wimax/i2400m: be smarter about copying command buffer to bm_cmd_buf
authorInaky Perez-Gonzalez <inaky@linux.intel.com>
Tue, 1 Sep 2009 00:15:49 +0000 (17:15 -0700)
committerInaky Perez-Gonzalez <inaky@linux.intel.com>
Mon, 19 Oct 2009 06:55:46 +0000 (15:55 +0900)
Because some underlying bus APIs (like USB) don't like data buffers in
the stack or vmalloced areas, the i2400m driver provides a scratch
buffer (i2400m->bm_cmd_buf) for said low-level drivers to copy command
data to before passing it to said API. This is only used during boot
mode.

However, at some the code was copying the buffer even when the command
was already specified in said buffer. This is ok, but it needs to be
more careful. As thus, change so that:

(a) the copy happens only if command buffer is not the scratch buffer

(b) use memmove() in case there is overlapping

Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>
drivers/net/wimax/i2400m/fw.c
drivers/net/wimax/i2400m/sdio-fw.c
drivers/net/wimax/i2400m/usb-fw.c

index 55bd69e913b97ff6a3bf458361d71463548bbc38..0018cdbd01568dbf453e4612575f6d1c8763de0e 100644 (file)
@@ -343,7 +343,6 @@ ssize_t i2400m_bm_cmd(struct i2400m *i2400m,
        BUG_ON(i2400m->boot_mode == 0);
 
        if (cmd != NULL) {              /* send the command */
-               memcpy(i2400m->bm_cmd_buf, cmd, cmd_size);
                result = i2400m->bus_bm_cmd_send(i2400m, cmd, cmd_size, flags);
                if (result < 0)
                        goto error_cmd_send;
index c8dc538d40c1e500a9ac4704d54e5a450178380d..8e025418f5be16496687ede3588810334fbf1e1e 100644 (file)
@@ -118,7 +118,8 @@ ssize_t i2400ms_bus_bm_cmd_send(struct i2400m *i2400m,
        if (cmd_size > I2400M_BM_CMD_BUF_SIZE)
                goto error_too_big;
 
-       memcpy(i2400m->bm_cmd_buf, _cmd, cmd_size);     /* Prep command */
+       if (_cmd != i2400m->bm_cmd_buf)
+               memmove(i2400m->bm_cmd_buf, _cmd, cmd_size);
        cmd = i2400m->bm_cmd_buf;
        if (cmd_size_a > cmd_size)                      /* Zero pad space */
                memset(i2400m->bm_cmd_buf + cmd_size, 0, cmd_size_a - cmd_size);
index a2250e49a444e7297fb01c63af8f353cc8605f12..f162c815d505739c5c6b4e88a08fa104ee5e3acd 100644 (file)
@@ -172,7 +172,8 @@ ssize_t i2400mu_bus_bm_cmd_send(struct i2400m *i2400m,
        result = -E2BIG;
        if (cmd_size > I2400M_BM_CMD_BUF_SIZE)
                goto error_too_big;
-       memcpy(i2400m->bm_cmd_buf, _cmd, cmd_size);
+       if (_cmd != i2400m->bm_cmd_buf)
+               memmove(i2400m->bm_cmd_buf, _cmd, cmd_size);
        cmd = i2400m->bm_cmd_buf;
        if (cmd_size_a > cmd_size)                      /* Zero pad space */
                memset(i2400m->bm_cmd_buf + cmd_size, 0, cmd_size_a - cmd_size);