首頁 探索 說明
註冊 登入
phyus
/
linux-vybrid_public
8
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

wimax/i2400m: be smarter about copying command buffer to bm_cmd_buf

Because some underlying bus APIs (like USB) don't like data buffers in
the stack or vmalloced areas, the i2400m driver provides a scratch
buffer (i2400m->bm_cmd_buf) for said low-level drivers to copy command
data to before passing it to said API. This is only used during boot
mode.

However, at some the code was copying the buffer even when the command
was already specified in said buffer. This is ok, but it needs to be
more careful. As thus, change so that:

(a) the copy happens only if command buffer is not the scratch buffer

(b) use memmove() in case there is overlapping

Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>
Inaky Perez-Gonzalez 16 年之前
父節點
339ccc362c
當前提交
77e1251a7c
共有 3 個文件被更改,包括 4 次插入3 次删除
分割檢視 顯示文件統計
  1. 0 1
      drivers/net/wimax/i2400m/fw.c
  2. 2 1
      drivers/net/wimax/i2400m/sdio-fw.c
  3. 2 1
      drivers/net/wimax/i2400m/usb-fw.c

+ 0 - 1
drivers/net/wimax/i2400m/fw.c
查看文件 

@@ -343,7 +343,6 @@ ssize_t i2400m_bm_cmd(struct i2400m *i2400m,
 
 	BUG_ON(i2400m->boot_mode == 0);
 
 
 	if (cmd != NULL) {		/* send the command */
 
-		memcpy(i2400m->bm_cmd_buf, cmd, cmd_size);
 
 		result = i2400m->bus_bm_cmd_send(i2400m, cmd, cmd_size, flags);
 
 		if (result < 0)
 
 			goto error_cmd_send;

+ 2 - 1
drivers/net/wimax/i2400m/sdio-fw.c
查看文件 

@@ -118,7 +118,8 @@ ssize_t i2400ms_bus_bm_cmd_send(struct i2400m *i2400m,
 
 	if (cmd_size > I2400M_BM_CMD_BUF_SIZE)
 
 		goto error_too_big;
 
 
-	memcpy(i2400m->bm_cmd_buf, _cmd, cmd_size);	/* Prep command */
 
+	if (_cmd != i2400m->bm_cmd_buf)
 
+		memmove(i2400m->bm_cmd_buf, _cmd, cmd_size);
 
 	cmd = i2400m->bm_cmd_buf;
 
 	if (cmd_size_a > cmd_size)			/* Zero pad space */
 
 		memset(i2400m->bm_cmd_buf + cmd_size, 0, cmd_size_a - cmd_size);

+ 2 - 1
drivers/net/wimax/i2400m/usb-fw.c
查看文件 

@@ -172,7 +172,8 @@ ssize_t i2400mu_bus_bm_cmd_send(struct i2400m *i2400m,
 
 	result = -E2BIG;
 
 	if (cmd_size > I2400M_BM_CMD_BUF_SIZE)
 
 		goto error_too_big;
 
-	memcpy(i2400m->bm_cmd_buf, _cmd, cmd_size);
 
+	if (_cmd != i2400m->bm_cmd_buf)
 
+		memmove(i2400m->bm_cmd_buf, _cmd, cmd_size);
 
 	cmd = i2400m->bm_cmd_buf;
 
 	if (cmd_size_a > cmd_size)			/* Zero pad space */
 
 		memset(i2400m->bm_cmd_buf + cmd_size, 0, cmd_size_a - cmd_size);