firmware(struct comedi_device *dev, daqboard2000_reload_plx(dev); daqboard2000_pulse_prog_pin(dev); if (daqboard2000_poll_cpld(dev, DB2K_CPLD_STATUS_INIT)) { - for (i = 0; i < len; i++) { - if (cpld_array[i] == 0xff && - cpld_array[i + 1] == 0x20) - break; - } for (; i < len; i += 2) { u16 data = (cpld_array[i] << 8) + cpld_array[i + 1];