hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

staging/ft1000-usb: fix problems found by sparse 

In the original code, address space annotations are missing,
which hides a possible unchecked user pointer access.

Two functions use a lot of stack space.

Extern declarations are all in the wrong place, which leads
to type differences between caller and callee in some cases.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Arnd Bergmann 2010-09-30 10:24:10 +02:00 committed by Greg Kroah-Hartman
parent 7cfd8a3720
commit 2a953cfd42
6 changed files with 110 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c
View File

@ -41,13 +41,9 @@
#include "ft1000_usb.h" #include "ft1000_usb.h"
//#include "ft1000_ioctl.h" //#include "ft1000_ioctl.h"
void ft1000_DestroyDevice(struct net_device *dev); static int ft1000_flarion_cnt = 0;
u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx);
extern inline u16 ft1000_asic_read (struct net_device *dev, u16 offset); //need to looking usage of ft1000Handle
extern inline void ft1000_asic_write (struct net_device *dev, u16 offset, u16 value);
extern void CardSendCommand(struct ft1000_device *ft1000dev, unsigned short *ptempbuffer, int size);
static int ft1000_ChOpen (struct inode *Inode, struct file *File); static int ft1000_ChOpen (struct inode *Inode, struct file *File);
static unsigned int ft1000_ChPoll(struct file *file, poll_table *wait); static unsigned int ft1000_ChPoll(struct file *file, poll_table *wait);
@ -55,12 +51,6 @@ static long ft1000_ChIoctl(struct file *File, unsigned int Command,
unsigned long Argument); unsigned long Argument);
static int ft1000_ChRelease (struct inode *Inode, struct file *File); static int ft1000_ChRelease (struct inode *Inode, struct file *File);
static int ft1000_flarion_cnt = 0;
//need to looking usage of ft1000Handle
// Global pointer to device object // Global pointer to device object
static struct ft1000_device *pdevobj[MAX_NUM_CARDS + 2]; static struct ft1000_device *pdevobj[MAX_NUM_CARDS + 2];
//static devfs_handle_t ft1000Handle[MAX_NUM_CARDS]; //static devfs_handle_t ft1000Handle[MAX_NUM_CARDS];
@ -326,7 +316,7 @@ int ft1000_CreateDevice(struct ft1000_device *dev)
info->app_info[i].nRxMsg = 0; info->app_info[i].nRxMsg = 0;
info->app_info[i].nTxMsgReject = 0; info->app_info[i].nTxMsgReject = 0;
info->app_info[i].nRxMsgMiss = 0; info->app_info[i].nRxMsgMiss = 0;
info->app_info[i].fileobject = 0; info->app_info[i].fileobject = NULL;
info->app_info[i].app_id = i+1; info->app_info[i].app_id = i+1;
info->app_info[i].DspBCMsgFlag = 0; info->app_info[i].DspBCMsgFlag = 0;
info->app_info[i].NumOfMsg = 0; info->app_info[i].NumOfMsg = 0;
@ -539,6 +529,7 @@ static unsigned int ft1000_ChPoll(struct file *file, poll_table *wait)
static long ft1000_ChIoctl (struct file *File, unsigned int Command, static long ft1000_ChIoctl (struct file *File, unsigned int Command,
unsigned long Argument) unsigned long Argument)
{ {
void __user *argp = (void __user *)Argument;
struct net_device *dev; struct net_device *dev;
PFT1000_INFO info; PFT1000_INFO info;
struct ft1000_device *ft1000dev; struct ft1000_device *ft1000dev;
@ -579,7 +570,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
switch (cmd) { switch (cmd) {
case IOCTL_REGISTER_CMD: case IOCTL_REGISTER_CMD:
DEBUG("FT1000:ft1000_ChIoctl: IOCTL_FT1000_REGISTER called\n"); DEBUG("FT1000:ft1000_ChIoctl: IOCTL_FT1000_REGISTER called\n");
result = get_user(tempword, (unsigned short *)Argument); result = get_user(tempword, (__u16 __user*)argp);
if (result) { if (result) {
DEBUG("result = %d failed to get_user\n", result); DEBUG("result = %d failed to get_user\n", result);
break; break;
@ -601,7 +592,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
get_ver_data.drv_ver = FT1000_DRV_VER; get_ver_data.drv_ver = FT1000_DRV_VER;
if (copy_to_user((PIOCTL_GET_VER)Argument, &get_ver_data, sizeof(get_ver_data)) ) { if (copy_to_user(argp, &get_ver_data, sizeof(get_ver_data)) ) {
DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n"); DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
result = -EFAULT; result = -EFAULT;
break; break;
@ -651,7 +642,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
do_gettimeofday ( &tv ); do_gettimeofday ( &tv );
get_stat_data.ConTm = (u32)(tv.tv_sec - info->ConTm); get_stat_data.ConTm = (u32)(tv.tv_sec - info->ConTm);
DEBUG("Connection Time = %d\n", (int)get_stat_data.ConTm); DEBUG("Connection Time = %d\n", (int)get_stat_data.ConTm);
if (copy_to_user((PIOCTL_GET_DSP_STAT)Argument, &get_stat_data, sizeof(get_stat_data)) ) { if (copy_to_user(argp, &get_stat_data, sizeof(get_stat_data)) ) {
DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n"); DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
result = -EFAULT; result = -EFAULT;
break; break;
@ -692,7 +683,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
//DEBUG("FT1000:ft1000_ChIoctl: try to SET_DPRAM \n"); //DEBUG("FT1000:ft1000_ChIoctl: try to SET_DPRAM \n");
// Get the length field to see how many bytes to copy // Get the length field to see how many bytes to copy
result = get_user(msgsz, (unsigned short *)Argument); result = get_user(msgsz, (__u16 __user *)argp);
msgsz = ntohs (msgsz); msgsz = ntohs (msgsz);
//DEBUG("FT1000:ft1000_ChIoctl: length of message = %d\n", msgsz); //DEBUG("FT1000:ft1000_ChIoctl: length of message = %d\n", msgsz);
@ -708,7 +699,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
break; break;
//if ( copy_from_user(&(dpram_command.dpram_blk), (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) { //if ( copy_from_user(&(dpram_command.dpram_blk), (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) {
if ( copy_from_user(&dpram_data, (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) { if ( copy_from_user(&dpram_data, argp, msgsz+2) ) {
DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n"); DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
result = -EFAULT; result = -EFAULT;
} }
@ -852,7 +843,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
} }
result = 0; result = 0;
pioctl_dpram = (PIOCTL_DPRAM_BLK)Argument; pioctl_dpram = argp;
if (list_empty(&info->app_info[i].app_sqlist) == 0) { if (list_empty(&info->app_info[i].app_sqlist) == 0) {
//DEBUG("FT1000:ft1000_ChIoctl:Message detected in slow queue\n"); //DEBUG("FT1000:ft1000_ChIoctl:Message detected in slow queue\n");
spin_lock_irqsave(&free_buff_lock, flags); spin_lock_irqsave(&free_buff_lock, flags);
@ -862,7 +853,10 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
//DEBUG("FT1000:ft1000_ChIoctl:NumOfMsg for app %d = %d\n", i, info->app_info[i].NumOfMsg); //DEBUG("FT1000:ft1000_ChIoctl:NumOfMsg for app %d = %d\n", i, info->app_info[i].NumOfMsg);
spin_unlock_irqrestore(&free_buff_lock, flags); spin_unlock_irqrestore(&free_buff_lock, flags);
msglen = ntohs(*(u16 *)pdpram_blk->pbuffer) + PSEUDOSZ; msglen = ntohs(*(u16 *)pdpram_blk->pbuffer) + PSEUDOSZ;
pioctl_dpram->total_len = htons(msglen); /* XXX exploit here */ result = get_user(msglen, &pioctl_dpram->total_len);
if (result)
break;
msglen = htons(msglen);
//DEBUG("FT1000:ft1000_ChIoctl:msg length = %x\n", msglen); //DEBUG("FT1000:ft1000_ChIoctl:msg length = %x\n", msglen);
if(copy_to_user (&pioctl_dpram->pseudohdr, pdpram_blk->pbuffer, msglen)) if(copy_to_user (&pioctl_dpram->pseudohdr, pdpram_blk->pbuffer, msglen))
{ {
@ -935,7 +929,7 @@ static int ft1000_ChRelease (struct inode *Inode, struct file *File)
// initialize application information // initialize application information
info->appcnt--; info->appcnt--;
DEBUG("ft1000_chdev:%s:appcnt = %d\n", __FUNCTION__, info->appcnt); DEBUG("ft1000_chdev:%s:appcnt = %d\n", __FUNCTION__, info->appcnt);
info->app_info[i].fileobject = 0; info->app_info[i].fileobject = NULL;
return 0; return 0;
} }

41
drivers/staging/ft1000/ft1000-usb/ft1000_download.c
View File

@ -133,15 +133,6 @@ typedef struct _DSP_IMAGE_INFO_V6 {
} DSP_IMAGE_INFO_V6, *PDSP_IMAGE_INFO_V6; } DSP_IMAGE_INFO_V6, *PDSP_IMAGE_INFO_V6;
u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx);
u16 ft1000_write_register(struct ft1000_device *ft1000dev, USHORT value, u16 nRegIndx);
u16 ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
u16 ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
u16 ft1000_write_dpram16(struct ft1000_device *ft1000dev, USHORT indx, USHORT value, u8 highlow);
u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Function: getfw // Function: getfw
// //
@ -154,7 +145,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
char *getfw (char *fn, int *pimgsz) char *getfw (char *fn, size_t *pimgsz)
{ {
struct file *fd; struct file *fd;
mm_segment_t fs = get_fs(); mm_segment_t fs = get_fs();
@ -190,7 +181,7 @@ char *getfw (char *fn, int *pimgsz)
return NULL; return NULL;
} }
pos = 0; pos = 0;
if (vfs_read(fd, pfwimg, fwimgsz, &pos) != fwimgsz) { if (vfs_read(fd, (void __user __force*)pfwimg, fwimgsz, &pos) != fwimgsz) {
vfree(pfwimg); vfree(pfwimg);
DEBUG("FT1000:%s:failed to read firmware image\n",__FUNCTION__); DEBUG("FT1000:%s:failed to read firmware image\n",__FUNCTION__);
filp_close(fd, current->files); filp_close(fd, current->files);
@ -216,7 +207,7 @@ char *getfw (char *fn, int *pimgsz)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
ULONG check_usb_db (struct ft1000_device *ft1000dev) static ULONG check_usb_db (struct ft1000_device *ft1000dev)
{ {
int loopcnt; int loopcnt;
USHORT temp; USHORT temp;
@ -295,7 +286,7 @@ ULONG check_usb_db (struct ft1000_device *ft1000dev)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
USHORT get_handshake(struct ft1000_device *ft1000dev, USHORT expected_value) static USHORT get_handshake(struct ft1000_device *ft1000dev, USHORT expected_value)
{ {
USHORT handshake; USHORT handshake;
int loopcnt; int loopcnt;
@ -406,7 +397,7 @@ USHORT get_handshake(struct ft1000_device *ft1000dev, USHORT expected_value)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
void put_handshake(struct ft1000_device *ft1000dev,USHORT handshake_value) static void put_handshake(struct ft1000_device *ft1000dev,USHORT handshake_value)
{ {
ULONG tempx; ULONG tempx;
USHORT tempword; USHORT tempword;
@ -442,7 +433,7 @@ void put_handshake(struct ft1000_device *ft1000dev,USHORT handshake_value)
} }
USHORT get_handshake_usb(struct ft1000_device *ft1000dev, USHORT expected_value) static USHORT get_handshake_usb(struct ft1000_device *ft1000dev, USHORT expected_value)
{ {
USHORT handshake; USHORT handshake;
int loopcnt; int loopcnt;
@ -482,7 +473,7 @@ USHORT get_handshake_usb(struct ft1000_device *ft1000dev, USHORT expected_value)
return HANDSHAKE_TIMEOUT_VALUE; return HANDSHAKE_TIMEOUT_VALUE;
} }
void put_handshake_usb(struct ft1000_device *ft1000dev,USHORT handshake_value) static void put_handshake_usb(struct ft1000_device *ft1000dev,USHORT handshake_value)
{ {
int i; int i;
@ -501,7 +492,7 @@ void put_handshake_usb(struct ft1000_device *ft1000dev,USHORT handshake_value)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
USHORT get_request_type(struct ft1000_device *ft1000dev) static USHORT get_request_type(struct ft1000_device *ft1000dev)
{ {
USHORT request_type; USHORT request_type;
ULONG status; ULONG status;
@ -533,7 +524,7 @@ USHORT get_request_type(struct ft1000_device *ft1000dev)
} }
USHORT get_request_type_usb(struct ft1000_device *ft1000dev) static USHORT get_request_type_usb(struct ft1000_device *ft1000dev)
{ {
USHORT request_type; USHORT request_type;
ULONG status; ULONG status;
@ -577,7 +568,7 @@ USHORT get_request_type_usb(struct ft1000_device *ft1000dev)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
long get_request_value(struct ft1000_device *ft1000dev) static long get_request_value(struct ft1000_device *ft1000dev)
{ {
ULONG value; ULONG value;
USHORT tempword; USHORT tempword;
@ -605,7 +596,8 @@ long get_request_value(struct ft1000_device *ft1000dev)
} }
long get_request_value_usb(struct ft1000_device *ft1000dev) #if 0
static long get_request_value_usb(struct ft1000_device *ft1000dev)
{ {
ULONG value; ULONG value;
USHORT tempword; USHORT tempword;
@ -633,6 +625,7 @@ long get_request_value_usb(struct ft1000_device *ft1000dev)
return value; return value;
} }
#endif
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Function: put_request_value // Function: put_request_value
@ -647,7 +640,7 @@ long get_request_value_usb(struct ft1000_device *ft1000dev)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
void put_request_value(struct ft1000_device *ft1000dev, long lvalue) static void put_request_value(struct ft1000_device *ft1000dev, long lvalue)
{ {
ULONG tempx; ULONG tempx;
ULONG status; ULONG status;
@ -675,7 +668,7 @@ void put_request_value(struct ft1000_device *ft1000dev, long lvalue)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
USHORT hdr_checksum(PPSEUDO_HDR pHdr) static USHORT hdr_checksum(PPSEUDO_HDR pHdr)
{ {
USHORT *usPtr = (USHORT *)pHdr; USHORT *usPtr = (USHORT *)pHdr;
USHORT chksum; USHORT chksum;
@ -705,7 +698,7 @@ USHORT hdr_checksum(PPSEUDO_HDR pHdr)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
ULONG write_blk (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length) static ULONG write_blk (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length)
{ {
ULONG Status = STATUS_SUCCESS; ULONG Status = STATUS_SUCCESS;
USHORT dpram; USHORT dpram;
@ -861,7 +854,7 @@ static void usb_dnld_complete (struct urb *urb)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
ULONG write_blk_fifo (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length) static ULONG write_blk_fifo (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length)
{ {
ULONG Status = STATUS_SUCCESS; ULONG Status = STATUS_SUCCESS;
int byte_length; int byte_length;

89
drivers/staging/ft1000/ft1000-usb/ft1000_hw.c
View File

@ -35,24 +35,12 @@
//#define JDEBUG //#define JDEBUG
static int ft1000_reset(struct net_device *ft1000dev);
extern void *pFileStart; static int ft1000_submit_rx_urb(PFT1000_INFO info);
extern ULONG FileLength;
extern int numofmsgbuf;
int ft1000_poll_thread(void *arg);
static void ft1000_hbchk(u_long data); static void ft1000_hbchk(u_long data);
int ft1000_reset(struct net_device *ft1000dev);
static int ft1000_start_xmit(struct sk_buff *skb, struct net_device *dev); static int ft1000_start_xmit(struct sk_buff *skb, struct net_device *dev);
static int ft1000_open (struct net_device *dev); static int ft1000_open (struct net_device *dev);
int ft1000_close (struct net_device *dev);
static struct net_device_stats *ft1000_netdev_stats(struct net_device *dev); static struct net_device_stats *ft1000_netdev_stats(struct net_device *dev);
u16 scram_dnldr(struct ft1000_device *ft1000dev, void *pFileStart, ULONG FileLength);
int ft1000_submit_rx_urb(PFT1000_INFO info);
static struct timer_list poll_timer[MAX_NUM_CARDS]; static struct timer_list poll_timer[MAX_NUM_CARDS];
static int ft1000_chkcard (struct ft1000_device *dev); static int ft1000_chkcard (struct ft1000_device *dev);
/* /*
@ -67,21 +55,11 @@ static const struct net_device_ops ft1000net_ops = {
//Jim //Jim
static u8 tempbuffer[1600]; static u8 tempbuffer[1600];
int gCardIndex; static int gCardIndex;
#define MAX_RCV_LOOP 100 #define MAX_RCV_LOOP 100
extern struct list_head freercvpool;
extern spinlock_t free_buff_lock; // lock to arbitrate free buffer list for receive command data
//end of Jim
extern int ft1000_CreateDevice(struct ft1000_device *dev);
extern PDPRAM_BLK ft1000_get_buffer (struct list_head *bufflist);
extern void ft1000_free_buffer (PDPRAM_BLK pdpram_blk, struct list_head *plist);
static int atoi(const char *s) static int atoi(const char *s)
{ {
int k = 0; int k = 0;
@ -207,7 +185,7 @@ static int ft1000_control(struct ft1000_device *ft1000dev,unsigned int pipe,
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx) u16 ft1000_read_register(struct ft1000_device *ft1000dev, u16* Data, u16 nRegIndx)
{ {
u16 ret = STATUS_SUCCESS; u16 ret = STATUS_SUCCESS;
@ -472,20 +450,20 @@ u16 ft1000_write_dpram16(struct ft1000_device *ft1000dev, USHORT indx, USHORT va
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer) u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer)
{ {
UCHAR tempbuffer[16]; UCHAR buf[16];
USHORT pos; USHORT pos;
u16 ret = STATUS_SUCCESS; u16 ret = STATUS_SUCCESS;
//DEBUG("fix_ft1000_read_dpram32: indx: %d \n", indx); //DEBUG("fix_ft1000_read_dpram32: indx: %d \n", indx);
pos = (indx / 4)*4; pos = (indx / 4)*4;
ret = ft1000_read_dpram32(ft1000dev, pos, (PUCHAR)&tempbuffer[0], 16); ret = ft1000_read_dpram32(ft1000dev, pos, buf, 16);
if (ret == STATUS_SUCCESS) if (ret == STATUS_SUCCESS)
{ {
pos = (indx % 4)*4; pos = (indx % 4)*4;
*buffer++ = tempbuffer[pos++]; *buffer++ = buf[pos++];
*buffer++ = tempbuffer[pos++]; *buffer++ = buf[pos++];
*buffer++ = tempbuffer[pos++]; *buffer++ = buf[pos++];
*buffer++ = tempbuffer[pos++]; *buffer++ = buf[pos++];
} }
else else
{ {
@ -524,7 +502,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
USHORT pos1; USHORT pos1;
USHORT pos2; USHORT pos2;
USHORT i; USHORT i;
UCHAR tempbuffer[32]; UCHAR buf[32];
UCHAR resultbuffer[32]; UCHAR resultbuffer[32];
PUCHAR pdata; PUCHAR pdata;
u16 ret = STATUS_SUCCESS; u16 ret = STATUS_SUCCESS;
@ -533,15 +511,15 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
pos1 = (indx / 4)*4; pos1 = (indx / 4)*4;
pdata = buffer; pdata = buffer;
ret = ft1000_read_dpram32(ft1000dev, pos1, (PUCHAR)&tempbuffer[0], 16); ret = ft1000_read_dpram32(ft1000dev, pos1, buf, 16);
if (ret == STATUS_SUCCESS) if (ret == STATUS_SUCCESS)
{ {
pos2 = (indx % 4)*4; pos2 = (indx % 4)*4;
tempbuffer[pos2++] = *buffer++; buf[pos2++] = *buffer++;
tempbuffer[pos2++] = *buffer++; buf[pos2++] = *buffer++;
tempbuffer[pos2++] = *buffer++; buf[pos2++] = *buffer++;
tempbuffer[pos2++] = *buffer++; buf[pos2++] = *buffer++;
ret = ft1000_write_dpram32(ft1000dev, pos1, (PUCHAR)&tempbuffer[0], 16); ret = ft1000_write_dpram32(ft1000dev, pos1, buf, 16);
} }
else else
{ {
@ -556,7 +534,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
buffer = pdata; buffer = pdata;
for (i=0; i<16; i++) for (i=0; i<16; i++)
{ {
if (tempbuffer[i] != resultbuffer[i]){ if (buf[i] != resultbuffer[i]){
ret = STATUS_FAILURE; ret = STATUS_FAILURE;
} }
@ -596,7 +574,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
// //
// Returns: None // Returns: None
//----------------------------------------------------------------------- //-----------------------------------------------------------------------
void card_reset_dsp (struct ft1000_device *ft1000dev, BOOLEAN value) static void card_reset_dsp (struct ft1000_device *ft1000dev, BOOLEAN value)
{ {
u16 status = STATUS_SUCCESS; u16 status = STATUS_SUCCESS;
USHORT tempword; USHORT tempword;
@ -645,7 +623,7 @@ void card_reset_dsp (struct ft1000_device *ft1000dev, BOOLEAN value)
// Notes: // Notes:
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
void CardSendCommand(struct ft1000_device *ft1000dev, unsigned char *ptempbuffer, int size) void CardSendCommand(struct ft1000_device *ft1000dev, void *ptempbuffer, int size)
{ {
unsigned short temp; unsigned short temp;
unsigned char *commandbuf; unsigned char *commandbuf;
@ -1202,7 +1180,7 @@ u16 reg_ft1000_netdev(struct ft1000_device *ft1000dev, struct usb_interface *int
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
int ft1000_reset(struct net_device *dev) static int ft1000_reset(struct net_device *dev)
{ {
ft1000_reset_card(dev); ft1000_reset_card(dev);
return 0; return 0;
@ -1432,7 +1410,7 @@ static inline u16 ft1000_read_fifo_len (struct net_device *dev)
// SUCCESS // SUCCESS
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
int ft1000_copy_down_pkt (struct net_device *netdev, u8 *packet, u16 len) static int ft1000_copy_down_pkt (struct net_device *netdev, u8 *packet, u16 len)
{ {
FT1000_INFO *pInfo = netdev_priv(netdev); FT1000_INFO *pInfo = netdev_priv(netdev);
struct ft1000_device *pFt1000Dev = pInfo->pFt1000Dev; struct ft1000_device *pFt1000Dev = pInfo->pFt1000Dev;
@ -1658,7 +1636,7 @@ static int ft1000_start_xmit(struct sk_buff *skb, struct net_device *dev)
// SUCCESS // SUCCESS
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
int ft1000_copy_up_pkt (struct urb *urb) static int ft1000_copy_up_pkt (struct urb *urb)
{ {
PFT1000_INFO info = urb->context; PFT1000_INFO info = urb->context;
struct ft1000_device *ft1000dev = info->pFt1000Dev; struct ft1000_device *ft1000dev = info->pFt1000Dev;
@ -1774,7 +1752,7 @@ int ft1000_copy_up_pkt (struct urb *urb)
// SUCCESS // SUCCESS
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
int ft1000_submit_rx_urb(PFT1000_INFO info) static int ft1000_submit_rx_urb(PFT1000_INFO info)
{ {
int result; int result;
struct ft1000_device *pFt1000Dev = info->pFt1000Dev; struct ft1000_device *pFt1000Dev = info->pFt1000Dev;
@ -2102,7 +2080,7 @@ static void ft1000_hbchk(u_long data)
// = 1 (successful) // = 1 (successful)
// //
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
BOOLEAN ft1000_receive_cmd (struct ft1000_device *dev, u16 *pbuffer, int maxsz, u16 *pnxtph) { static BOOLEAN ft1000_receive_cmd (struct ft1000_device *dev, u16 *pbuffer, int maxsz, u16 *pnxtph) {
u16 size, ret; u16 size, ret;
u16 *ppseudohdr; u16 *ppseudohdr;
int i; int i;
@ -2175,7 +2153,7 @@ BOOLEAN ft1000_receive_cmd (struct ft1000_device *dev, u16 *pbuffer, int maxsz,
} }
int ft1000_dsp_prov(void *arg) static int ft1000_dsp_prov(void *arg)
{ {
struct ft1000_device *dev = (struct ft1000_device *)arg; struct ft1000_device *dev = (struct ft1000_device *)arg;
FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net); FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net);
@ -2263,7 +2241,7 @@ int ft1000_dsp_prov(void *arg)
} }
int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) { static int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net); FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net);
u16 msgtype; u16 msgtype;
u16 tempword; u16 tempword;
@ -2281,9 +2259,11 @@ int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
} convert; } convert;
char cmdbuffer[1600]; char *cmdbuffer = kmalloc(1600, GFP_KERNEL);
if (!cmdbuffer)
return STATUS_FAILURE;
status = ft1000_read_dpram32(dev, 0x200, (PUCHAR)&cmdbuffer[0], size); status = ft1000_read_dpram32(dev, 0x200, cmdbuffer, size);
//if (ft1000_receive_cmd(dev, &cmdbuffer[0], MAX_CMD_SQSIZE, &tempword)) //if (ft1000_receive_cmd(dev, &cmdbuffer[0], MAX_CMD_SQSIZE, &tempword))
@ -2388,7 +2368,7 @@ int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
info->fProvComplete = 0; info->fProvComplete = 0;
status = ft1000_dsp_prov(dev); status = ft1000_dsp_prov(dev);
if (status != STATUS_SUCCESS) if (status != STATUS_SUCCESS)
return status; goto out;
} }
else { else {
info->fProvComplete = 1; info->fProvComplete = 1;
@ -2537,8 +2517,11 @@ int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
} }
status = STATUS_SUCCESS;
out:
kfree(cmdbuffer);
DEBUG("return from ft1000_proc_drvmsg\n"); DEBUG("return from ft1000_proc_drvmsg\n");
return STATUS_SUCCESS; return status;
} }

2
drivers/staging/ft1000/ft1000-usb/ft1000_proc.c
View File

@ -42,7 +42,7 @@ u16 ft1000_read_dpram16 (struct ft1000_device *ft1000dev, USHORT indx,
PUCHAR buffer, u8 highlow); PUCHAR buffer, u8 highlow);
int static int
ft1000ReadProc (char *page, char **start, off_t off, int count, int *eof, ft1000ReadProc (char *page, char **start, off_t off, int count, int *eof,
void *data) void *data)
{ {

21
drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
View File

@ -33,7 +33,7 @@ MODULE_SUPPORTED_DEVICE("QFT FT1000 Express Cards");
void *pFileStart; void *pFileStart;
ULONG FileLength; size_t FileLength;
#define VENDOR_ID 0x1291 /* Qualcomm vendor id */ #define VENDOR_ID 0x1291 /* Qualcomm vendor id */
#define PRODUCT_ID 0x11 /* fake product id */ #define PRODUCT_ID 0x11 /* fake product id */
@ -46,24 +46,7 @@ static struct usb_device_id id_table[] = {
MODULE_DEVICE_TABLE (usb, id_table); MODULE_DEVICE_TABLE (usb, id_table);
extern struct ft1000_device *pdevobj[MAX_NUM_CARDS+2]; static BOOLEAN gPollingfailed = FALSE;
char *getfw (char *fn, int *pimgsz);
int ft1000_close(struct net_device *net);
void dsp_reload (struct ft1000_device *ft1000dev);
u16 init_ft1000_netdev(struct ft1000_device *ft1000dev);
u16 reg_ft1000_netdev(struct ft1000_device *ft1000dev, struct usb_interface *intf);
int ft1000_poll(void* dev_id);
void ft1000_DestroyDevice(struct net_device *dev);
u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx);
BOOLEAN gPollingfailed = FALSE;
void ft1000InitProc(struct net_device *dev);
void ft1000CleanupProc(FT1000_INFO *info);
int ft1000_poll_thread(void *arg);
int ft1000_poll_thread(void *arg) int ft1000_poll_thread(void *arg)
{ {
int ret = STATUS_SUCCESS; int ret = STATUS_SUCCESS;

41
drivers/staging/ft1000/ft1000-usb/ft1000_usb.h
View File

@ -102,7 +102,7 @@ typedef struct _PROV_RECORD {
#define UCHAR u8 #define UCHAR u8
#define USHORT u16 #define USHORT u16
#define ULONG u32 #define ULONG u32 /* WTF ??? */
#define BOOLEAN u8 #define BOOLEAN u8
#define PULONG u32 * #define PULONG u32 *
#define PUSHORT u16 * #define PUSHORT u16 *
@ -152,7 +152,6 @@ typedef struct _PROV_RECORD {
#define CIS_NET_ADDR_OFFSET 0xff0 #define CIS_NET_ADDR_OFFSET 0xff0
#define MEM_TAG 'FLRN'
// MAGNEMITE specific // MAGNEMITE specific
#define FT1000_REG_MAG_UFDR 0x0000 // Uplink FIFO Data Register. #define FT1000_REG_MAG_UFDR 0x0000 // Uplink FIFO Data Register.
@ -605,5 +604,43 @@ typedef struct _DPRAM_BLK {
u16 *pbuffer; u16 *pbuffer;
} __attribute__ ((packed)) DPRAM_BLK, *PDPRAM_BLK; } __attribute__ ((packed)) DPRAM_BLK, *PDPRAM_BLK;
u16 ft1000_read_register(struct ft1000_device *ft1000dev, u16* Data, u16 nRegIndx);
u16 ft1000_write_register(struct ft1000_device *ft1000dev, USHORT value, u16 nRegIndx);
u16 ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
u16 ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
u16 ft1000_write_dpram16(struct ft1000_device *ft1000dev, USHORT indx, USHORT value, u8 highlow);
u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
extern void *pFileStart;
extern size_t FileLength;
extern int numofmsgbuf;
int ft1000_close (struct net_device *dev);
u16 scram_dnldr(struct ft1000_device *ft1000dev, void *pFileStart, ULONG FileLength);
extern struct list_head freercvpool;
extern spinlock_t free_buff_lock; // lock to arbitrate free buffer list for receive command data
int ft1000_CreateDevice(struct ft1000_device *dev);
void ft1000_DestroyDevice(struct net_device *dev);
extern void CardSendCommand(struct ft1000_device *ft1000dev, void *ptempbuffer, int size);
PDPRAM_BLK ft1000_get_buffer (struct list_head *bufflist);
void ft1000_free_buffer (PDPRAM_BLK pdpram_blk, struct list_head *plist);
char *getfw (char *fn, size_t *pimgsz);
void dsp_reload(struct ft1000_device *ft1000dev);
u16 init_ft1000_netdev(struct ft1000_device *ft1000dev);
struct usb_interface;
u16 reg_ft1000_netdev(struct ft1000_device *ft1000dev, struct usb_interface *intf);
int ft1000_poll(void* dev_id);
void ft1000InitProc(struct net_device *dev);
void ft1000CleanupProc(FT1000_INFO *info);
#endif #endif