I'm sorry for my english, I hope everybody can understand.
I think that there is a mistake in the foxbone_syscalls.c,
the foxbone bus is 16 bit wide, so a "unsigned short int *" pointer
is used for bulk data write or bulk data read array exchange from
user code to kernel code, but inside foxbone_syscalls.c function
an "unsigned int *buffer" is used, this has the effect that the
"lenght" should be double of the required data, and the user array is
filled only to even short integer word.
This is the actual wrong (in my opinion) code from foxbone_syscalls.c:
asmlinkage void sys_foxbonebulkread(unsigned short int reg, unsigned
short int *value, unsigned int length){
unsigned int i;
unsigned int *buffer = kmalloc(length * 2, GFP_KERNEL);
*buffer = foxbone_read(reg);
for(i = 1; i < length; i++){
buffer[i] = foxbone_read_next();
};
copy_to_user(value, buffer, length * 2);
kfree(buffer); };
asmlinkage void sys_foxbonebulkwrite(unsigned short int reg, unsigned
short int *value, unsigned int length){
unsigned int i;
unsigned int *buffer = kmalloc(length * 2, GFP_KERNEL);
copy_from_user(buffer, value, length * 2);
foxbone_write(reg, *buffer);
for(i = 1; i < length; i++){
foxbone_write_next(buffer[i]);
}; kfree(buffer); };
This is the suggested patch to kmalloc line:
unsigned short int *buffer = kmalloc(length * 2, GFP_KERNEL);
best regards
Andrea
