Staging: bcm: potential forever loop verifying firmware

There is an ioctl() to write data to the firmware. After the data is written, it reads the databack from the firmware and compares against what the user wanted to write and prints an error message if it doesn't match. The problem is that verify process has a forever loop if the firmware size is not a multiple of 4. I've fixed it by replacing the bcm compare function with memcmp(). I have chopped out some debugging code in the process. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Staging: bcm: potential forever loop verifying firmware
There is an ioctl() to write data to the firmware. After the data is written, it reads the databack from the firmware and compares against what the user wanted to write and prints an error message if it doesn't match. The problem is that verify process has a forever loop if the firmware size is not a multiple of 4. I've fixed it by replacing the bcm compare function with memcmp(). I have chopped out some debugging code in the process. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2c5270ac · Dan Carpenter · Greg Kroah-Hartman · 075dd9b8 · 2c5270ac
Commit 2c5270ac authored Mar 01, 2013 by Dan Carpenter Committed by Greg Kroah-Hartman Mar 11, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 27 deletions

drivers/staging/bcm/InterfaceDld.c drivers/staging/bcm/InterfaceDld.c +5 -27

No files found.
--- a/drivers/staging/bcm/InterfaceDld.c
+++ b/drivers/staging/bcm/InterfaceDld.c
@@ -205,30 +205,6 @@ static int bcm_download_config_file(struct bcm_mini_adapter *Adapter, struct bcm
 	return retval;
 }

-static int bcm_compare_buff_contents(unsigned char *readbackbuff, unsigned char *buff, unsigned int len)
-{
-	int retval = STATUS_SUCCESS;
-	struct bcm_mini_adapter *Adapter = GET_BCM_ADAPTER(gblpnetdev);
-	if ((len-sizeof(unsigned int)) < 4) {
-		if (memcmp(readbackbuff , buff, len))
-			retval = -EINVAL;
-	} else {
-		len -= 4;
-
-		while (len) {
-			if (*(unsigned int *)&readbackbuff[len] != *(unsigned int *)&buff[len]) {
-				BCM_DEBUG_PRINT(Adapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "Firmware Download is not proper");
-				BCM_DEBUG_PRINT(Adapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "Val from Binary %x, Val From Read Back %x ", *(unsigned int *)&buff[len], *(unsigned int*)&readbackbuff[len]);
-				BCM_DEBUG_PRINT(Adapter, DBG_TYPE_INITEXIT, MP_INIT, DBG_LVL_ALL, "len =%x!!!", len);
-				retval = -EINVAL;
-				break;
-			}
-			len -= 4;
-		}
-	}
-	return retval;
-}
-
 int bcm_ioctl_fw_download(struct bcm_mini_adapter *Adapter, struct bcm_firmware_info *psFwInfo)
 {
 	int retval = STATUS_SUCCESS;
@@ -321,9 +297,11 @@ static INT buffRdbkVerify(struct bcm_mini_adapter *Adapter, PUCHAR mappedbuffer,
 			break;
 		}

-		retval = bcm_compare_buff_contents(readbackbuff, mappedbuffer, len);
-		if (STATUS_SUCCESS != retval)
-			break;
+		if (memcmp(readbackbuff, mappedbuffer, len) != 0) {
+			pr_err("%s() failed.  The firmware doesn't match what was written",
+			       __func__);
+			retval = -EIO;
+		}

 		u32StartingAddress += len;
 		u32FirmwareLength -= len;