Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / net / wireless / orinoco / fw.c
blob4df8cf64b56ce553d1c1a537741d2f995d414b4c
1 /* Firmware file reading and download helpers
3 * See copyright notice in main.c
4 */
5 #include <linux/kernel.h>
6 #include <linux/slab.h>
7 #include <linux/firmware.h>
8 #include <linux/device.h>
9 #include <linux/module.h>
11 #include "hermes.h"
12 #include "hermes_dld.h"
13 #include "orinoco.h"
15 #include "fw.h"
17 /* End markers (for Symbol firmware only) */
18 #define TEXT_END 0x1A /* End of text header */
20 struct fw_info {
21 char *pri_fw;
22 char *sta_fw;
23 char *ap_fw;
24 u32 pda_addr;
25 u16 pda_size;
28 static const struct fw_info orinoco_fw[] = {
29 { NULL, "agere_sta_fw.bin", "agere_ap_fw.bin", 0x00390000, 1000 },
30 { NULL, "prism_sta_fw.bin", "prism_ap_fw.bin", 0, 1024 },
31 { "symbol_sp24t_prim_fw", "symbol_sp24t_sec_fw", NULL, 0x00003100, 512 }
33 MODULE_FIRMWARE("agere_sta_fw.bin");
34 MODULE_FIRMWARE("agere_ap_fw.bin");
35 MODULE_FIRMWARE("prism_sta_fw.bin");
36 MODULE_FIRMWARE("prism_ap_fw.bin");
37 MODULE_FIRMWARE("symbol_sp24t_prim_fw");
38 MODULE_FIRMWARE("symbol_sp24t_sec_fw");
40 /* Structure used to access fields in FW
41 * Make sure LE decoding macros are used
43 struct orinoco_fw_header {
44 char hdr_vers[6]; /* ASCII string for header version */
45 __le16 headersize; /* Total length of header */
46 __le32 entry_point; /* NIC entry point */
47 __le32 blocks; /* Number of blocks to program */
48 __le32 block_offset; /* Offset of block data from eof header */
49 __le32 pdr_offset; /* Offset to PDR data from eof header */
50 __le32 pri_offset; /* Offset to primary plug data */
51 __le32 compat_offset; /* Offset to compatibility data*/
52 char signature[0]; /* FW signature length headersize-20 */
53 } __packed;
55 /* Check the range of various header entries. Return a pointer to a
56 * description of the problem, or NULL if everything checks out. */
57 static const char *validate_fw(const struct orinoco_fw_header *hdr, size_t len)
59 u16 hdrsize;
61 if (len < sizeof(*hdr))
62 return "image too small";
63 if (memcmp(hdr->hdr_vers, "HFW", 3) != 0)
64 return "format not recognised";
66 hdrsize = le16_to_cpu(hdr->headersize);
67 if (hdrsize > len)
68 return "bad headersize";
69 if ((hdrsize + le32_to_cpu(hdr->block_offset)) > len)
70 return "bad block offset";
71 if ((hdrsize + le32_to_cpu(hdr->pdr_offset)) > len)
72 return "bad PDR offset";
73 if ((hdrsize + le32_to_cpu(hdr->pri_offset)) > len)
74 return "bad PRI offset";
75 if ((hdrsize + le32_to_cpu(hdr->compat_offset)) > len)
76 return "bad compat offset";
78 /* TODO: consider adding a checksum or CRC to the firmware format */
79 return NULL;
82 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
83 static inline const struct firmware *
84 orinoco_cached_fw_get(struct orinoco_private *priv, bool primary)
86 if (primary)
87 return priv->cached_pri_fw;
88 else
89 return priv->cached_fw;
91 #else
92 #define orinoco_cached_fw_get(priv, primary) (NULL)
93 #endif
95 /* Download either STA or AP firmware into the card. */
96 static int
97 orinoco_dl_firmware(struct orinoco_private *priv,
98 const struct fw_info *fw,
99 int ap)
101 /* Plug Data Area (PDA) */
102 __le16 *pda;
104 struct hermes *hw = &priv->hw;
105 const struct firmware *fw_entry;
106 const struct orinoco_fw_header *hdr;
107 const unsigned char *first_block;
108 const void *end;
109 const char *firmware;
110 const char *fw_err;
111 struct device *dev = priv->dev;
112 int err = 0;
114 pda = kzalloc(fw->pda_size, GFP_KERNEL);
115 if (!pda)
116 return -ENOMEM;
118 if (ap)
119 firmware = fw->ap_fw;
120 else
121 firmware = fw->sta_fw;
123 dev_dbg(dev, "Attempting to download firmware %s\n", firmware);
125 /* Read current plug data */
126 err = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
127 dev_dbg(dev, "Read PDA returned %d\n", err);
128 if (err)
129 goto free;
131 if (!orinoco_cached_fw_get(priv, false)) {
132 err = request_firmware(&fw_entry, firmware, priv->dev);
134 if (err) {
135 dev_err(dev, "Cannot find firmware %s\n", firmware);
136 err = -ENOENT;
137 goto free;
139 } else
140 fw_entry = orinoco_cached_fw_get(priv, false);
142 hdr = (const struct orinoco_fw_header *) fw_entry->data;
144 fw_err = validate_fw(hdr, fw_entry->size);
145 if (fw_err) {
146 dev_warn(dev, "Invalid firmware image detected (%s). "
147 "Aborting download\n", fw_err);
148 err = -EINVAL;
149 goto abort;
152 /* Enable aux port to allow programming */
153 err = hw->ops->program_init(hw, le32_to_cpu(hdr->entry_point));
154 dev_dbg(dev, "Program init returned %d\n", err);
155 if (err != 0)
156 goto abort;
158 /* Program data */
159 first_block = (fw_entry->data +
160 le16_to_cpu(hdr->headersize) +
161 le32_to_cpu(hdr->block_offset));
162 end = fw_entry->data + fw_entry->size;
164 err = hermes_program(hw, first_block, end);
165 dev_dbg(dev, "Program returned %d\n", err);
166 if (err != 0)
167 goto abort;
169 /* Update production data */
170 first_block = (fw_entry->data +
171 le16_to_cpu(hdr->headersize) +
172 le32_to_cpu(hdr->pdr_offset));
174 err = hermes_apply_pda_with_defaults(hw, first_block, end, pda,
175 &pda[fw->pda_size / sizeof(*pda)]);
176 dev_dbg(dev, "Apply PDA returned %d\n", err);
177 if (err)
178 goto abort;
180 /* Tell card we've finished */
181 err = hw->ops->program_end(hw);
182 dev_dbg(dev, "Program end returned %d\n", err);
183 if (err != 0)
184 goto abort;
186 /* Check if we're running */
187 dev_dbg(dev, "hermes_present returned %d\n", hermes_present(hw));
189 abort:
190 /* If we requested the firmware, release it. */
191 if (!orinoco_cached_fw_get(priv, false))
192 release_firmware(fw_entry);
194 free:
195 kfree(pda);
196 return err;
200 * Process a firmware image - stop the card, load the firmware, reset
201 * the card and make sure it responds. For the secondary firmware take
202 * care of the PDA - read it and then write it on top of the firmware.
204 static int
205 symbol_dl_image(struct orinoco_private *priv, const struct fw_info *fw,
206 const unsigned char *image, const void *end,
207 int secondary)
209 struct hermes *hw = &priv->hw;
210 int ret = 0;
211 const unsigned char *ptr;
212 const unsigned char *first_block;
214 /* Plug Data Area (PDA) */
215 __le16 *pda = NULL;
217 /* Binary block begins after the 0x1A marker */
218 ptr = image;
219 while (*ptr++ != TEXT_END);
220 first_block = ptr;
222 /* Read the PDA from EEPROM */
223 if (secondary) {
224 pda = kzalloc(fw->pda_size, GFP_KERNEL);
225 if (!pda)
226 return -ENOMEM;
228 ret = hw->ops->read_pda(hw, pda, fw->pda_addr, fw->pda_size);
229 if (ret)
230 goto free;
233 /* Stop the firmware, so that it can be safely rewritten */
234 if (priv->stop_fw) {
235 ret = priv->stop_fw(priv, 1);
236 if (ret)
237 goto free;
240 /* Program the adapter with new firmware */
241 ret = hermes_program(hw, first_block, end);
242 if (ret)
243 goto free;
245 /* Write the PDA to the adapter */
246 if (secondary) {
247 size_t len = hermes_blocks_length(first_block, end);
248 ptr = first_block + len;
249 ret = hermes_apply_pda(hw, ptr, end, pda,
250 &pda[fw->pda_size / sizeof(*pda)]);
251 kfree(pda);
252 if (ret)
253 return ret;
256 /* Run the firmware */
257 if (priv->stop_fw) {
258 ret = priv->stop_fw(priv, 0);
259 if (ret)
260 return ret;
263 /* Reset hermes chip and make sure it responds */
264 ret = hw->ops->init(hw);
266 /* hermes_reset() should return 0 with the secondary firmware */
267 if (secondary && ret != 0)
268 return -ENODEV;
270 /* And this should work with any firmware */
271 if (!hermes_present(hw))
272 return -ENODEV;
274 return 0;
276 free:
277 kfree(pda);
278 return ret;
283 * Download the firmware into the card, this also does a PCMCIA soft
284 * reset on the card, to make sure it's in a sane state.
286 static int
287 symbol_dl_firmware(struct orinoco_private *priv,
288 const struct fw_info *fw)
290 struct device *dev = priv->dev;
291 int ret;
292 const struct firmware *fw_entry;
294 if (!orinoco_cached_fw_get(priv, true)) {
295 if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) {
296 dev_err(dev, "Cannot find firmware: %s\n", fw->pri_fw);
297 return -ENOENT;
299 } else
300 fw_entry = orinoco_cached_fw_get(priv, true);
302 /* Load primary firmware */
303 ret = symbol_dl_image(priv, fw, fw_entry->data,
304 fw_entry->data + fw_entry->size, 0);
306 if (!orinoco_cached_fw_get(priv, true))
307 release_firmware(fw_entry);
308 if (ret) {
309 dev_err(dev, "Primary firmware download failed\n");
310 return ret;
313 if (!orinoco_cached_fw_get(priv, false)) {
314 if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) {
315 dev_err(dev, "Cannot find firmware: %s\n", fw->sta_fw);
316 return -ENOENT;
318 } else
319 fw_entry = orinoco_cached_fw_get(priv, false);
321 /* Load secondary firmware */
322 ret = symbol_dl_image(priv, fw, fw_entry->data,
323 fw_entry->data + fw_entry->size, 1);
324 if (!orinoco_cached_fw_get(priv, false))
325 release_firmware(fw_entry);
326 if (ret)
327 dev_err(dev, "Secondary firmware download failed\n");
329 return ret;
332 int orinoco_download(struct orinoco_private *priv)
334 int err = 0;
335 /* Reload firmware */
336 switch (priv->firmware_type) {
337 case FIRMWARE_TYPE_AGERE:
338 /* case FIRMWARE_TYPE_INTERSIL: */
339 err = orinoco_dl_firmware(priv,
340 &orinoco_fw[priv->firmware_type], 0);
341 break;
343 case FIRMWARE_TYPE_SYMBOL:
344 err = symbol_dl_firmware(priv,
345 &orinoco_fw[priv->firmware_type]);
346 break;
347 case FIRMWARE_TYPE_INTERSIL:
348 break;
350 /* TODO: if we fail we probably need to reinitialise
351 * the driver */
353 return err;
356 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
357 void orinoco_cache_fw(struct orinoco_private *priv, int ap)
359 const struct firmware *fw_entry = NULL;
360 const char *pri_fw;
361 const char *fw;
363 pri_fw = orinoco_fw[priv->firmware_type].pri_fw;
364 if (ap)
365 fw = orinoco_fw[priv->firmware_type].ap_fw;
366 else
367 fw = orinoco_fw[priv->firmware_type].sta_fw;
369 if (pri_fw) {
370 if (request_firmware(&fw_entry, pri_fw, priv->dev) == 0)
371 priv->cached_pri_fw = fw_entry;
374 if (fw) {
375 if (request_firmware(&fw_entry, fw, priv->dev) == 0)
376 priv->cached_fw = fw_entry;
380 void orinoco_uncache_fw(struct orinoco_private *priv)
382 if (priv->cached_pri_fw)
383 release_firmware(priv->cached_pri_fw);
384 if (priv->cached_fw)
385 release_firmware(priv->cached_fw);
387 priv->cached_pri_fw = NULL;
388 priv->cached_fw = NULL;
390 #endif