staging: comedi: daqboard2000: check firmware length
authorIan Abbott <abbotti@mev.co.uk>
Wed, 4 Jan 2017 10:55:37 +0000 (10:55 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 10 Jan 2017 16:38:32 +0000 (17:38 +0100)
Firmware files for DAQBoard/2000 have a header, which is skipped,
followed by a sequence of FPGA configuration bytes to be programmed in
pairs.  The FPGA configuration bytes start with the sequence 0xff, 0x20.

Make the firmware loading callback function
`daqboard2000_load_firmware()` return an error `-EINVAL` if the FPGA
start sequence is not found, or the remaining length is not a multiple
of 2.

The firmware loading callback tries to program the FPGA up to 3 times
until it succeeds or it has tried too many times.  Currently, it
searches for the FPGA start sequence in the firmware data each time
through the retry loop.  Change it to adjust the start position and
length before entering the loop.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Reviewed-by: H Hartley Sweeten <hsweeten@visionengravers.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/comedi/drivers/daqboard2000.c

index e73baba7c3120cdd632c37d124f7ec99150afaac..49feec39c4c6a316dcc3f15014316c547615d9e5 100644 (file)
@@ -511,6 +511,26 @@ static int daqboard2000_load_firmware(struct comedi_device *dev,
        int retry;
        size_t i;
 
+       /* Look for FPGA start sequence in firmware. */
+       for (i = 0; i + 1 < len; i++) {
+               if (cpld_array[i] == 0xff && cpld_array[i + 1] == 0x20)
+                       break;
+       }
+       if (i + 1 >= len) {
+               dev_err(dev->class_dev, "bad firmware - no start sequence\n");
+               return -EINVAL;
+       }
+       /* Check length is even. */
+       if ((len - i) & 1) {
+               dev_err(dev->class_dev,
+                       "bad firmware - odd length (%zu = %zu - %zu)\n",
+                       len - i, len, i);
+               return -EINVAL;
+       }
+       /* Strip firmware header. */
+       cpld_array += i;
+       len -= i;
+
        /* Check to make sure the serial eeprom is present on the board */
        cntrl = readl(devpriv->plx + PLX_REG_CNTRL);
        if (!(cntrl & PLX_CNTRL_EEPRESENT))
@@ -521,11 +541,6 @@ static int daqboard2000_load_firmware(struct comedi_device *dev,
                daqboard2000_reload_plx(dev);
                daqboard2000_pulse_prog_pin(dev);
                if (daqboard2000_poll_cpld(dev, DB2K_CPLD_STATUS_INIT)) {
-                       for (i = 0; i < len; i++) {
-                               if (cpld_array[i] == 0xff &&
-                                   cpld_array[i + 1] == 0x20)
-                                       break;
-                       }
                        for (; i < len; i += 2) {
                                u16 data =
                                    (cpld_array[i] << 8) + cpld_array[i + 1];