Due to miscalculation of nvs_len, excessive data was sent to the
firmware.
Fix this by first setting nvs_ptr to point to the first NVS table,
and computing the total size of all NVS tables accordingly.
Signed-off-by: Ido Yariv <[email protected]>
---
drivers/net/wireless/wl12xx/wl1271_boot.c | 17 ++++++-----------
1 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/drivers/net/wireless/wl12xx/wl1271_boot.c b/drivers/net/wireless/wl12xx/wl1271_boot.c
index fc21db8..e5a7f04 100644
--- a/drivers/net/wireless/wl12xx/wl1271_boot.c
+++ b/drivers/net/wireless/wl12xx/wl1271_boot.c
@@ -274,11 +274,11 @@ static int wl1271_boot_upload_nvs(struct wl1271 *wl)
/*
* We've reached the first zero length, the first NVS table
- * is 7 bytes further.
+ * is located at an aligned offset which is at least 7 bytes further.
*/
- nvs_ptr += 7;
+ nvs_ptr = (u8 *)wl->nvs->nvs +
+ ALIGN(nvs_ptr - (u8 *)wl->nvs->nvs + 7, 4);
nvs_len -= nvs_ptr - (u8 *)wl->nvs->nvs;
- nvs_len = ALIGN(nvs_len, 4);
/* FIXME: The driver sets the partition here, but this is not needed,
since it sets to the same one as currently in use */
@@ -286,14 +286,9 @@ static int wl1271_boot_upload_nvs(struct wl1271 *wl)
wl1271_set_partition(wl, &part_table[PART_WORK]);
/* Copy the NVS tables to a new block to ensure alignment */
- /* FIXME: We jump 3 more bytes before uploading the NVS. It seems
- that our NVS files have three extra zeros here. I'm not sure whether
- the problem is in our NVS generation or we should really jumpt these
- 3 bytes here */
- nvs_ptr += 3;
-
- nvs_aligned = kmemdup(nvs_ptr, nvs_len, GFP_KERNEL); if
- (!nvs_aligned) return -ENOMEM;
+ nvs_aligned = kmemdup(nvs_ptr, nvs_len, GFP_KERNEL);
+ if (!nvs_aligned)
+ return -ENOMEM;
/* And finally we upload the NVS tables */
/* FIXME: In wl1271, we upload everything at once.
--
1.7.0.4
On Wed, 2010-09-22 at 09:53 +0200, ext Ido Yariv wrote:
> Due to miscalculation of nvs_len, excessive data was sent to the
> firmware.
> Fix this by first setting nvs_ptr to point to the first NVS table,
> and computing the total size of all NVS tables accordingly.
>
> Signed-off-by: Ido Yariv <[email protected]>
> ---
This looks reasonable, thanks!
But I still want to have it briefly tested before I accept it. Our
tester will try it out today or tomorrow and, if everything is okay,
I'll ack it.
> drivers/net/wireless/wl12xx/wl1271_boot.c | 17 ++++++-----------
> 1 files changed, 6 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/net/wireless/wl12xx/wl1271_boot.c b/drivers/net/wireless/wl12xx/wl1271_boot.c
> index fc21db8..e5a7f04 100644
> --- a/drivers/net/wireless/wl12xx/wl1271_boot.c
> +++ b/drivers/net/wireless/wl12xx/wl1271_boot.c
> @@ -274,11 +274,11 @@ static int wl1271_boot_upload_nvs(struct wl1271 *wl)
[...]
> - nvs_aligned = kmemdup(nvs_ptr, nvs_len, GFP_KERNEL); if
> - (!nvs_aligned) return -ENOMEM;
> + nvs_aligned = kmemdup(nvs_ptr, nvs_len, GFP_KERNEL);
> + if (!nvs_aligned)
> + return -ENOMEM;
This looks pretty odd. But I checked wireless-testing and it is looking
bad there. It's not like that in our internal tree, but git blames me
for doing it in wireless-testing. :) Thanks for fixing.
--
Cheers,
Luca.
On Wed, 2010-09-22 at 12:24 +0200, Luciano Coelho wrote:
> On Wed, 2010-09-22 at 09:53 +0200, ext Ido Yariv wrote:
> > Due to miscalculation of nvs_len, excessive data was sent to the
> > firmware.
> > Fix this by first setting nvs_ptr to point to the first NVS table,
> > and computing the total size of all NVS tables accordingly.
> >
> > Signed-off-by: Ido Yariv <[email protected]>
> > ---
>
> This looks reasonable, thanks!
>
> But I still want to have it briefly tested before I accept it. Our
> tester will try it out today or tomorrow and, if everything is okay,
> I'll ack it.
>
Okay, Tuomas has run some basic tests with this patch and didn't
observer any degradation in RF (which would signal possible problems
with the NVS uploading).
Thanks, Ido!
Tested-By: Tuomas Katila <[email protected]>
Acked-by: Luciano Coelho <[email protected]>
John, please apply this patch, since my tree is not ready yet.
--
Cheers,
Luca.