summaryrefslogtreecommitdiffstats
path: root/package/carl9170/patches/110-endian_fixes.patch
blob: fa2eb1a55f425b1cd43968244214f78b84498575 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
--- a/drivers/net/wireless/ath/carl9170/fw.c
+++ b/drivers/net/wireless/ath/carl9170/fw.c
@@ -39,7 +39,7 @@ const void *ar9170_fw_find_desc(struct a
 	for_each_hdr(iter, ar->fw_desc) {
 		if (!memcmp(iter->magic, descid, sizeof(*descid)) &&
 		    !CHECK_HDR_VERSION(iter, compatible_revision) &&
-		    (iter->length >= len)) {
+		    (le16_to_cpu(iter->length) >= len)) {
 			ret = (void *)iter;
 			break;
 		}
@@ -63,20 +63,22 @@ static int ar9170_fw_verify_descs(struct
 	end = (void *) head + max_len;
 
 	while (pos < end) {
-		if (((unsigned long)pos + pos->length) > (unsigned long)end)
+		int pos_length = le16_to_cpu(pos->length);
+
+		if (((unsigned long)pos + pos_length) > (unsigned long)end)
 			return -EMSGSIZE;
 
-		if (pos->length > max_len)
+		if (pos_length > max_len)
 			return -EMSGSIZE;
 
-		if (pos->length < sizeof(struct carl9170_fw_desc_head))
+		if (pos_length < sizeof(struct carl9170_fw_desc_head))
 			return -EINVAL;
 
 		if (!memcmp(pos->magic, last_magic, sizeof(last_magic)))
 			return 0;
 
-		pos = (void *)((unsigned long)pos + pos->length);
-		max_len -= pos->length;
+		pos = (void *)((unsigned long)pos + pos_length);
+		max_len -= le16_to_cpu(pos->length);
 	}
 
 	return -EINVAL;
@@ -139,7 +141,7 @@ static int ar9170_fw_check(struct ar9170
 	if (SUPP(CARL9170_FW_CRC32_CHECKSUM_TAIL)) {
 		__le32 crc32;
 
-		crc32 = crc32_le(~0, data, len - 4);
+		crc32 = cpu_to_le32(crc32_le(~0, data, len - 4));
 		if (!memcmp(&crc32, &data[len - 4], 4) == 0) {
 			dev_err(ar->pdev, "CRC32 checksum mismatch!\n");
 			return -EINVAL;
--- a/drivers/net/wireless/ath/carl9170/fwhdr.h
+++ b/drivers/net/wireless/ath/carl9170/fwhdr.h
@@ -196,7 +196,7 @@ struct carl9170_fw_last_desc_v1 {
 #define for_each_hdr(desc, fw_desc)					\
 	for (desc = fw_desc;						\
 	     (memcmp(desc->magic, LAST_MAGIC, 4) && desc->length);	\
-	     desc = (void *)((unsigned long)desc + desc->length))
+	     desc = (void *)((unsigned long)desc + le16_to_cpu(desc->length)))
 
 #define CHECK_HDR_VERSION(head, _min_ver)				\
 	(((head)->cur_ver < _min_ver) || ((head)->min_ver > _min_ver))	\
--- a/drivers/net/wireless/ath/carl9170/usb.c
+++ b/drivers/net/wireless/ath/carl9170/usb.c
@@ -640,9 +640,10 @@ static int ar9170_usb_check_firmware(str
 	}
 
 	if ((usb_desc->tx_descs < 16) ||
-	    (usb_desc->tx_frag_len < 64) || (usb_desc->tx_frag_len > 512) ||
-	    (usb_desc->rx_max_frame_len < 1024) ||
-	    (usb_desc->rx_max_frame_len > AR9170_MAX_RX_BUFFER_SIZE)) {
+	    (le16_to_cpu(usb_desc->tx_frag_len) < 64) ||
+		(le16_to_cpu(usb_desc->tx_frag_len) > 512) ||
+	    (le16_to_cpu(usb_desc->rx_max_frame_len) < 1024) ||
+	    (le16_to_cpu(usb_desc->rx_max_frame_len) > AR9170_MAX_RX_BUFFER_SIZE)) {
 		dev_err(&aru->udev->dev, "usb firmware has obvious signs of "
 					 "malicious tampering.\n");
 		err = -EINVAL;
@@ -650,14 +651,14 @@ static int ar9170_usb_check_firmware(str
 	}
 
 	if (SUPP(CARL9170_FW_USB_MINIBOOT))
-		aru->fw_offset = usb_desc->miniboot_size;
+		aru->fw_offset = le16_to_cpu(usb_desc->miniboot_size);
 	else
 		aru->fw_offset = 0;
 
-	aru->rx_size = usb_desc->rx_max_frame_len;
+	aru->rx_size = le16_to_cpu(usb_desc->rx_max_frame_len);
 	aru->common.mem_blocks = usb_desc->tx_descs;
 	atomic_set(&aru->common.mem_free_blocks, usb_desc->tx_descs);
-	aru->common.mem_block_size = usb_desc->tx_frag_len;
+	aru->common.mem_block_size = le16_to_cpu(usb_desc->tx_frag_len);
 	return 0;
 
 fail: