aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/serial/io_ti.c
diff options
context:
space:
mode:
authorJohan Hovold <jhovold@gmail.com>2009-12-28 17:01:50 -0500
committerGreg Kroah-Hartman <gregkh@suse.de>2010-03-02 17:53:53 -0500
commite9305d2f4b5ffa9ea0261212d542956bede2a2ff (patch)
treeef00931fe5031ce1a2513ee4dd78a7cbe8993d8e /drivers/usb/serial/io_ti.c
parent974fccb7aba8ca4ff887836e26c0ac4c99d041ca (diff)
USB: io_ti: fix DMA buffers on stack
Signed-off-by: Johan Hovold <jhovold@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/serial/io_ti.c')
-rw-r--r--drivers/usb/serial/io_ti.c66
1 files changed, 48 insertions, 18 deletions
diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
index d4cc0f7af400..1691f07548db 100644
--- a/drivers/usb/serial/io_ti.c
+++ b/drivers/usb/serial/io_ti.c
@@ -413,11 +413,18 @@ static int write_boot_mem(struct edgeport_serial *serial,
413{ 413{
414 int status = 0; 414 int status = 0;
415 int i; 415 int i;
416 __u8 temp; 416 u8 *temp;
417 417
418 /* Must do a read before write */ 418 /* Must do a read before write */
419 if (!serial->TiReadI2C) { 419 if (!serial->TiReadI2C) {
420 status = read_boot_mem(serial, 0, 1, &temp); 420 temp = kmalloc(1, GFP_KERNEL);
421 if (!temp) {
422 dev_err(&serial->serial->dev->dev,
423 "%s - out of memory\n", __func__);
424 return -ENOMEM;
425 }
426 status = read_boot_mem(serial, 0, 1, temp);
427 kfree(temp);
421 if (status) 428 if (status)
422 return status; 429 return status;
423 } 430 }
@@ -935,37 +942,47 @@ static int build_i2c_fw_hdr(__u8 *header, struct device *dev)
935static int i2c_type_bootmode(struct edgeport_serial *serial) 942static int i2c_type_bootmode(struct edgeport_serial *serial)
936{ 943{
937 int status; 944 int status;
938 __u8 data; 945 u8 *data;
946
947 data = kmalloc(1, GFP_KERNEL);
948 if (!data) {
949 dev_err(&serial->serial->dev->dev,
950 "%s - out of memory\n", __func__);
951 return -ENOMEM;
952 }
939 953
940 /* Try to read type 2 */ 954 /* Try to read type 2 */
941 status = ti_vread_sync(serial->serial->dev, UMPC_MEMORY_READ, 955 status = ti_vread_sync(serial->serial->dev, UMPC_MEMORY_READ,
942 DTK_ADDR_SPACE_I2C_TYPE_II, 0, &data, 0x01); 956 DTK_ADDR_SPACE_I2C_TYPE_II, 0, data, 0x01);
943 if (status) 957 if (status)
944 dbg("%s - read 2 status error = %d", __func__, status); 958 dbg("%s - read 2 status error = %d", __func__, status);
945 else 959 else
946 dbg("%s - read 2 data = 0x%x", __func__, data); 960 dbg("%s - read 2 data = 0x%x", __func__, *data);
947 if ((!status) && (data == UMP5152 || data == UMP3410)) { 961 if ((!status) && (*data == UMP5152 || *data == UMP3410)) {
948 dbg("%s - ROM_TYPE_II", __func__); 962 dbg("%s - ROM_TYPE_II", __func__);
949 serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_II; 963 serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_II;
950 return 0; 964 goto out;
951 } 965 }
952 966
953 /* Try to read type 3 */ 967 /* Try to read type 3 */
954 status = ti_vread_sync(serial->serial->dev, UMPC_MEMORY_READ, 968 status = ti_vread_sync(serial->serial->dev, UMPC_MEMORY_READ,
955 DTK_ADDR_SPACE_I2C_TYPE_III, 0, &data, 0x01); 969 DTK_ADDR_SPACE_I2C_TYPE_III, 0, data, 0x01);
956 if (status) 970 if (status)
957 dbg("%s - read 3 status error = %d", __func__, status); 971 dbg("%s - read 3 status error = %d", __func__, status);
958 else 972 else
959 dbg("%s - read 2 data = 0x%x", __func__, data); 973 dbg("%s - read 2 data = 0x%x", __func__, *data);
960 if ((!status) && (data == UMP5152 || data == UMP3410)) { 974 if ((!status) && (*data == UMP5152 || *data == UMP3410)) {
961 dbg("%s - ROM_TYPE_III", __func__); 975 dbg("%s - ROM_TYPE_III", __func__);
962 serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_III; 976 serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_III;
963 return 0; 977 goto out;
964 } 978 }
965 979
966 dbg("%s - Unknown", __func__); 980 dbg("%s - Unknown", __func__);
967 serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_II; 981 serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_II;
968 return -ENODEV; 982 status = -ENODEV;
983out:
984 kfree(data);
985 return status;
969} 986}
970 987
971static int bulk_xfer(struct usb_serial *serial, void *buffer, 988static int bulk_xfer(struct usb_serial *serial, void *buffer,
@@ -1113,7 +1130,7 @@ static int download_fw(struct edgeport_serial *serial)
1113 I2C_DESC_TYPE_FIRMWARE_BASIC, rom_desc); 1130 I2C_DESC_TYPE_FIRMWARE_BASIC, rom_desc);
1114 if (start_address != 0) { 1131 if (start_address != 0) {
1115 struct ti_i2c_firmware_rec *firmware_version; 1132 struct ti_i2c_firmware_rec *firmware_version;
1116 __u8 record; 1133 u8 *record;
1117 1134
1118 dbg("%s - Found Type FIRMWARE (Type 2) record", 1135 dbg("%s - Found Type FIRMWARE (Type 2) record",
1119 __func__); 1136 __func__);
@@ -1165,6 +1182,15 @@ static int download_fw(struct edgeport_serial *serial)
1165 OperationalMajorVersion, 1182 OperationalMajorVersion,
1166 OperationalMinorVersion); 1183 OperationalMinorVersion);
1167 1184
1185 record = kmalloc(1, GFP_KERNEL);
1186 if (!record) {
1187 dev_err(dev, "%s - out of memory.\n",
1188 __func__);
1189 kfree(firmware_version);
1190 kfree(rom_desc);
1191 kfree(ti_manuf_desc);
1192 return -ENOMEM;
1193 }
1168 /* In order to update the I2C firmware we must 1194 /* In order to update the I2C firmware we must
1169 * change the type 2 record to type 0xF2. This 1195 * change the type 2 record to type 0xF2. This
1170 * will force the UMP to come up in Boot Mode. 1196 * will force the UMP to come up in Boot Mode.
@@ -1177,13 +1203,14 @@ static int download_fw(struct edgeport_serial *serial)
1177 * firmware will update the record type from 1203 * firmware will update the record type from
1178 * 0xf2 to 0x02. 1204 * 0xf2 to 0x02.
1179 */ 1205 */
1180 record = I2C_DESC_TYPE_FIRMWARE_BLANK; 1206 *record = I2C_DESC_TYPE_FIRMWARE_BLANK;
1181 1207
1182 /* Change the I2C Firmware record type to 1208 /* Change the I2C Firmware record type to
1183 0xf2 to trigger an update */ 1209 0xf2 to trigger an update */
1184 status = write_rom(serial, start_address, 1210 status = write_rom(serial, start_address,
1185 sizeof(record), &record); 1211 sizeof(*record), record);
1186 if (status) { 1212 if (status) {
1213 kfree(record);
1187 kfree(firmware_version); 1214 kfree(firmware_version);
1188 kfree(rom_desc); 1215 kfree(rom_desc);
1189 kfree(ti_manuf_desc); 1216 kfree(ti_manuf_desc);
@@ -1196,19 +1223,21 @@ static int download_fw(struct edgeport_serial *serial)
1196 */ 1223 */
1197 status = read_rom(serial, 1224 status = read_rom(serial,
1198 start_address, 1225 start_address,
1199 sizeof(record), 1226 sizeof(*record),
1200 &record); 1227 record);
1201 if (status) { 1228 if (status) {
1229 kfree(record);
1202 kfree(firmware_version); 1230 kfree(firmware_version);
1203 kfree(rom_desc); 1231 kfree(rom_desc);
1204 kfree(ti_manuf_desc); 1232 kfree(ti_manuf_desc);
1205 return status; 1233 return status;
1206 } 1234 }
1207 1235
1208 if (record != I2C_DESC_TYPE_FIRMWARE_BLANK) { 1236 if (*record != I2C_DESC_TYPE_FIRMWARE_BLANK) {
1209 dev_err(dev, 1237 dev_err(dev,
1210 "%s - error resetting device\n", 1238 "%s - error resetting device\n",
1211 __func__); 1239 __func__);
1240 kfree(record);
1212 kfree(firmware_version); 1241 kfree(firmware_version);
1213 kfree(rom_desc); 1242 kfree(rom_desc);
1214 kfree(ti_manuf_desc); 1243 kfree(ti_manuf_desc);
@@ -1226,6 +1255,7 @@ static int download_fw(struct edgeport_serial *serial)
1226 __func__, status); 1255 __func__, status);
1227 1256
1228 /* return an error on purpose. */ 1257 /* return an error on purpose. */
1258 kfree(record);
1229 kfree(firmware_version); 1259 kfree(firmware_version);
1230 kfree(rom_desc); 1260 kfree(rom_desc);
1231 kfree(ti_manuf_desc); 1261 kfree(ti_manuf_desc);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-02 11:39:25 -0400