search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] drivers/net/wireless/libertas/fw.c: fix use-before-check
[linux-2.6/libata-dev.git] / drivers / net / wireless / libertas / fw.c
blob5c63c9b1659c1e45e1054bb01fd0969a82dfa563
1 /**
2 * This file contains the initialization for FW and HW
3 */
4 #include <linux/module.h>
5 #include <linux/moduleparam.h>
6
7 #include <linux/vmalloc.h>
8 #include <linux/firmware.h>
9 #include <linux/version.h>
10
11 #include "host.h"
12 #include "sbi.h"
13 #include "defs.h"
14 #include "decl.h"
15 #include "dev.h"
16 #include "fw.h"
17 #include "wext.h"
18 #include "if_usb.h"
19
20 char *libertas_fw_name = NULL;
21 module_param_named(fw_name, libertas_fw_name, charp, 0644);
22
23 unsigned int libertas_debug = 0;
24 module_param(libertas_debug, int, 0);
25
26 /**
27 * @brief This function checks the validity of Boot2/FW image.
28 *
29 * @param data pointer to image
30 * len image length
31 * @return 0 or -1
32 */
33 static int check_fwfile_format(u8 *data, u32 totlen)
34 {
35 u8 bincmd, exit;
36 u32 blksize, offset, len;
37 int ret;
38
39 ret = 1;
40 exit = len = 0;
41
42 do {
43 bincmd = *data;
44 blksize = *(u32*)(data + offsetof(struct fwheader, datalength));
45 switch (bincmd) {
46 case FW_HAS_DATA_TO_RECV:
47 offset = sizeof(struct fwheader) + blksize;
48 data += offset;
49 len += offset;
50 if (len >= totlen)
51 exit = 1;
52 break;
53 case FW_HAS_LAST_BLOCK:
54 exit = 1;
55 ret = 0;
56 break;
57 default:
58 exit = 1;
59 break;
60 }
61 } while (!exit);
62
63 if (ret)
64 lbs_pr_err("bin file format check FAIL...\n");
65 else
66 lbs_pr_debug(1, "bin file format check PASS...\n");
67
68 return ret;
69 }
70
71 /**
72 * @brief This function downloads firmware image, gets
73 * HW spec from firmware and set basic parameters to
74 * firmware.
75 *
76 * @param priv A pointer to wlan_private structure
77 * @return 0 or -1
78 */
79 static int wlan_setup_station_hw(wlan_private * priv)
80 {
81 int ret = -1;
82 wlan_adapter *adapter = priv->adapter;
83
84 ENTER();
85
86 if ((ret = request_firmware(&priv->firmware, libertas_fw_name,
87 priv->hotplug_device)) < 0) {
88 lbs_pr_err("request_firmware() failed, error code = %#x\n",
89 ret);
90 lbs_pr_err("%s not found in /lib/firmware\n", libertas_fw_name);
91 goto done;
92 }
93
94 if(check_fwfile_format(priv->firmware->data, priv->firmware->size)) {
95 release_firmware(priv->firmware);
96 goto done;
97 }
98
99 ret = libertas_sbi_prog_firmware(priv);
100
101 release_firmware(priv->firmware);
102
103 if (ret) {
104 lbs_pr_debug(1, "Bootloader in invalid state!\n");
105 ret = -1;
106 goto done;
107 }
108
109 /*
110 * Read MAC address from HW
111 */
112 memset(adapter->current_addr, 0xff, ETH_ALEN);
113
114 ret = libertas_prepare_and_send_command(priv, cmd_get_hw_spec,
115 0, cmd_option_waitforrsp, 0, NULL);
116
117 if (ret) {
118 ret = -1;
119 goto done;
120 }
121
122 libertas_set_mac_packet_filter(priv);
123
124 /* Get the supported Data rates */
125 ret = libertas_prepare_and_send_command(priv, cmd_802_11_data_rate,
126 cmd_act_get_tx_rate,
127 cmd_option_waitforrsp, 0, NULL);
128
129 if (ret) {
130 ret = -1;
131 goto done;
132 }
133
134 ret = 0;
135 done:
136 LEAVE();
137
138 return (ret);
139 }
140
141 static int wlan_allocate_adapter(wlan_private * priv)
142 {
143 u32 ulbufsize;
144 wlan_adapter *adapter = priv->adapter;
145
146 struct bss_descriptor *ptempscantable;
147
148 /* Allocate buffer to store the BSSID list */
149 ulbufsize = sizeof(struct bss_descriptor) * MRVDRV_MAX_BSSID_LIST;
150 if (!(ptempscantable = kmalloc(ulbufsize, GFP_KERNEL))) {
151 libertas_free_adapter(priv);
152 return -1;
153 }
154
155 adapter->scantable = ptempscantable;
156 memset(adapter->scantable, 0, ulbufsize);
157
158 /* Allocate the command buffers */
159 libertas_allocate_cmd_buffer(priv);
160
161 memset(&adapter->libertas_ps_confirm_sleep, 0, sizeof(struct PS_CMD_ConfirmSleep));
162 adapter->libertas_ps_confirm_sleep.seqnum = cpu_to_le16(++adapter->seqnum);
163 adapter->libertas_ps_confirm_sleep.command =
164 cpu_to_le16(cmd_802_11_ps_mode);
165 adapter->libertas_ps_confirm_sleep.size =
166 cpu_to_le16(sizeof(struct PS_CMD_ConfirmSleep));
167 adapter->libertas_ps_confirm_sleep.result = 0;
168 adapter->libertas_ps_confirm_sleep.action =
169 cpu_to_le16(cmd_subcmd_sleep_confirmed);
170
171 return 0;
172 }
173
174 static void wlan_init_adapter(wlan_private * priv)
175 {
176 wlan_adapter *adapter = priv->adapter;
177 int i;
178
179 adapter->scanprobes = 0;
180
181 adapter->bcn_avg_factor = DEFAULT_BCN_AVG_FACTOR;
182 adapter->data_avg_factor = DEFAULT_DATA_AVG_FACTOR;
183
184 /* ATIM params */
185 adapter->atimwindow = 0;
186
187 adapter->connect_status = libertas_disconnected;
188 memset(adapter->current_addr, 0xff, ETH_ALEN);
189
190 /* scan type */
191 adapter->scantype = cmd_scan_type_active;
192
193 /* scan mode */
194 adapter->scanmode = cmd_bss_type_any;
195
196 /* 802.11 specific */
197 adapter->secinfo.wep_enabled = 0;
198 for (i = 0; i < sizeof(adapter->wep_keys) / sizeof(adapter->wep_keys[0]);
199 i++)
200 memset(&adapter->wep_keys[i], 0, sizeof(struct WLAN_802_11_KEY));
201 adapter->wep_tx_keyidx = 0;
202 adapter->secinfo.auth_mode = IW_AUTH_ALG_OPEN_SYSTEM;
203 adapter->mode = IW_MODE_INFRA;
204
205 adapter->assoc_req = NULL;
206
207 adapter->numinscantable = 0;
208 adapter->pattemptedbssdesc = NULL;
209 mutex_init(&adapter->lock);
210
211 adapter->prescan = 1;
212
213 memset(&adapter->curbssparams, 0, sizeof(adapter->curbssparams));
214
215 /* PnP and power profile */
216 adapter->surpriseremoved = 0;
217
218 adapter->currentpacketfilter =
219 cmd_act_mac_rx_on | cmd_act_mac_tx_on;
220
221 adapter->radioon = RADIO_ON;
222 adapter->txantenna = RF_ANTENNA_2;
223 adapter->rxantenna = RF_ANTENNA_AUTO;
224
225 adapter->is_datarate_auto = 1;
226 adapter->beaconperiod = MRVDRV_BEACON_INTERVAL;
227
228 // set default value of capinfo.
229 #define SHORT_PREAMBLE_ALLOWED 1
230 memset(&adapter->capinfo, 0, sizeof(adapter->capinfo));
231 adapter->capinfo.shortpreamble = SHORT_PREAMBLE_ALLOWED;
232
233 adapter->adhocchannel = DEFAULT_AD_HOC_CHANNEL;
234
235 adapter->psmode = wlan802_11powermodecam;
236 adapter->multipledtim = MRVDRV_DEFAULT_MULTIPLE_DTIM;
237
238 adapter->listeninterval = MRVDRV_DEFAULT_LISTEN_INTERVAL;
239
240 adapter->psstate = PS_STATE_FULL_POWER;
241 adapter->needtowakeup = 0;
242 adapter->locallisteninterval = 0; /* default value in firmware will be used */
243
244 adapter->datarate = 0; // Initially indicate the rate as auto
245
246 adapter->adhoc_grate_enabled = 0;
247
248 adapter->intcounter = 0;
249
250 adapter->currenttxskb = NULL;
251 adapter->pkttxctrl = 0;
252
253 memset(&adapter->tx_queue_ps, 0, NR_TX_QUEUE*sizeof(struct sk_buff*));
254 adapter->tx_queue_idx = 0;
255 spin_lock_init(&adapter->txqueue_lock);
256
257 return;
258 }
259
260 static void command_timer_fn(unsigned long data);
261
262 int libertas_init_fw(wlan_private * priv)
263 {
264 int ret = -1;
265 wlan_adapter *adapter = priv->adapter;
266
267 ENTER();
268
269 /* Allocate adapter structure */
270 if ((ret = wlan_allocate_adapter(priv)) != 0)
271 goto done;
272
273 /* init adapter structure */
274 wlan_init_adapter(priv);
275
276 /* init timer etc. */
277 setup_timer(&adapter->command_timer, command_timer_fn,
278 (unsigned long)priv);
279
280 /* download fimrware etc. */
281 if ((ret = wlan_setup_station_hw(priv)) != 0) {
282 del_timer_sync(&adapter->command_timer);
283 goto done;
284 }
285
286 /* init 802.11d */
287 libertas_init_11d(priv);
288
289 ret = 0;
290 done:
291 LEAVE();
292 return ret;
293 }
294
295 void libertas_free_adapter(wlan_private * priv)
296 {
297 wlan_adapter *adapter = priv->adapter;
298
299 if (!adapter) {
300 lbs_pr_debug(1, "Why double free adapter?:)\n");
301 return;
302 }
303
304 lbs_pr_debug(1, "Free command buffer\n");
305 libertas_free_cmd_buffer(priv);
306
307 lbs_pr_debug(1, "Free commandTimer\n");
308 del_timer(&adapter->command_timer);
309
310 lbs_pr_debug(1, "Free scantable\n");
311 if (adapter->scantable) {
312 kfree(adapter->scantable);
313 adapter->scantable = NULL;
314 }
315
316 lbs_pr_debug(1, "Free adapter\n");
317
318 /* Free the adapter object itself */
319 kfree(adapter);
320 priv->adapter = NULL;
321 }
322
323 /**
324 * This function handles the timeout of command sending.
325 * It will re-send the same command again.
326 */
327 static void command_timer_fn(unsigned long data)
328 {
329 wlan_private *priv = (wlan_private *)data;
330 wlan_adapter *adapter = priv->adapter;
331 struct cmd_ctrl_node *ptempnode;
332 struct cmd_ds_command *cmd;
333 unsigned long flags;
334
335 ptempnode = adapter->cur_cmd;
336 if (ptempnode == NULL) {
337 lbs_pr_debug(1, "PTempnode Empty\n");
338 return;
339 }
340
341 cmd = (struct cmd_ds_command *)ptempnode->bufvirtualaddr;
342 if (!cmd) {
343 lbs_pr_debug(1, "cmd is NULL\n");
344 return;
345 }
346
347 lbs_pr_info("command_timer_fn fired (%x)\n", cmd->command);
348
349 if (!adapter->fw_ready)
350 return;
351
352 spin_lock_irqsave(&adapter->driver_lock, flags);
353 adapter->cur_cmd = NULL;
354 spin_unlock_irqrestore(&adapter->driver_lock, flags);
355
356 lbs_pr_debug(1, "Re-sending same command as it timeout...!\n");
357 libertas_queue_cmd(adapter, ptempnode, 0);
358
359 wake_up_interruptible(&priv->mainthread.waitq);
360
361 return;
362 }
Linux 2.6 libata-dev (mirror)