aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArnd Bergmann <arnd@arndb.de>2010-09-30 04:24:10 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2010-10-05 11:50:14 -0400
commit2a953cfd42c00bab00e792422f7c2064c5f0b410 (patch)
treeb778ac83e76de8c5c5644e5061cc19b649f5e8cf
parent7cfd8a3720c0d266e402c5f6c688a63c213491df (diff)
staging/ft1000-usb: fix problems found by sparse
In the original code, address space annotations are missing, which hides a possible unchecked user pointer access. Two functions use a lot of stack space. Extern declarations are all in the wrong place, which leads to type differences between caller and callee in some cases. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat
-rw-r--r--drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c36
-rw-r--r--drivers/staging/ft1000/ft1000-usb/ft1000_download.c41
-rw-r--r--drivers/staging/ft1000/ft1000-usb/ft1000_hw.c89
-rw-r--r--drivers/staging/ft1000/ft1000-usb/ft1000_proc.c2
-rw-r--r--drivers/staging/ft1000/ft1000-usb/ft1000_usb.c21
-rw-r--r--drivers/staging/ft1000/ft1000-usb/ft1000_usb.h41
6 files changed, 110 insertions, 120 deletions
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c b/drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c
index 282deeba4ec..46e72e4b91f 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_chdev.c
@@ -41,13 +41,9 @@
41#include "ft1000_usb.h" 41#include "ft1000_usb.h"
42//#include "ft1000_ioctl.h" 42//#include "ft1000_ioctl.h"
43 43
44void ft1000_DestroyDevice(struct net_device *dev); 44static int ft1000_flarion_cnt = 0;
45u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
46u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx);
47 45
48extern inline u16 ft1000_asic_read (struct net_device *dev, u16 offset); 46//need to looking usage of ft1000Handle
49extern inline void ft1000_asic_write (struct net_device *dev, u16 offset, u16 value);
50extern void CardSendCommand(struct ft1000_device *ft1000dev, unsigned short *ptempbuffer, int size);
51 47
52static int ft1000_ChOpen (struct inode *Inode, struct file *File); 48static int ft1000_ChOpen (struct inode *Inode, struct file *File);
53static unsigned int ft1000_ChPoll(struct file *file, poll_table *wait); 49static unsigned int ft1000_ChPoll(struct file *file, poll_table *wait);
@@ -55,12 +51,6 @@ static long ft1000_ChIoctl(struct file *File, unsigned int Command,
55 unsigned long Argument); 51 unsigned long Argument);
56static int ft1000_ChRelease (struct inode *Inode, struct file *File); 52static int ft1000_ChRelease (struct inode *Inode, struct file *File);
57 53
58static int ft1000_flarion_cnt = 0;
59
60//need to looking usage of ft1000Handle
61
62
63
64// Global pointer to device object 54// Global pointer to device object
65static struct ft1000_device *pdevobj[MAX_NUM_CARDS + 2]; 55static struct ft1000_device *pdevobj[MAX_NUM_CARDS + 2];
66//static devfs_handle_t ft1000Handle[MAX_NUM_CARDS]; 56//static devfs_handle_t ft1000Handle[MAX_NUM_CARDS];
@@ -326,7 +316,7 @@ int ft1000_CreateDevice(struct ft1000_device *dev)
326 info->app_info[i].nRxMsg = 0; 316 info->app_info[i].nRxMsg = 0;
327 info->app_info[i].nTxMsgReject = 0; 317 info->app_info[i].nTxMsgReject = 0;
328 info->app_info[i].nRxMsgMiss = 0; 318 info->app_info[i].nRxMsgMiss = 0;
329 info->app_info[i].fileobject = 0; 319 info->app_info[i].fileobject = NULL;
330 info->app_info[i].app_id = i+1; 320 info->app_info[i].app_id = i+1;
331 info->app_info[i].DspBCMsgFlag = 0; 321 info->app_info[i].DspBCMsgFlag = 0;
332 info->app_info[i].NumOfMsg = 0; 322 info->app_info[i].NumOfMsg = 0;
@@ -539,6 +529,7 @@ static unsigned int ft1000_ChPoll(struct file *file, poll_table *wait)
539static long ft1000_ChIoctl (struct file *File, unsigned int Command, 529static long ft1000_ChIoctl (struct file *File, unsigned int Command,
540 unsigned long Argument) 530 unsigned long Argument)
541{ 531{
532 void __user *argp = (void __user *)Argument;
542 struct net_device *dev; 533 struct net_device *dev;
543 PFT1000_INFO info; 534 PFT1000_INFO info;
544 struct ft1000_device *ft1000dev; 535 struct ft1000_device *ft1000dev;
@@ -579,7 +570,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
579 switch (cmd) { 570 switch (cmd) {
580 case IOCTL_REGISTER_CMD: 571 case IOCTL_REGISTER_CMD:
581 DEBUG("FT1000:ft1000_ChIoctl: IOCTL_FT1000_REGISTER called\n"); 572 DEBUG("FT1000:ft1000_ChIoctl: IOCTL_FT1000_REGISTER called\n");
582 result = get_user(tempword, (unsigned short *)Argument); 573 result = get_user(tempword, (__u16 __user*)argp);
583 if (result) { 574 if (result) {
584 DEBUG("result = %d failed to get_user\n", result); 575 DEBUG("result = %d failed to get_user\n", result);
585 break; 576 break;
@@ -601,7 +592,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
601 592
602 get_ver_data.drv_ver = FT1000_DRV_VER; 593 get_ver_data.drv_ver = FT1000_DRV_VER;
603 594
604 if (copy_to_user((PIOCTL_GET_VER)Argument, &get_ver_data, sizeof(get_ver_data)) ) { 595 if (copy_to_user(argp, &get_ver_data, sizeof(get_ver_data)) ) {
605 DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n"); 596 DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
606 result = -EFAULT; 597 result = -EFAULT;
607 break; 598 break;
@@ -651,7 +642,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
651 do_gettimeofday ( &tv ); 642 do_gettimeofday ( &tv );
652 get_stat_data.ConTm = (u32)(tv.tv_sec - info->ConTm); 643 get_stat_data.ConTm = (u32)(tv.tv_sec - info->ConTm);
653 DEBUG("Connection Time = %d\n", (int)get_stat_data.ConTm); 644 DEBUG("Connection Time = %d\n", (int)get_stat_data.ConTm);
654 if (copy_to_user((PIOCTL_GET_DSP_STAT)Argument, &get_stat_data, sizeof(get_stat_data)) ) { 645 if (copy_to_user(argp, &get_stat_data, sizeof(get_stat_data)) ) {
655 DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n"); 646 DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
656 result = -EFAULT; 647 result = -EFAULT;
657 break; 648 break;
@@ -692,7 +683,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
692 //DEBUG("FT1000:ft1000_ChIoctl: try to SET_DPRAM \n"); 683 //DEBUG("FT1000:ft1000_ChIoctl: try to SET_DPRAM \n");
693 684
694 // Get the length field to see how many bytes to copy 685 // Get the length field to see how many bytes to copy
695 result = get_user(msgsz, (unsigned short *)Argument); 686 result = get_user(msgsz, (__u16 __user *)argp);
696 msgsz = ntohs (msgsz); 687 msgsz = ntohs (msgsz);
697 //DEBUG("FT1000:ft1000_ChIoctl: length of message = %d\n", msgsz); 688 //DEBUG("FT1000:ft1000_ChIoctl: length of message = %d\n", msgsz);
698 689
@@ -708,7 +699,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
708 break; 699 break;
709 700
710 //if ( copy_from_user(&(dpram_command.dpram_blk), (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) { 701 //if ( copy_from_user(&(dpram_command.dpram_blk), (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) {
711 if ( copy_from_user(&dpram_data, (PIOCTL_DPRAM_BLK)Argument, msgsz+2) ) { 702 if ( copy_from_user(&dpram_data, argp, msgsz+2) ) {
712 DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n"); 703 DEBUG("FT1000:ft1000_ChIoctl: copy fault occurred\n");
713 result = -EFAULT; 704 result = -EFAULT;
714 } 705 }
@@ -852,7 +843,7 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
852 } 843 }
853 844
854 result = 0; 845 result = 0;
855 pioctl_dpram = (PIOCTL_DPRAM_BLK)Argument; 846 pioctl_dpram = argp;
856 if (list_empty(&info->app_info[i].app_sqlist) == 0) { 847 if (list_empty(&info->app_info[i].app_sqlist) == 0) {
857 //DEBUG("FT1000:ft1000_ChIoctl:Message detected in slow queue\n"); 848 //DEBUG("FT1000:ft1000_ChIoctl:Message detected in slow queue\n");
858 spin_lock_irqsave(&free_buff_lock, flags); 849 spin_lock_irqsave(&free_buff_lock, flags);
@@ -862,7 +853,10 @@ static long ft1000_ChIoctl (struct file *File, unsigned int Command,
862 //DEBUG("FT1000:ft1000_ChIoctl:NumOfMsg for app %d = %d\n", i, info->app_info[i].NumOfMsg); 853 //DEBUG("FT1000:ft1000_ChIoctl:NumOfMsg for app %d = %d\n", i, info->app_info[i].NumOfMsg);
863 spin_unlock_irqrestore(&free_buff_lock, flags); 854 spin_unlock_irqrestore(&free_buff_lock, flags);
864 msglen = ntohs(*(u16 *)pdpram_blk->pbuffer) + PSEUDOSZ; 855 msglen = ntohs(*(u16 *)pdpram_blk->pbuffer) + PSEUDOSZ;
865 pioctl_dpram->total_len = htons(msglen); /* XXX exploit here */ 856 result = get_user(msglen, &pioctl_dpram->total_len);
857 if (result)
858 break;
859 msglen = htons(msglen);
866 //DEBUG("FT1000:ft1000_ChIoctl:msg length = %x\n", msglen); 860 //DEBUG("FT1000:ft1000_ChIoctl:msg length = %x\n", msglen);
867 if(copy_to_user (&pioctl_dpram->pseudohdr, pdpram_blk->pbuffer, msglen)) 861 if(copy_to_user (&pioctl_dpram->pseudohdr, pdpram_blk->pbuffer, msglen))
868 { 862 {
@@ -935,7 +929,7 @@ static int ft1000_ChRelease (struct inode *Inode, struct file *File)
935 // initialize application information 929 // initialize application information
936 info->appcnt--; 930 info->appcnt--;
937 DEBUG("ft1000_chdev:%s:appcnt = %d\n", __FUNCTION__, info->appcnt); 931 DEBUG("ft1000_chdev:%s:appcnt = %d\n", __FUNCTION__, info->appcnt);
938 info->app_info[i].fileobject = 0; 932 info->app_info[i].fileobject = NULL;
939 933
940 return 0; 934 return 0;
941} 935}
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_download.c b/drivers/staging/ft1000/ft1000-usb/ft1000_download.c
index c71a1f4732a..ba07d5d8504 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_download.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_download.c
@@ -133,15 +133,6 @@ typedef struct _DSP_IMAGE_INFO_V6 {
133} DSP_IMAGE_INFO_V6, *PDSP_IMAGE_INFO_V6; 133} DSP_IMAGE_INFO_V6, *PDSP_IMAGE_INFO_V6;
134 134
135 135
136u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx);
137u16 ft1000_write_register(struct ft1000_device *ft1000dev, USHORT value, u16 nRegIndx);
138u16 ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
139u16 ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
140u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
141u16 ft1000_write_dpram16(struct ft1000_device *ft1000dev, USHORT indx, USHORT value, u8 highlow);
142u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
143u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
144
145//--------------------------------------------------------------------------- 136//---------------------------------------------------------------------------
146// Function: getfw 137// Function: getfw
147// 138//
@@ -154,7 +145,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
154// Notes: 145// Notes:
155// 146//
156//--------------------------------------------------------------------------- 147//---------------------------------------------------------------------------
157char *getfw (char *fn, int *pimgsz) 148char *getfw (char *fn, size_t *pimgsz)
158{ 149{
159 struct file *fd; 150 struct file *fd;
160 mm_segment_t fs = get_fs(); 151 mm_segment_t fs = get_fs();
@@ -190,7 +181,7 @@ char *getfw (char *fn, int *pimgsz)
190 return NULL; 181 return NULL;
191 } 182 }
192 pos = 0; 183 pos = 0;
193 if (vfs_read(fd, pfwimg, fwimgsz, &pos) != fwimgsz) { 184 if (vfs_read(fd, (void __user __force*)pfwimg, fwimgsz, &pos) != fwimgsz) {
194 vfree(pfwimg); 185 vfree(pfwimg);
195 DEBUG("FT1000:%s:failed to read firmware image\n",__FUNCTION__); 186 DEBUG("FT1000:%s:failed to read firmware image\n",__FUNCTION__);
196 filp_close(fd, current->files); 187 filp_close(fd, current->files);
@@ -216,7 +207,7 @@ char *getfw (char *fn, int *pimgsz)
216// Notes: 207// Notes:
217// 208//
218//--------------------------------------------------------------------------- 209//---------------------------------------------------------------------------
219ULONG check_usb_db (struct ft1000_device *ft1000dev) 210static ULONG check_usb_db (struct ft1000_device *ft1000dev)
220{ 211{
221 int loopcnt; 212 int loopcnt;
222 USHORT temp; 213 USHORT temp;
@@ -295,7 +286,7 @@ ULONG check_usb_db (struct ft1000_device *ft1000dev)
295// Notes: 286// Notes:
296// 287//
297//--------------------------------------------------------------------------- 288//---------------------------------------------------------------------------
298USHORT get_handshake(struct ft1000_device *ft1000dev, USHORT expected_value) 289static USHORT get_handshake(struct ft1000_device *ft1000dev, USHORT expected_value)
299{ 290{
300 USHORT handshake; 291 USHORT handshake;
301 int loopcnt; 292 int loopcnt;
@@ -406,7 +397,7 @@ USHORT get_handshake(struct ft1000_device *ft1000dev, USHORT expected_value)
406// Notes: 397// Notes:
407// 398//
408//--------------------------------------------------------------------------- 399//---------------------------------------------------------------------------
409void put_handshake(struct ft1000_device *ft1000dev,USHORT handshake_value) 400static void put_handshake(struct ft1000_device *ft1000dev,USHORT handshake_value)
410{ 401{
411 ULONG tempx; 402 ULONG tempx;
412 USHORT tempword; 403 USHORT tempword;
@@ -442,7 +433,7 @@ void put_handshake(struct ft1000_device *ft1000dev,USHORT handshake_value)
442 433
443} 434}
444 435
445USHORT get_handshake_usb(struct ft1000_device *ft1000dev, USHORT expected_value) 436static USHORT get_handshake_usb(struct ft1000_device *ft1000dev, USHORT expected_value)
446{ 437{
447 USHORT handshake; 438 USHORT handshake;
448 int loopcnt; 439 int loopcnt;
@@ -482,7 +473,7 @@ USHORT get_handshake_usb(struct ft1000_device *ft1000dev, USHORT expected_value)
482 return HANDSHAKE_TIMEOUT_VALUE; 473 return HANDSHAKE_TIMEOUT_VALUE;
483} 474}
484 475
485void put_handshake_usb(struct ft1000_device *ft1000dev,USHORT handshake_value) 476static void put_handshake_usb(struct ft1000_device *ft1000dev,USHORT handshake_value)
486{ 477{
487 int i; 478 int i;
488 479
@@ -501,7 +492,7 @@ void put_handshake_usb(struct ft1000_device *ft1000dev,USHORT handshake_value)
501// Notes: 492// Notes:
502// 493//
503//--------------------------------------------------------------------------- 494//---------------------------------------------------------------------------
504USHORT get_request_type(struct ft1000_device *ft1000dev) 495static USHORT get_request_type(struct ft1000_device *ft1000dev)
505{ 496{
506 USHORT request_type; 497 USHORT request_type;
507 ULONG status; 498 ULONG status;
@@ -533,7 +524,7 @@ USHORT get_request_type(struct ft1000_device *ft1000dev)
533 524
534} 525}
535 526
536USHORT get_request_type_usb(struct ft1000_device *ft1000dev) 527static USHORT get_request_type_usb(struct ft1000_device *ft1000dev)
537{ 528{
538 USHORT request_type; 529 USHORT request_type;
539 ULONG status; 530 ULONG status;
@@ -577,7 +568,7 @@ USHORT get_request_type_usb(struct ft1000_device *ft1000dev)
577// Notes: 568// Notes:
578// 569//
579//--------------------------------------------------------------------------- 570//---------------------------------------------------------------------------
580long get_request_value(struct ft1000_device *ft1000dev) 571static long get_request_value(struct ft1000_device *ft1000dev)
581{ 572{
582 ULONG value; 573 ULONG value;
583 USHORT tempword; 574 USHORT tempword;
@@ -605,7 +596,8 @@ long get_request_value(struct ft1000_device *ft1000dev)
605 596
606} 597}
607 598
608long get_request_value_usb(struct ft1000_device *ft1000dev) 599#if 0
600static long get_request_value_usb(struct ft1000_device *ft1000dev)
609{ 601{
610 ULONG value; 602 ULONG value;
611 USHORT tempword; 603 USHORT tempword;
@@ -633,6 +625,7 @@ long get_request_value_usb(struct ft1000_device *ft1000dev)
633 return value; 625 return value;
634 626
635} 627}
628#endif
636 629
637//--------------------------------------------------------------------------- 630//---------------------------------------------------------------------------
638// Function: put_request_value 631// Function: put_request_value
@@ -647,7 +640,7 @@ long get_request_value_usb(struct ft1000_device *ft1000dev)
647// Notes: 640// Notes:
648// 641//
649//--------------------------------------------------------------------------- 642//---------------------------------------------------------------------------
650void put_request_value(struct ft1000_device *ft1000dev, long lvalue) 643static void put_request_value(struct ft1000_device *ft1000dev, long lvalue)
651{ 644{
652 ULONG tempx; 645 ULONG tempx;
653 ULONG status; 646 ULONG status;
@@ -675,7 +668,7 @@ void put_request_value(struct ft1000_device *ft1000dev, long lvalue)
675// Notes: 668// Notes:
676// 669//
677//--------------------------------------------------------------------------- 670//---------------------------------------------------------------------------
678USHORT hdr_checksum(PPSEUDO_HDR pHdr) 671static USHORT hdr_checksum(PPSEUDO_HDR pHdr)
679{ 672{
680 USHORT *usPtr = (USHORT *)pHdr; 673 USHORT *usPtr = (USHORT *)pHdr;
681 USHORT chksum; 674 USHORT chksum;
@@ -705,7 +698,7 @@ USHORT hdr_checksum(PPSEUDO_HDR pHdr)
705// Notes: 698// Notes:
706// 699//
707//--------------------------------------------------------------------------- 700//---------------------------------------------------------------------------
708ULONG write_blk (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length) 701static ULONG write_blk (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length)
709{ 702{
710 ULONG Status = STATUS_SUCCESS; 703 ULONG Status = STATUS_SUCCESS;
711 USHORT dpram; 704 USHORT dpram;
@@ -861,7 +854,7 @@ static void usb_dnld_complete (struct urb *urb)
861// Notes: 854// Notes:
862// 855//
863//--------------------------------------------------------------------------- 856//---------------------------------------------------------------------------
864ULONG write_blk_fifo (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length) 857static ULONG write_blk_fifo (struct ft1000_device *ft1000dev, USHORT **pUsFile, UCHAR **pUcFile, long word_length)
865{ 858{
866 ULONG Status = STATUS_SUCCESS; 859 ULONG Status = STATUS_SUCCESS;
867 int byte_length; 860 int byte_length;
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c b/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c
index 4c3b1dbcd33..44395c0d882 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_hw.c
@@ -35,24 +35,12 @@
35 35
36//#define JDEBUG 36//#define JDEBUG
37 37
38 38static int ft1000_reset(struct net_device *ft1000dev);
39extern void *pFileStart; 39static int ft1000_submit_rx_urb(PFT1000_INFO info);
40extern ULONG FileLength;
41
42
43extern int numofmsgbuf;
44
45
46int ft1000_poll_thread(void *arg);
47
48static void ft1000_hbchk(u_long data); 40static void ft1000_hbchk(u_long data);
49int ft1000_reset(struct net_device *ft1000dev);
50static int ft1000_start_xmit(struct sk_buff *skb, struct net_device *dev); 41static int ft1000_start_xmit(struct sk_buff *skb, struct net_device *dev);
51static int ft1000_open (struct net_device *dev); 42static int ft1000_open (struct net_device *dev);
52int ft1000_close (struct net_device *dev);
53static struct net_device_stats *ft1000_netdev_stats(struct net_device *dev); 43static struct net_device_stats *ft1000_netdev_stats(struct net_device *dev);
54u16 scram_dnldr(struct ft1000_device *ft1000dev, void *pFileStart, ULONG FileLength);
55int ft1000_submit_rx_urb(PFT1000_INFO info);
56static struct timer_list poll_timer[MAX_NUM_CARDS]; 44static struct timer_list poll_timer[MAX_NUM_CARDS];
57static int ft1000_chkcard (struct ft1000_device *dev); 45static int ft1000_chkcard (struct ft1000_device *dev);
58/* 46/*
@@ -67,21 +55,11 @@ static const struct net_device_ops ft1000net_ops = {
67//Jim 55//Jim
68 56
69static u8 tempbuffer[1600]; 57static u8 tempbuffer[1600];
70int gCardIndex; 58static int gCardIndex;
71 59
72#define MAX_RCV_LOOP 100 60#define MAX_RCV_LOOP 100
73 61
74 62
75extern struct list_head freercvpool;
76extern spinlock_t free_buff_lock; // lock to arbitrate free buffer list for receive command data
77
78//end of Jim
79
80extern int ft1000_CreateDevice(struct ft1000_device *dev);
81extern PDPRAM_BLK ft1000_get_buffer (struct list_head *bufflist);
82extern void ft1000_free_buffer (PDPRAM_BLK pdpram_blk, struct list_head *plist);
83
84
85static int atoi(const char *s) 63static int atoi(const char *s)
86{ 64{
87 int k = 0; 65 int k = 0;
@@ -207,7 +185,7 @@ static int ft1000_control(struct ft1000_device *ft1000dev,unsigned int pipe,
207// 185//
208//--------------------------------------------------------------------------- 186//---------------------------------------------------------------------------
209 187
210u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx) 188u16 ft1000_read_register(struct ft1000_device *ft1000dev, u16* Data, u16 nRegIndx)
211{ 189{
212 u16 ret = STATUS_SUCCESS; 190 u16 ret = STATUS_SUCCESS;
213 191
@@ -472,20 +450,20 @@ u16 ft1000_write_dpram16(struct ft1000_device *ft1000dev, USHORT indx, USHORT va
472//--------------------------------------------------------------------------- 450//---------------------------------------------------------------------------
473u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer) 451u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer)
474{ 452{
475 UCHAR tempbuffer[16]; 453 UCHAR buf[16];
476 USHORT pos; 454 USHORT pos;
477 u16 ret = STATUS_SUCCESS; 455 u16 ret = STATUS_SUCCESS;
478 456
479 //DEBUG("fix_ft1000_read_dpram32: indx: %d \n", indx); 457 //DEBUG("fix_ft1000_read_dpram32: indx: %d \n", indx);
480 pos = (indx / 4)*4; 458 pos = (indx / 4)*4;
481 ret = ft1000_read_dpram32(ft1000dev, pos, (PUCHAR)&tempbuffer[0], 16); 459 ret = ft1000_read_dpram32(ft1000dev, pos, buf, 16);
482 if (ret == STATUS_SUCCESS) 460 if (ret == STATUS_SUCCESS)
483 { 461 {
484 pos = (indx % 4)*4; 462 pos = (indx % 4)*4;
485 *buffer++ = tempbuffer[pos++]; 463 *buffer++ = buf[pos++];
486 *buffer++ = tempbuffer[pos++]; 464 *buffer++ = buf[pos++];
487 *buffer++ = tempbuffer[pos++]; 465 *buffer++ = buf[pos++];
488 *buffer++ = tempbuffer[pos++]; 466 *buffer++ = buf[pos++];
489 } 467 }
490 else 468 else
491 { 469 {
@@ -524,7 +502,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
524 USHORT pos1; 502 USHORT pos1;
525 USHORT pos2; 503 USHORT pos2;
526 USHORT i; 504 USHORT i;
527 UCHAR tempbuffer[32]; 505 UCHAR buf[32];
528 UCHAR resultbuffer[32]; 506 UCHAR resultbuffer[32];
529 PUCHAR pdata; 507 PUCHAR pdata;
530 u16 ret = STATUS_SUCCESS; 508 u16 ret = STATUS_SUCCESS;
@@ -533,15 +511,15 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
533 511
534 pos1 = (indx / 4)*4; 512 pos1 = (indx / 4)*4;
535 pdata = buffer; 513 pdata = buffer;
536 ret = ft1000_read_dpram32(ft1000dev, pos1, (PUCHAR)&tempbuffer[0], 16); 514 ret = ft1000_read_dpram32(ft1000dev, pos1, buf, 16);
537 if (ret == STATUS_SUCCESS) 515 if (ret == STATUS_SUCCESS)
538 { 516 {
539 pos2 = (indx % 4)*4; 517 pos2 = (indx % 4)*4;
540 tempbuffer[pos2++] = *buffer++; 518 buf[pos2++] = *buffer++;
541 tempbuffer[pos2++] = *buffer++; 519 buf[pos2++] = *buffer++;
542 tempbuffer[pos2++] = *buffer++; 520 buf[pos2++] = *buffer++;
543 tempbuffer[pos2++] = *buffer++; 521 buf[pos2++] = *buffer++;
544 ret = ft1000_write_dpram32(ft1000dev, pos1, (PUCHAR)&tempbuffer[0], 16); 522 ret = ft1000_write_dpram32(ft1000dev, pos1, buf, 16);
545 } 523 }
546 else 524 else
547 { 525 {
@@ -556,7 +534,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
556 buffer = pdata; 534 buffer = pdata;
557 for (i=0; i<16; i++) 535 for (i=0; i<16; i++)
558 { 536 {
559 if (tempbuffer[i] != resultbuffer[i]){ 537 if (buf[i] != resultbuffer[i]){
560 538
561 ret = STATUS_FAILURE; 539 ret = STATUS_FAILURE;
562 } 540 }
@@ -596,7 +574,7 @@ u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHA
596// 574//
597// Returns: None 575// Returns: None
598//----------------------------------------------------------------------- 576//-----------------------------------------------------------------------
599void card_reset_dsp (struct ft1000_device *ft1000dev, BOOLEAN value) 577static void card_reset_dsp (struct ft1000_device *ft1000dev, BOOLEAN value)
600{ 578{
601 u16 status = STATUS_SUCCESS; 579 u16 status = STATUS_SUCCESS;
602 USHORT tempword; 580 USHORT tempword;
@@ -645,7 +623,7 @@ void card_reset_dsp (struct ft1000_device *ft1000dev, BOOLEAN value)
645// Notes: 623// Notes:
646// 624//
647//--------------------------------------------------------------------------- 625//---------------------------------------------------------------------------
648void CardSendCommand(struct ft1000_device *ft1000dev, unsigned char *ptempbuffer, int size) 626void CardSendCommand(struct ft1000_device *ft1000dev, void *ptempbuffer, int size)
649{ 627{
650 unsigned short temp; 628 unsigned short temp;
651 unsigned char *commandbuf; 629 unsigned char *commandbuf;
@@ -1202,7 +1180,7 @@ u16 reg_ft1000_netdev(struct ft1000_device *ft1000dev, struct usb_interface *int
1202 return STATUS_SUCCESS; 1180 return STATUS_SUCCESS;
1203} 1181}
1204 1182
1205int ft1000_reset(struct net_device *dev) 1183static int ft1000_reset(struct net_device *dev)
1206{ 1184{
1207 ft1000_reset_card(dev); 1185 ft1000_reset_card(dev);
1208 return 0; 1186 return 0;
@@ -1432,7 +1410,7 @@ static inline u16 ft1000_read_fifo_len (struct net_device *dev)
1432// SUCCESS 1410// SUCCESS
1433// 1411//
1434//--------------------------------------------------------------------------- 1412//---------------------------------------------------------------------------
1435int ft1000_copy_down_pkt (struct net_device *netdev, u8 *packet, u16 len) 1413static int ft1000_copy_down_pkt (struct net_device *netdev, u8 *packet, u16 len)
1436{ 1414{
1437 FT1000_INFO *pInfo = netdev_priv(netdev); 1415 FT1000_INFO *pInfo = netdev_priv(netdev);
1438 struct ft1000_device *pFt1000Dev = pInfo->pFt1000Dev; 1416 struct ft1000_device *pFt1000Dev = pInfo->pFt1000Dev;
@@ -1658,7 +1636,7 @@ static int ft1000_start_xmit(struct sk_buff *skb, struct net_device *dev)
1658// SUCCESS 1636// SUCCESS
1659// 1637//
1660//--------------------------------------------------------------------------- 1638//---------------------------------------------------------------------------
1661int ft1000_copy_up_pkt (struct urb *urb) 1639static int ft1000_copy_up_pkt (struct urb *urb)
1662{ 1640{
1663 PFT1000_INFO info = urb->context; 1641 PFT1000_INFO info = urb->context;
1664 struct ft1000_device *ft1000dev = info->pFt1000Dev; 1642 struct ft1000_device *ft1000dev = info->pFt1000Dev;
@@ -1774,7 +1752,7 @@ int ft1000_copy_up_pkt (struct urb *urb)
1774// SUCCESS 1752// SUCCESS
1775// 1753//
1776//--------------------------------------------------------------------------- 1754//---------------------------------------------------------------------------
1777int ft1000_submit_rx_urb(PFT1000_INFO info) 1755static int ft1000_submit_rx_urb(PFT1000_INFO info)
1778{ 1756{
1779 int result; 1757 int result;
1780 struct ft1000_device *pFt1000Dev = info->pFt1000Dev; 1758 struct ft1000_device *pFt1000Dev = info->pFt1000Dev;
@@ -2102,7 +2080,7 @@ static void ft1000_hbchk(u_long data)
2102// = 1 (successful) 2080// = 1 (successful)
2103// 2081//
2104//--------------------------------------------------------------------------- 2082//---------------------------------------------------------------------------
2105BOOLEAN ft1000_receive_cmd (struct ft1000_device *dev, u16 *pbuffer, int maxsz, u16 *pnxtph) { 2083static BOOLEAN ft1000_receive_cmd (struct ft1000_device *dev, u16 *pbuffer, int maxsz, u16 *pnxtph) {
2106 u16 size, ret; 2084 u16 size, ret;
2107 u16 *ppseudohdr; 2085 u16 *ppseudohdr;
2108 int i; 2086 int i;
@@ -2175,7 +2153,7 @@ BOOLEAN ft1000_receive_cmd (struct ft1000_device *dev, u16 *pbuffer, int maxsz,
2175} 2153}
2176 2154
2177 2155
2178int ft1000_dsp_prov(void *arg) 2156static int ft1000_dsp_prov(void *arg)
2179{ 2157{
2180 struct ft1000_device *dev = (struct ft1000_device *)arg; 2158 struct ft1000_device *dev = (struct ft1000_device *)arg;
2181 FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net); 2159 FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net);
@@ -2263,7 +2241,7 @@ int ft1000_dsp_prov(void *arg)
2263} 2241}
2264 2242
2265 2243
2266int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) { 2244static int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
2267 FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net); 2245 FT1000_INFO *info = (FT1000_INFO *) netdev_priv (dev->net);
2268 u16 msgtype; 2246 u16 msgtype;
2269 u16 tempword; 2247 u16 tempword;
@@ -2281,9 +2259,11 @@ int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
2281 } convert; 2259 } convert;
2282 2260
2283 2261
2284 char cmdbuffer[1600]; 2262 char *cmdbuffer = kmalloc(1600, GFP_KERNEL);
2263 if (!cmdbuffer)
2264 return STATUS_FAILURE;
2285 2265
2286 status = ft1000_read_dpram32(dev, 0x200, (PUCHAR)&cmdbuffer[0], size); 2266 status = ft1000_read_dpram32(dev, 0x200, cmdbuffer, size);
2287 2267
2288 2268
2289 //if (ft1000_receive_cmd(dev, &cmdbuffer[0], MAX_CMD_SQSIZE, &tempword)) 2269 //if (ft1000_receive_cmd(dev, &cmdbuffer[0], MAX_CMD_SQSIZE, &tempword))
@@ -2388,7 +2368,7 @@ int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
2388 info->fProvComplete = 0; 2368 info->fProvComplete = 0;
2389 status = ft1000_dsp_prov(dev); 2369 status = ft1000_dsp_prov(dev);
2390 if (status != STATUS_SUCCESS) 2370 if (status != STATUS_SUCCESS)
2391 return status; 2371 goto out;
2392 } 2372 }
2393 else { 2373 else {
2394 info->fProvComplete = 1; 2374 info->fProvComplete = 1;
@@ -2537,8 +2517,11 @@ int ft1000_proc_drvmsg (struct ft1000_device *dev, u16 size) {
2537 2517
2538 } 2518 }
2539 2519
2520 status = STATUS_SUCCESS;
2521out:
2522 kfree(cmdbuffer);
2540 DEBUG("return from ft1000_proc_drvmsg\n"); 2523 DEBUG("return from ft1000_proc_drvmsg\n");
2541 return STATUS_SUCCESS; 2524 return status;
2542} 2525}
2543 2526
2544 2527
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_proc.c b/drivers/staging/ft1000/ft1000-usb/ft1000_proc.c
index 80faba51167..d1ef396c13d 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_proc.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_proc.c
@@ -42,7 +42,7 @@ u16 ft1000_read_dpram16 (struct ft1000_device *ft1000dev, USHORT indx,
42 PUCHAR buffer, u8 highlow); 42 PUCHAR buffer, u8 highlow);
43 43
44 44
45int 45static int
46ft1000ReadProc (char *page, char **start, off_t off, int count, int *eof, 46ft1000ReadProc (char *page, char **start, off_t off, int count, int *eof,
47 void *data) 47 void *data)
48{ 48{
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
index f708c091e5c..4aef1c43e61 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.c
@@ -33,7 +33,7 @@ MODULE_SUPPORTED_DEVICE("QFT FT1000 Express Cards");
33 33
34 34
35void *pFileStart; 35void *pFileStart;
36ULONG FileLength; 36size_t FileLength;
37 37
38#define VENDOR_ID 0x1291 /* Qualcomm vendor id */ 38#define VENDOR_ID 0x1291 /* Qualcomm vendor id */
39#define PRODUCT_ID 0x11 /* fake product id */ 39#define PRODUCT_ID 0x11 /* fake product id */
@@ -46,24 +46,7 @@ static struct usb_device_id id_table[] = {
46 46
47MODULE_DEVICE_TABLE (usb, id_table); 47MODULE_DEVICE_TABLE (usb, id_table);
48 48
49extern struct ft1000_device *pdevobj[MAX_NUM_CARDS+2]; 49static BOOLEAN gPollingfailed = FALSE;
50
51char *getfw (char *fn, int *pimgsz);
52
53int ft1000_close(struct net_device *net);
54void dsp_reload (struct ft1000_device *ft1000dev);
55u16 init_ft1000_netdev(struct ft1000_device *ft1000dev);
56u16 reg_ft1000_netdev(struct ft1000_device *ft1000dev, struct usb_interface *intf);
57int ft1000_poll(void* dev_id);
58void ft1000_DestroyDevice(struct net_device *dev);
59u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
60u16 ft1000_read_register(struct ft1000_device *ft1000dev, short* Data, u16 nRegIndx);
61BOOLEAN gPollingfailed = FALSE;
62
63void ft1000InitProc(struct net_device *dev);
64void ft1000CleanupProc(FT1000_INFO *info);
65int ft1000_poll_thread(void *arg);
66
67int ft1000_poll_thread(void *arg) 50int ft1000_poll_thread(void *arg)
68{ 51{
69 int ret = STATUS_SUCCESS; 52 int ret = STATUS_SUCCESS;
diff --git a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.h b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.h
index a64d4680131..b0ab91856d8 100644
--- a/drivers/staging/ft1000/ft1000-usb/ft1000_usb.h
+++ b/drivers/staging/ft1000/ft1000-usb/ft1000_usb.h
@@ -102,7 +102,7 @@ typedef struct _PROV_RECORD {
102 102
103#define UCHAR u8 103#define UCHAR u8
104#define USHORT u16 104#define USHORT u16
105#define ULONG u32 105#define ULONG u32 /* WTF ??? */
106#define BOOLEAN u8 106#define BOOLEAN u8
107#define PULONG u32 * 107#define PULONG u32 *
108#define PUSHORT u16 * 108#define PUSHORT u16 *
@@ -152,7 +152,6 @@ typedef struct _PROV_RECORD {
152 152
153#define CIS_NET_ADDR_OFFSET 0xff0 153#define CIS_NET_ADDR_OFFSET 0xff0
154 154
155#define MEM_TAG 'FLRN'
156// MAGNEMITE specific 155// MAGNEMITE specific
157 156
158#define FT1000_REG_MAG_UFDR 0x0000 // Uplink FIFO Data Register. 157#define FT1000_REG_MAG_UFDR 0x0000 // Uplink FIFO Data Register.
@@ -605,5 +604,43 @@ typedef struct _DPRAM_BLK {
605 u16 *pbuffer; 604 u16 *pbuffer;
606} __attribute__ ((packed)) DPRAM_BLK, *PDPRAM_BLK; 605} __attribute__ ((packed)) DPRAM_BLK, *PDPRAM_BLK;
607 606
607u16 ft1000_read_register(struct ft1000_device *ft1000dev, u16* Data, u16 nRegIndx);
608u16 ft1000_write_register(struct ft1000_device *ft1000dev, USHORT value, u16 nRegIndx);
609u16 ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
610u16 ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, USHORT cnt);
611u16 ft1000_read_dpram16(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer, u8 highlow);
612u16 ft1000_write_dpram16(struct ft1000_device *ft1000dev, USHORT indx, USHORT value, u8 highlow);
613u16 fix_ft1000_read_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
614u16 fix_ft1000_write_dpram32(struct ft1000_device *ft1000dev, USHORT indx, PUCHAR buffer);
615
616extern void *pFileStart;
617extern size_t FileLength;
618extern int numofmsgbuf;
619
620int ft1000_close (struct net_device *dev);
621u16 scram_dnldr(struct ft1000_device *ft1000dev, void *pFileStart, ULONG FileLength);
622
623extern struct list_head freercvpool;
624extern spinlock_t free_buff_lock; // lock to arbitrate free buffer list for receive command data
625
626int ft1000_CreateDevice(struct ft1000_device *dev);
627void ft1000_DestroyDevice(struct net_device *dev);
628extern void CardSendCommand(struct ft1000_device *ft1000dev, void *ptempbuffer, int size);
629
630PDPRAM_BLK ft1000_get_buffer (struct list_head *bufflist);
631void ft1000_free_buffer (PDPRAM_BLK pdpram_blk, struct list_head *plist);
632
633char *getfw (char *fn, size_t *pimgsz);
634
635void dsp_reload(struct ft1000_device *ft1000dev);
636u16 init_ft1000_netdev(struct ft1000_device *ft1000dev);
637struct usb_interface;
638u16 reg_ft1000_netdev(struct ft1000_device *ft1000dev, struct usb_interface *intf);
639int ft1000_poll(void* dev_id);
640
641void ft1000InitProc(struct net_device *dev);
642void ft1000CleanupProc(FT1000_INFO *info);
643
644
608 645
609#endif 646#endif
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-23 04:29:23 -0400