Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c84aa5af authored by Larry Finger's avatar Larry Finger Committed by John W. Linville
Browse files

rtlwifi: Move 2 large arrays off stack 



In driver rtlwifi, efuse_read() places two relatively large arrays on the
stack - a 1D u8 array of size 128, and a 2D array of u16 with 128 * 4 elements.
With driver rtl8192de, the sizes will be 256 and 256 * 4 respectively. As that
will make the 2D array be 2048 bytes, I have changed the code to use kmalloc to
allocate the space.

Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 054ec924

drivers/net/wireless/rtlwifi/efuse.c

+28 −7
Original line number Original line Diff line number Diff line
@@ -235,7 +235,7 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
{

{

	struct rtl_priv *rtlpriv = rtl_priv(hw);

	struct rtl_priv *rtlpriv = rtl_priv(hw);

	struct rtl_efuse *rtlefuse = rtl_efuse(rtl_priv(hw));

	struct rtl_efuse *rtlefuse = rtl_efuse(rtl_priv(hw));

	u8 efuse_tbl[HWSET_MAX_SIZE];

	u8 *efuse_tbl;

	u8 rtemp8[1];

	u8 rtemp8[1];

	u16 efuse_addr = 0;

	u16 efuse_addr = 0;

	u8 offset, wren;

	u8 offset, wren;
@@ -245,7 +245,7 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
		rtlpriv->cfg->maps[EFUSE_MAX_SECTION_MAP];

		rtlpriv->cfg->maps[EFUSE_MAX_SECTION_MAP];

	const u32 efuse_len =

	const u32 efuse_len =

		rtlpriv->cfg->maps[EFUSE_REAL_CONTENT_SIZE];

		rtlpriv->cfg->maps[EFUSE_REAL_CONTENT_SIZE];

	u16 efuse_word[EFUSE_MAX_SECTION][EFUSE_MAX_WORD_UNIT];

	u16 **efuse_word;

	u16 efuse_utilized = 0;

	u16 efuse_utilized = 0;

	u8 efuse_usage;

	u8 efuse_usage;
@@ -256,9 +256,24 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
		return;

		return;

	}

	}





	/* allocate memory for efuse_tbl and efuse_word */

	efuse_tbl = kmalloc(rtlpriv->cfg->maps[EFUSE_HWSET_MAX_SIZE] *

			    sizeof(u8), GFP_ATOMIC);

	if (!efuse_tbl)

		return;

	efuse_word = kmalloc(EFUSE_MAX_WORD_UNIT * sizeof(u16 *), GFP_ATOMIC);

	if (!efuse_word)

		goto done;

	for (i = 0; i < EFUSE_MAX_WORD_UNIT; i++) {

		efuse_word[i] = kmalloc(efuse_max_section * sizeof(u16),

					GFP_ATOMIC);

		if (!efuse_word[i])

			goto done;

	}



	for (i = 0; i < efuse_max_section; i++)

	for (i = 0; i < efuse_max_section; i++)

		for (j = 0; j < EFUSE_MAX_WORD_UNIT; j++)

		for (j = 0; j < EFUSE_MAX_WORD_UNIT; j++)

			efuse_word[i][j] = 0xFFFF;

			efuse_word[j][i] = 0xFFFF;





	read_efuse_byte(hw, efuse_addr, rtemp8);

	read_efuse_byte(hw, efuse_addr, rtemp8);

	if (*rtemp8 != 0xFF) {

	if (*rtemp8 != 0xFF) {
@@ -285,7 +300,8 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
					read_efuse_byte(hw, efuse_addr, rtemp8);

					read_efuse_byte(hw, efuse_addr, rtemp8);

					efuse_addr++;

					efuse_addr++;

					efuse_utilized++;

					efuse_utilized++;

					efuse_word[offset][i] = (*rtemp8 & 0xff);

					efuse_word[i][offset] =

							 (*rtemp8 & 0xff);





					if (efuse_addr >= efuse_len)

					if (efuse_addr >= efuse_len)

						break;

						break;
@@ -297,7 +313,7 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
					read_efuse_byte(hw, efuse_addr, rtemp8);

					read_efuse_byte(hw, efuse_addr, rtemp8);

					efuse_addr++;

					efuse_addr++;

					efuse_utilized++;

					efuse_utilized++;

					efuse_word[offset][i] |=

					efuse_word[i][offset] |=

					    (((u16)*rtemp8 << 8) & 0xff00);

					    (((u16)*rtemp8 << 8) & 0xff00);





					if (efuse_addr >= efuse_len)

					if (efuse_addr >= efuse_len)
@@ -320,9 +336,9 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
	for (i = 0; i < efuse_max_section; i++) {

	for (i = 0; i < efuse_max_section; i++) {

		for (j = 0; j < EFUSE_MAX_WORD_UNIT; j++) {

		for (j = 0; j < EFUSE_MAX_WORD_UNIT; j++) {

			efuse_tbl[(i * 8) + (j * 2)] =

			efuse_tbl[(i * 8) + (j * 2)] =

			    (efuse_word[i][j] & 0xff);

			    (efuse_word[j][i] & 0xff);

			efuse_tbl[(i * 8) + ((j * 2) + 1)] =

			efuse_tbl[(i * 8) + ((j * 2) + 1)] =

			    ((efuse_word[i][j] >> 8) & 0xff);

			    ((efuse_word[j][i] >> 8) & 0xff);

		}

		}

	}

	}
@@ -336,6 +352,11 @@ void read_efuse(struct ieee80211_hw *hw, u16 _offset, u16 _size_byte, u8 *pbuf) 
				      (u8 *)&efuse_utilized);

				      (u8 *)&efuse_utilized);

	rtlpriv->cfg->ops->set_hw_reg(hw, HW_VAR_EFUSE_USAGE,

	rtlpriv->cfg->ops->set_hw_reg(hw, HW_VAR_EFUSE_USAGE,

				      (u8 *)&efuse_usage);

				      (u8 *)&efuse_usage);

done:

	for (i = 0; i < EFUSE_MAX_WORD_UNIT; i++)

		kfree(efuse_word[i]);

	kfree(efuse_word);

	kfree(efuse_tbl);

}

}





bool efuse_shadow_update_chk(struct ieee80211_hw *hw)

bool efuse_shadow_update_chk(struct ieee80211_hw *hw)