From 7cff0b776a7a5d60b9323ece37619ef95e92d12e Mon Sep 17 00:00:00 2001 From: Ian Abbott Date: Wed, 4 Jan 2017 10:55:37 +0000 Subject: [PATCH] staging: comedi: daqboard2000: check firmware length Firmware files for DAQBoard/2000 have a header, which is skipped, followed by a sequence of FPGA configuration bytes to be programmed in pairs. The FPGA configuration bytes start with the sequence 0xff, 0x20. Make the firmware loading callback function `daqboard2000_load_firmware()` return an error `-EINVAL` if the FPGA start sequence is not found, or the remaining length is not a multiple of 2. The firmware loading callback tries to program the FPGA up to 3 times until it succeeds or it has tried too many times. Currently, it searches for the FPGA start sequence in the firmware data each time through the retry loop. Change it to adjust the start position and length before entering the loop. Signed-off-by: Ian Abbott Reviewed-by: H Hartley Sweeten Signed-off-by: Greg Kroah-Hartman --- drivers/staging/comedi/drivers/daqboard2000.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/drivers/staging/comedi/drivers/daqboard2000.c b/drivers/staging/comedi/drivers/daqboard2000.c index e73baba7..49feec3 100644 --- a/drivers/staging/comedi/drivers/daqboard2000.c +++ b/drivers/staging/comedi/drivers/daqboard2000.c @@ -511,6 +511,26 @@ static int daqboard2000_load_firmware(struct comedi_device *dev, int retry; size_t i; + /* Look for FPGA start sequence in firmware. */ + for (i = 0; i + 1 < len; i++) { + if (cpld_array[i] == 0xff && cpld_array[i + 1] == 0x20) + break; + } + if (i + 1 >= len) { + dev_err(dev->class_dev, "bad firmware - no start sequence\n"); + return -EINVAL; + } + /* Check length is even. */ + if ((len - i) & 1) { + dev_err(dev->class_dev, + "bad firmware - odd length (%zu = %zu - %zu)\n", + len - i, len, i); + return -EINVAL; + } + /* Strip firmware header. */ + cpld_array += i; + len -= i; + /* Check to make sure the serial eeprom is present on the board */ cntrl = readl(devpriv->plx + PLX_REG_CNTRL); if (!(cntrl & PLX_CNTRL_EEPRESENT)) @@ -521,11 +541,6 @@ static int daqboard2000_load_firmware(struct comedi_device *dev, daqboard2000_reload_plx(dev); daqboard2000_pulse_prog_pin(dev); if (daqboard2000_poll_cpld(dev, DB2K_CPLD_STATUS_INIT)) { - for (i = 0; i < len; i++) { - if (cpld_array[i] == 0xff && - cpld_array[i + 1] == 0x20) - break; - } for (; i < len; i += 2) { u16 data = (cpld_array[i] << 8) + cpld_array[i + 1]; -- 2.7.4