Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0cbe0064 authored by Ivo van Doorn's avatar Ivo van Doorn Committed by John W. Linville
Browse files

rt2x00: Validate firmware in driver 



The get_firmware_crc() callback function isn't flexible
enough when dealing with multiple firmware versions.
It might in some cases be possible that the firmware
file contains multiple CRC checksums.

Create the check_firmware() callback function where the driver
has complete freedom in how to validate the firmware.

Signed-off-by: default avatarIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent a2c9b652

drivers/net/wireless/rt2x00/rt2x00.h

+4 −3
Original line number Diff line number Diff line
@@ -468,9 +468,10 @@ struct rt2x00lib_ops { 
	 */

	int (*probe_hw) (struct rt2x00_dev *rt2x00dev);

	char *(*get_firmware_name) (struct rt2x00_dev *rt2x00dev);

	u16 (*get_firmware_crc) (const void *data, const size_t len);

	int (*load_firmware) (struct rt2x00_dev *rt2x00dev, const void *data,

			      const size_t len);

	int (*check_firmware) (struct rt2x00_dev *rt2x00dev,

			       const u8 *data, const size_t len);

	int (*load_firmware) (struct rt2x00_dev *rt2x00dev,

			      const u8 *data, const size_t len);



	/*

	 * Device initialization/deinitialization handlers.

drivers/net/wireless/rt2x00/rt2x00firmware.c

+18 −9
Original line number Diff line number Diff line
@@ -35,7 +35,6 @@ static int rt2x00lib_request_firmware(struct rt2x00_dev *rt2x00dev) 
	const struct firmware *fw;

	char *fw_name;

	int retval;

	u16 crc;



	/*

	 * Read correct firmware from harddisk.
@@ -61,16 +60,26 @@ static int rt2x00lib_request_firmware(struct rt2x00_dev *rt2x00dev) 
		return -ENOENT;

	}



	crc = rt2x00dev->ops->lib->get_firmware_crc(fw->data, fw->size);

	if (crc != (fw->data[fw->size - 2] << 8 | fw->data[fw->size - 1])) {

		ERROR(rt2x00dev, "Firmware checksum error.\n");

		retval = -ENOENT;

		goto exit;

	}



	INFO(rt2x00dev, "Firmware detected - version: %d.%d.\n",

	     fw->data[fw->size - 4], fw->data[fw->size - 3]);



	retval = rt2x00dev->ops->lib->check_firmware(rt2x00dev, fw->data, fw->size);

	switch (retval) {

	case FW_OK:

		break;

	case FW_BAD_CRC:

		ERROR(rt2x00dev, "Firmware checksum error.\n");

		goto exit;

	case FW_BAD_LENGTH:

		ERROR(rt2x00dev,

		      "Invalid firmware file length (len=%zu)\n", fw->size);

		goto exit;

	case FW_BAD_VERSION:

		ERROR(rt2x00dev,

		      "Current firmware does not support detected chipset.\n");

		goto exit;

	};



	rt2x00dev->fw = fw;



	return 0;
@@ -78,7 +87,7 @@ static int rt2x00lib_request_firmware(struct rt2x00_dev *rt2x00dev) 
exit:

	release_firmware(fw);



	return retval;

	return -ENOENT;

}



int rt2x00lib_load_firmware(struct rt2x00_dev *rt2x00dev)

drivers/net/wireless/rt2x00/rt2x00reg.h

+10 −0
Original line number Diff line number Diff line
@@ -134,6 +134,16 @@ enum rate_modulation { 
	RATE_MODE_HT_GREENFIELD = 3,

};



/*

 * Firmware validation error codes

 */

enum firmware_errors {

	FW_OK,

	FW_BAD_CRC,

	FW_BAD_LENGTH,

	FW_BAD_VERSION,

};



/*

 * Register handlers.

 * We store the position of a register field inside a field structure,

drivers/net/wireless/rt2x00/rt61pci.c

+18 −11
Original line number Diff line number Diff line
@@ -1176,34 +1176,41 @@ static char *rt61pci_get_firmware_name(struct rt2x00_dev *rt2x00dev) 
	return fw_name;

}



static u16 rt61pci_get_firmware_crc(const void *data, const size_t len)

static int rt61pci_check_firmware(struct rt2x00_dev *rt2x00dev,

				  const u8 *data, const size_t len)

{

	u16 fw_crc;

	u16 crc;



	/*

	 * Use the crc itu-t algorithm.

	 * Only support 8kb firmware files.

	 */

	if (len != 8192)

		return FW_BAD_LENGTH;



	/*

	 * The last 2 bytes in the firmware array are the crc checksum itself,

	 * this means that we should never pass those 2 bytes to the crc

	 * algorithm.

	 */

	fw_crc = (data[len - 2] << 8 | data[len - 1]);



	/*

	 * Use the crc itu-t algorithm.

	 */

	crc = crc_itu_t(0, data, len - 2);

	crc = crc_itu_t_byte(crc, 0);

	crc = crc_itu_t_byte(crc, 0);



	return crc;

	return (fw_crc == crc) ? FW_OK : FW_BAD_CRC;

}



static int rt61pci_load_firmware(struct rt2x00_dev *rt2x00dev, const void *data,

				 const size_t len)

static int rt61pci_load_firmware(struct rt2x00_dev *rt2x00dev,

				 const u8 *data, const size_t len)

{

	int i;

	u32 reg;



	if (len != 8192) {

		ERROR(rt2x00dev, "Invalid firmware file length (len=%zu)\n", len);

		return -ENOENT;

	}



	/*

	 * Wait for stable hardware.

	 */
@@ -2750,7 +2757,7 @@ static const struct rt2x00lib_ops rt61pci_rt2x00_ops = { 
	.irq_handler		= rt61pci_interrupt,

	.probe_hw		= rt61pci_probe_hw,

	.get_firmware_name	= rt61pci_get_firmware_name,

	.get_firmware_crc	= rt61pci_get_firmware_crc,

	.check_firmware		= rt61pci_check_firmware,

	.load_firmware		= rt61pci_load_firmware,

	.initialize		= rt2x00pci_initialize,

	.uninitialize		= rt2x00pci_uninitialize,

drivers/net/wireless/rt2x00/rt73usb.c

+18 −11
Original line number Diff line number Diff line
@@ -1061,35 +1061,42 @@ static char *rt73usb_get_firmware_name(struct rt2x00_dev *rt2x00dev) 
	return FIRMWARE_RT2571;

}



static u16 rt73usb_get_firmware_crc(const void *data, const size_t len)

static int rt73usb_check_firmware(struct rt2x00_dev *rt2x00dev,

				  const u8 *data, const size_t len)

{

	u16 fw_crc;

	u16 crc;



	/*

	 * Use the crc itu-t algorithm.

	 * Only support 2kb firmware files.

	 */

	if (len != 2048)

		return FW_BAD_LENGTH;



	/*

	 * The last 2 bytes in the firmware array are the crc checksum itself,

	 * this means that we should never pass those 2 bytes to the crc

	 * algorithm.

	 */

	fw_crc = (data[len - 2] << 8 | data[len - 1]);



	/*

	 * Use the crc itu-t algorithm.

	 */

	crc = crc_itu_t(0, data, len - 2);

	crc = crc_itu_t_byte(crc, 0);

	crc = crc_itu_t_byte(crc, 0);



	return crc;

	return (fw_crc == crc) ? FW_OK : FW_BAD_CRC;

}



static int rt73usb_load_firmware(struct rt2x00_dev *rt2x00dev, const void *data,

				 const size_t len)

static int rt73usb_load_firmware(struct rt2x00_dev *rt2x00dev,

				 const u8 *data, const size_t len)

{

	unsigned int i;

	int status;

	u32 reg;



	if (len != 2048) {

		ERROR(rt2x00dev, "Invalid firmware file length (len=%zu)\n", len);

		return -ENOENT;

	}



	/*

	 * Wait for stable hardware.

	 */
@@ -2278,7 +2285,7 @@ static const struct ieee80211_ops rt73usb_mac80211_ops = { 
static const struct rt2x00lib_ops rt73usb_rt2x00_ops = {

	.probe_hw		= rt73usb_probe_hw,

	.get_firmware_name	= rt73usb_get_firmware_name,

	.get_firmware_crc	= rt73usb_get_firmware_crc,

	.check_firmware		= rt73usb_check_firmware,

	.load_firmware		= rt73usb_load_firmware,

	.initialize		= rt2x00usb_initialize,

	.uninitialize		= rt2x00usb_uninitialize,