subject:"\[PATCH 1\/3\] pm8001\: fix pm8001_store_update

[PATCH 1/3] pm8001: fix pm8001_store_update_fw

2014-07-30 Thread Suresh Thiagarajan

From: Tomas Henzl 

The current implementation may mix the negative value returned
from pm8001_set_nvmd with with count. -(-ENOMEM) could be interpreted
as bytes programmed, this patch fixes it.

Signed-off-by: Tomas Henzl 
Signed-off-by: Suresh Thiagarajan 
---
 drivers/scsi/pm8001/pm8001_ctl.c |  137 +++---
 drivers/scsi/pm8001/pm8001_hwi.c |4 +-
 2 files changed, 70 insertions(+), 71 deletions(-)

diff --git a/drivers/scsi/pm8001/pm8001_ctl.c b/drivers/scsi/pm8001/pm8001_ctl.c
index d3a08ae..69aedea 100644
--- a/drivers/scsi/pm8001/pm8001_ctl.c
+++ b/drivers/scsi/pm8001/pm8001_ctl.c
@@ -526,18 +526,19 @@ static int pm8001_set_nvmd(struct pm8001_hba_info 
*pm8001_ha)
 {
struct pm8001_ioctl_payload *payload;
DECLARE_COMPLETION_ONSTACK(completion);
-   u8  *ioctlbuffer = NULL;
-   u32 length = 0;
-   u32 ret = 0;
+   u8  *ioctlbuffer;
+   u32 ret;
+   u32 length = 1024 * 5 + sizeof(*payload) - 1;
+
+   if (pm8001_ha->fw_image->size > 4096) {
+   pm8001_ha->fw_status = FAIL_FILE_SIZE;
+   return -EFAULT;
+   }
 
-   length = 1024 * 5 + sizeof(*payload) - 1;
ioctlbuffer = kzalloc(length, GFP_KERNEL);
-   if (!ioctlbuffer)
+   if (!ioctlbuffer) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
return -ENOMEM;
-   if ((pm8001_ha->fw_image->size <= 0) ||
-   (pm8001_ha->fw_image->size > 4096)) {
-   ret = FAIL_FILE_SIZE;
-   goto out;
}
payload = (struct pm8001_ioctl_payload *)ioctlbuffer;
memcpy((u8 *)&payload->func_specific, (u8 *)pm8001_ha->fw_image->data,
@@ -547,6 +548,10 @@ static int pm8001_set_nvmd(struct pm8001_hba_info 
*pm8001_ha)
payload->minor_function = 0x1;
pm8001_ha->nvmd_completion = &completion;
ret = PM8001_CHIP_DISP->set_nvmd_req(pm8001_ha, payload);
+   if (ret) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
+   goto out;
+   }
wait_for_completion(&completion);
 out:
kfree(ioctlbuffer);
@@ -557,26 +562,25 @@ static int pm8001_update_flash(struct pm8001_hba_info 
*pm8001_ha)
 {
struct pm8001_ioctl_payload *payload;
DECLARE_COMPLETION_ONSTACK(completion);
-   u8  *ioctlbuffer = NULL;
-   u32 length = 0;
+   u8  *ioctlbuffer;
struct fw_control_info  *fwControl;
-   u32 loopNumber, loopcount = 0;
-   u32 sizeRead = 0;
u32 partitionSize, partitionSizeTmp;
-   u32 ret = 0;
-   u32 partitionNumber = 0;
+   u32 loopNumber, loopcount;
struct pm8001_fw_image_header *image_hdr;
+   u32 sizeRead = 0;
+   u32 ret = 0;
+   u32 length = 1024 * 16 + sizeof(*payload) - 1;
 
-   length = 1024 * 16 + sizeof(*payload) - 1;
+   if (pm8001_ha->fw_image->size < 28) {
+   pm8001_ha->fw_status = FAIL_FILE_SIZE;
+   return -EFAULT;
+   }
ioctlbuffer = kzalloc(length, GFP_KERNEL);
-   image_hdr = (struct pm8001_fw_image_header *)pm8001_ha->fw_image->data;
-   if (!ioctlbuffer)
+   if (!ioctlbuffer) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
return -ENOMEM;
-   if (pm8001_ha->fw_image->size < 28) {
-   ret = FAIL_FILE_SIZE;
-   goto out;
}
-
+   image_hdr = (struct pm8001_fw_image_header *)pm8001_ha->fw_image->data;
while (sizeRead < pm8001_ha->fw_image->size) {
partitionSizeTmp =
*(u32 *)((u8 *)&image_hdr->image_length + sizeRead);
@@ -617,18 +621,18 @@ static int pm8001_update_flash(struct pm8001_hba_info 
*pm8001_ha)
 
pm8001_ha->nvmd_completion = &completion;
ret = PM8001_CHIP_DISP->fw_flash_update_req(pm8001_ha, payload);
-   if (ret)
-   break;
+   if (ret) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
+   goto out;
+   }
wait_for_completion(&completion);
if (fwControl->retcode > FLASH_UPDATE_IN_PROGRESS) {
-   ret = fwControl->retcode;
-   break;
+   pm8001_ha->fw_status = fwControl->retcode;
+   ret = -EFAULT;
+   goto out;
+   }
}
}
-   if (ret)
-   break;
-   partitionNumber++;
-}
 out:
kfree(ioctlbuffer);
return ret;
@@ -643,22 +647,29 @@ static ssize_t pm8001_store_update_fw(struct device *cdev,
char *cmd_ptr, *filename_ptr;
int res, i;
int flash_command = FLASH_CMD_NONE;
-   int err = 0;
+   int r

RE: [PATCH 1/3] pm8001: fix pm8001_store_update_fw

2014-07-30 Thread Suresh Thiagarajan



On Wed, Jul 30, 2014 at 5:40 PM, James Bottomley 
 wrote:
> On Wed, 2014-07-30 at 17:33 +0530, Suresh Thiagarajan wrote:
>> From: Suresh Thiagarajan 
>>
>> The current implementation may mix the negative value returned
>> from pm8001_set_nvmd with with count. -(-ENOMEM) could be interpreted
>> as bytes programmed, this patch fixes it.
>>
>> Signed-off-by: Tomas Henzl 
>> Signed-off-by: Suresh Thiagarajan 
>
> This author and signoff chain doesn't make sense.  Is the patch from
> Tomas Henzl?  In which case the From: field is wrong; it should read
>
> From: Tomas Henzl 

Yes. This patch is from Tomas. I will correct the "From" and send again

-Suresh
>
> James
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/3] pm8001: fix pm8001_store_update_fw

2014-07-30 Thread James Bottomley

On Wed, 2014-07-30 at 17:33 +0530, Suresh Thiagarajan wrote:
> From: Suresh Thiagarajan 
> 
> The current implementation may mix the negative value returned
> from pm8001_set_nvmd with with count. -(-ENOMEM) could be interpreted
> as bytes programmed, this patch fixes it.
> 
> Signed-off-by: Tomas Henzl 
> Signed-off-by: Suresh Thiagarajan 

This author and signoff chain doesn't make sense.  Is the patch from
Tomas Henzl?  In which case the From: field is wrong; it should read

From: Tomas Henzl 

James


--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH 1/3] pm8001: fix pm8001_store_update_fw

2014-07-30 Thread Suresh Thiagarajan

From: Suresh Thiagarajan 

The current implementation may mix the negative value returned
from pm8001_set_nvmd with with count. -(-ENOMEM) could be interpreted
as bytes programmed, this patch fixes it.

Signed-off-by: Tomas Henzl 
Signed-off-by: Suresh Thiagarajan 
---
 drivers/scsi/pm8001/pm8001_ctl.c |  137 +++---
 drivers/scsi/pm8001/pm8001_hwi.c |4 +-
 2 files changed, 70 insertions(+), 71 deletions(-)

diff --git a/drivers/scsi/pm8001/pm8001_ctl.c b/drivers/scsi/pm8001/pm8001_ctl.c
index d3a08ae..69aedea 100644
--- a/drivers/scsi/pm8001/pm8001_ctl.c
+++ b/drivers/scsi/pm8001/pm8001_ctl.c
@@ -526,18 +526,19 @@ static int pm8001_set_nvmd(struct pm8001_hba_info 
*pm8001_ha)
 {
struct pm8001_ioctl_payload *payload;
DECLARE_COMPLETION_ONSTACK(completion);
-   u8  *ioctlbuffer = NULL;
-   u32 length = 0;
-   u32 ret = 0;
+   u8  *ioctlbuffer;
+   u32 ret;
+   u32 length = 1024 * 5 + sizeof(*payload) - 1;
+
+   if (pm8001_ha->fw_image->size > 4096) {
+   pm8001_ha->fw_status = FAIL_FILE_SIZE;
+   return -EFAULT;
+   }
 
-   length = 1024 * 5 + sizeof(*payload) - 1;
ioctlbuffer = kzalloc(length, GFP_KERNEL);
-   if (!ioctlbuffer)
+   if (!ioctlbuffer) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
return -ENOMEM;
-   if ((pm8001_ha->fw_image->size <= 0) ||
-   (pm8001_ha->fw_image->size > 4096)) {
-   ret = FAIL_FILE_SIZE;
-   goto out;
}
payload = (struct pm8001_ioctl_payload *)ioctlbuffer;
memcpy((u8 *)&payload->func_specific, (u8 *)pm8001_ha->fw_image->data,
@@ -547,6 +548,10 @@ static int pm8001_set_nvmd(struct pm8001_hba_info 
*pm8001_ha)
payload->minor_function = 0x1;
pm8001_ha->nvmd_completion = &completion;
ret = PM8001_CHIP_DISP->set_nvmd_req(pm8001_ha, payload);
+   if (ret) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
+   goto out;
+   }
wait_for_completion(&completion);
 out:
kfree(ioctlbuffer);
@@ -557,26 +562,25 @@ static int pm8001_update_flash(struct pm8001_hba_info 
*pm8001_ha)
 {
struct pm8001_ioctl_payload *payload;
DECLARE_COMPLETION_ONSTACK(completion);
-   u8  *ioctlbuffer = NULL;
-   u32 length = 0;
+   u8  *ioctlbuffer;
struct fw_control_info  *fwControl;
-   u32 loopNumber, loopcount = 0;
-   u32 sizeRead = 0;
u32 partitionSize, partitionSizeTmp;
-   u32 ret = 0;
-   u32 partitionNumber = 0;
+   u32 loopNumber, loopcount;
struct pm8001_fw_image_header *image_hdr;
+   u32 sizeRead = 0;
+   u32 ret = 0;
+   u32 length = 1024 * 16 + sizeof(*payload) - 1;
 
-   length = 1024 * 16 + sizeof(*payload) - 1;
+   if (pm8001_ha->fw_image->size < 28) {
+   pm8001_ha->fw_status = FAIL_FILE_SIZE;
+   return -EFAULT;
+   }
ioctlbuffer = kzalloc(length, GFP_KERNEL);
-   image_hdr = (struct pm8001_fw_image_header *)pm8001_ha->fw_image->data;
-   if (!ioctlbuffer)
+   if (!ioctlbuffer) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
return -ENOMEM;
-   if (pm8001_ha->fw_image->size < 28) {
-   ret = FAIL_FILE_SIZE;
-   goto out;
}
-
+   image_hdr = (struct pm8001_fw_image_header *)pm8001_ha->fw_image->data;
while (sizeRead < pm8001_ha->fw_image->size) {
partitionSizeTmp =
*(u32 *)((u8 *)&image_hdr->image_length + sizeRead);
@@ -617,18 +621,18 @@ static int pm8001_update_flash(struct pm8001_hba_info 
*pm8001_ha)
 
pm8001_ha->nvmd_completion = &completion;
ret = PM8001_CHIP_DISP->fw_flash_update_req(pm8001_ha, payload);
-   if (ret)
-   break;
+   if (ret) {
+   pm8001_ha->fw_status = FAIL_OUT_MEMORY;
+   goto out;
+   }
wait_for_completion(&completion);
if (fwControl->retcode > FLASH_UPDATE_IN_PROGRESS) {
-   ret = fwControl->retcode;
-   break;
+   pm8001_ha->fw_status = fwControl->retcode;
+   ret = -EFAULT;
+   goto out;
+   }
}
}
-   if (ret)
-   break;
-   partitionNumber++;
-}
 out:
kfree(ioctlbuffer);
return ret;
@@ -643,22 +647,29 @@ static ssize_t pm8001_store_update_fw(struct device *cdev,
char *cmd_ptr, *filename_ptr;
int res, i;
int flash_command = FLASH_CMD_NONE;
-   int err = 0;
+

[PATCH 1/3] pm8001: fix pm8001_store_update_fw

RE: [PATCH 1/3] pm8001: fix pm8001_store_update_fw

Re: [PATCH 1/3] pm8001: fix pm8001_store_update_fw

[PATCH 1/3] pm8001: fix pm8001_store_update_fw

4 matches

Site Navigation

Mail list logo

Footer information