[PATCH 04/14] staging: comedi: daqboard2000: check firmware length

Wed Jan 4 10:55:37 UTC 2017

Firmware files for DAQBoard/2000 have a header, which is skipped,
followed by a sequence of FPGA configuration bytes to be programmed in
pairs.  The FPGA configuration bytes start with the sequence 0xff, 0x20.

Make the firmware loading callback function
`daqboard2000_load_firmware()` return an error `-EINVAL` if the FPGA
start sequence is not found, or the remaining length is not a multiple
of 2.

The firmware loading callback tries to program the FPGA up to 3 times
until it succeeds or it has tried too many times.  Currently, it
searches for the FPGA start sequence in the firmware data each time
through the retry loop.  Change it to adjust the start position and
length before entering the loop.

Signed-off-by: Ian Abbott <abbotti at mev.co.uk>
---
 drivers/staging/comedi/drivers/daqboard2000.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/comedi/drivers/daqboard2000.c b/drivers/staging/comedi/drivers/daqboard2000.c
index e73baba7c312..49feec39c4c6 100644
--- a/drivers/staging/comedi/drivers/daqboard2000.c
+++ b/drivers/staging/comedi/drivers/daqboard2000.c
@@ -511,6 +511,26 @@ static int daqboard2000_load_firmware(struct comedi_device *dev,
 	int retry;
 	size_t i;
 
+	/* Look for FPGA start sequence in firmware. */
+	for (i = 0; i + 1 < len; i++) {
+		if (cpld_array[i] == 0xff && cpld_array[i + 1] == 0x20)
+			break;
+	}
+	if (i + 1 >= len) {
+		dev_err(dev->class_dev, "bad firmware - no start sequence\n");
+		return -EINVAL;
+	}
+	/* Check length is even. */
+	if ((len - i) & 1) {
+		dev_err(dev->class_dev,
+			"bad firmware - odd length (%zu = %zu - %zu)\n",
+			len - i, len, i);
+		return -EINVAL;
+	}
+	/* Strip firmware header. */
+	cpld_array += i;
+	len -= i;
+
 	/* Check to make sure the serial eeprom is present on the board */
 	cntrl = readl(devpriv->plx + PLX_REG_CNTRL);
 	if (!(cntrl & PLX_CNTRL_EEPRESENT))
@@ -521,11 +541,6 @@ static int daqboard2000_load_firmware(struct comedi_device *dev,
 		daqboard2000_reload_plx(dev);
 		daqboard2000_pulse_prog_pin(dev);
 		if (daqboard2000_poll_cpld(dev, DB2K_CPLD_STATUS_INIT)) {
-			for (i = 0; i < len; i++) {
-				if (cpld_array[i] == 0xff &&
-				    cpld_array[i + 1] == 0x20)
-					break;
-			}
 			for (; i < len; i += 2) {
 				u16 data =
 				    (cpld_array[i] << 8) + cpld_array[i + 1];
-- 
2.11.0

