MIPS: Yosemite, Emma: Fix off-by-two in arcs_cmdline buffer size check
[linux-2.6/linux-mips.git] / drivers / net / wireless / orinoco / fw.c
blob527cf5333db5d9a815afc3ef8856b032cb3030ea
1 /* Firmware file reading and download helpers
3 * See copyright notice in main.c
4 */
5 #include <linux/kernel.h>
6 #include <linux/slab.h>
7 #include <linux/firmware.h>
8 #include <linux/device.h>
10 #include "hermes.h"
11 #include "hermes_dld.h"
12 #include "orinoco.h"
14 #include "fw.h"
16 /* End markers (for Symbol firmware only) */
17 #define TEXT_END 0x1A /* End of text header */
19 struct fw_info {
20 char *pri_fw;
21 char *sta_fw;
22 char *ap_fw;
23 u32 pda_addr;
24 u16 pda_size;
27 static const struct fw_info orinoco_fw[] = {
28 { NULL, "agere_sta_fw.bin", "agere_ap_fw.bin", 0x00390000, 1000 },
29 { NULL, "prism_sta_fw.bin", "prism_ap_fw.bin", 0, 1024 },
30 { "symbol_sp24t_prim_fw", "symbol_sp24t_sec_fw", NULL, 0x00003100, 512 }
32 MODULE_FIRMWARE("agere_sta_fw.bin");
33 MODULE_FIRMWARE("agere_ap_fw.bin");
34 MODULE_FIRMWARE("prism_sta_fw.bin");
35 MODULE_FIRMWARE("prism_ap_fw.bin");
36 MODULE_FIRMWARE("symbol_sp24t_prim_fw");
37 MODULE_FIRMWARE("symbol_sp24t_sec_fw");
39 /* Structure used to access fields in FW
40 * Make sure LE decoding macros are used
42 struct orinoco_fw_header {
43 char hdr_vers[6]; /* ASCII string for header version */
44 __le16 headersize; /* Total length of header */
45 __le32 entry_point; /* NIC entry point */
46 __le32 blocks; /* Number of blocks to program */
47 __le32 block_offset; /* Offset of block data from eof header */
48 __le32 pdr_offset; /* Offset to PDR data from eof header */
49 __le32 pri_offset; /* Offset to primary plug data */
50 __le32 compat_offset; /* Offset to compatibility data*/
51 char signature[0]; /* FW signature length headersize-20 */
52 } __packed;
54 /* Check the range of various header entries. Return a pointer to a
55 * description of the problem, or NULL if everything checks out. */
56 static const char *validate_fw(const struct orinoco_fw_header *hdr, size_t len)
58 u16 hdrsize;
60 if (len < sizeof(*hdr))
61 return "image too small";
62 if (memcmp(hdr->hdr_vers, "HFW", 3) != 0)
63 return "format not recognised";
65 hdrsize = le16_to_cpu(hdr->headersize);
66 if (hdrsize > len)
67 return "bad headersize";
68 if ((hdrsize + le32_to_cpu(hdr->block_offset)) > len)
69 return "bad block offset";
70 if ((hdrsize + le32_to_cpu(hdr->pdr_offset)) > len)
71 return "bad PDR offset";
72 if ((hdrsize + le32_to_cpu(hdr->pri_offset)) > len)
73 return "bad PRI offset";
74 if ((hdrsize + le32_to_cpu(hdr->compat_offset)) > len)
75 return "bad compat offset";
77 /* TODO: consider adding a checksum or CRC to the firmware format */
78 return NULL;
81 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
82 static inline const struct firmware *
83 orinoco_cached_fw_get(struct orinoco_private *priv, bool primary)
85 if (primary)
86 return priv->cached_pri_fw;
87 else
88 return priv->cached_fw;
90 #else
91 #define orinoco_cached_fw_get(priv, primary) (NULL)
92 #endif
94 /* Download either STA or AP firmware into the card. */
95 static int
96 orinoco_dl_firmware(struct orinoco_private *priv,
97 const struct fw_info *fw,
98 int ap)
100 /* Plug Data Area (PDA) */
101 __le16 *pda;
103 struct hermes *hw = &priv->hw;
104 const struct firmware *fw_entry;
105 const struct orinoco_fw_header *hdr;
106 const unsigned char *first_block;
107 const void *end;
108 const char *firmware;
109 const char *fw_err;
110 struct device *dev = priv->dev;
111 int err = 0;
113 pda = kzalloc(fw->pda_size, GFP_KERNEL);
114 if (!pda)
115 return -ENOMEM;
117 if (ap)
118 firmware = fw->ap_fw;
119 else
120 firmware = fw->sta_fw;
122 dev_dbg(dev, "Attempting to download firmware %s\n", firmware);
124 /* Read current plug data */
125 err = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
126 dev_dbg(dev, "Read PDA returned %d\n", err);
127 if (err)
128 goto free;
130 if (!orinoco_cached_fw_get(priv, false)) {
131 err = request_firmware(&fw_entry, firmware, priv->dev);
133 if (err) {
134 dev_err(dev, "Cannot find firmware %s\n", firmware);
135 err = -ENOENT;
136 goto free;
138 } else
139 fw_entry = orinoco_cached_fw_get(priv, false);
141 hdr = (const struct orinoco_fw_header *) fw_entry->data;
143 fw_err = validate_fw(hdr, fw_entry->size);
144 if (fw_err) {
145 dev_warn(dev, "Invalid firmware image detected (%s). "
146 "Aborting download\n", fw_err);
147 err = -EINVAL;
148 goto abort;
151 /* Enable aux port to allow programming */
152 err = hw->ops->program_init(hw, le32_to_cpu(hdr->entry_point));
153 dev_dbg(dev, "Program init returned %d\n", err);
154 if (err != 0)
155 goto abort;
157 /* Program data */
158 first_block = (fw_entry->data +
159 le16_to_cpu(hdr->headersize) +
160 le32_to_cpu(hdr->block_offset));
161 end = fw_entry->data + fw_entry->size;
163 err = hermes_program(hw, first_block, end);
164 dev_dbg(dev, "Program returned %d\n", err);
165 if (err != 0)
166 goto abort;
168 /* Update production data */
169 first_block = (fw_entry->data +
170 le16_to_cpu(hdr->headersize) +
171 le32_to_cpu(hdr->pdr_offset));
173 err = hermes_apply_pda_with_defaults(hw, first_block, end, pda,
174 &pda[fw->pda_size / sizeof(*pda)]);
175 dev_dbg(dev, "Apply PDA returned %d\n", err);
176 if (err)
177 goto abort;
179 /* Tell card we've finished */
180 err = hw->ops->program_end(hw);
181 dev_dbg(dev, "Program end returned %d\n", err);
182 if (err != 0)
183 goto abort;
185 /* Check if we're running */
186 dev_dbg(dev, "hermes_present returned %d\n", hermes_present(hw));
188 abort:
189 /* If we requested the firmware, release it. */
190 if (!orinoco_cached_fw_get(priv, false))
191 release_firmware(fw_entry);
193 free:
194 kfree(pda);
195 return err;
199 * Process a firmware image - stop the card, load the firmware, reset
200 * the card and make sure it responds. For the secondary firmware take
201 * care of the PDA - read it and then write it on top of the firmware.
203 static int
204 symbol_dl_image(struct orinoco_private *priv, const struct fw_info *fw,
205 const unsigned char *image, const void *end,
206 int secondary)
208 struct hermes *hw = &priv->hw;
209 int ret = 0;
210 const unsigned char *ptr;
211 const unsigned char *first_block;
213 /* Plug Data Area (PDA) */
214 __le16 *pda = NULL;
216 /* Binary block begins after the 0x1A marker */
217 ptr = image;
218 while (*ptr++ != TEXT_END);
219 first_block = ptr;
221 /* Read the PDA from EEPROM */
222 if (secondary) {
223 pda = kzalloc(fw->pda_size, GFP_KERNEL);
224 if (!pda)
225 return -ENOMEM;
227 ret = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
228 if (ret)
229 goto free;
232 /* Stop the firmware, so that it can be safely rewritten */
233 if (priv->stop_fw) {
234 ret = priv->stop_fw(priv, 1);
235 if (ret)
236 goto free;
239 /* Program the adapter with new firmware */
240 ret = hermes_program(hw, first_block, end);
241 if (ret)
242 goto free;
244 /* Write the PDA to the adapter */
245 if (secondary) {
246 size_t len = hermes_blocks_length(first_block, end);
247 ptr = first_block + len;
248 ret = hermes_apply_pda(hw, ptr, end, pda,
249 &pda[fw->pda_size / sizeof(*pda)]);
250 kfree(pda);
251 if (ret)
252 return ret;
255 /* Run the firmware */
256 if (priv->stop_fw) {
257 ret = priv->stop_fw(priv, 0);
258 if (ret)
259 return ret;
262 /* Reset hermes chip and make sure it responds */
263 ret = hw->ops->init(hw);
265 /* hermes_reset() should return 0 with the secondary firmware */
266 if (secondary && ret != 0)
267 return -ENODEV;
269 /* And this should work with any firmware */
270 if (!hermes_present(hw))
271 return -ENODEV;
273 return 0;
275 free:
276 kfree(pda);
277 return ret;
282 * Download the firmware into the card, this also does a PCMCIA soft
283 * reset on the card, to make sure it's in a sane state.
285 static int
286 symbol_dl_firmware(struct orinoco_private *priv,
287 const struct fw_info *fw)
289 struct device *dev = priv->dev;
290 int ret;
291 const struct firmware *fw_entry;
293 if (!orinoco_cached_fw_get(priv, true)) {
294 if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) {
295 dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw);
296 return -ENOENT;
298 } else
299 fw_entry = orinoco_cached_fw_get(priv, true);
301 /* Load primary firmware */
302 ret = symbol_dl_image(priv, fw, fw_entry->data,
303 fw_entry->data + fw_entry->size, 0);
305 if (!orinoco_cached_fw_get(priv, true))
306 release_firmware(fw_entry);
307 if (ret) {
308 dev_err(dev, "Primary firmware download failed\n");
309 return ret;
312 if (!orinoco_cached_fw_get(priv, false)) {
313 if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) {
314 dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw);
315 return -ENOENT;
317 } else
318 fw_entry = orinoco_cached_fw_get(priv, false);
320 /* Load secondary firmware */
321 ret = symbol_dl_image(priv, fw, fw_entry->data,
322 fw_entry->data + fw_entry->size, 1);
323 if (!orinoco_cached_fw_get(priv, false))
324 release_firmware(fw_entry);
325 if (ret)
326 dev_err(dev, "Secondary firmware download failed\n");
328 return ret;
331 int orinoco_download(struct orinoco_private *priv)
333 int err = 0;
334 /* Reload firmware */
335 switch (priv->firmware_type) {
336 case FIRMWARE_TYPE_AGERE:
337 /* case FIRMWARE_TYPE_INTERSIL: */
338 err = orinoco_dl_firmware(priv,
339 &orinoco_fw[priv->firmware_type], 0);
340 break;
342 case FIRMWARE_TYPE_SYMBOL:
343 err = symbol_dl_firmware(priv,
344 &orinoco_fw[priv->firmware_type]);
345 break;
346 case FIRMWARE_TYPE_INTERSIL:
347 break;
349 /* TODO: if we fail we probably need to reinitialise
350 * the driver */
352 return err;
355 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
356 void orinoco_cache_fw(struct orinoco_private *priv, int ap)
358 const struct firmware *fw_entry = NULL;
359 const char *pri_fw;
360 const char *fw;
362 pri_fw = orinoco_fw[priv->firmware_type].pri_fw;
363 if (ap)
364 fw = orinoco_fw[priv->firmware_type].ap_fw;
365 else
366 fw = orinoco_fw[priv->firmware_type].sta_fw;
368 if (pri_fw) {
369 if (request_firmware(&fw_entry, pri_fw, priv->dev) == 0)
370 priv->cached_pri_fw = fw_entry;
373 if (fw) {
374 if (request_firmware(&fw_entry, fw, priv->dev) == 0)
375 priv->cached_fw = fw_entry;
379 void orinoco_uncache_fw(struct orinoco_private *priv)
381 if (priv->cached_pri_fw)
382 release_firmware(priv->cached_pri_fw);
383 if (priv->cached_fw)
384 release_firmware(priv->cached_fw);
386 priv->cached_pri_fw = NULL;
387 priv->cached_fw = NULL;
389 #endif