drivers/firmware/broadcom/bcm47xx_nvram.c: fix incorrect __ioread32_copy

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Commit 1f330c327900 ("drivers/firmware/broadcom/bcm47xx_nvram.c: use
__ioread32_copy() instead of open-coding") switched to use a generic
copy function, but failed to notice that the header pointer is updated
between the two copies, resulting in bogus data being copied in the
latter one. Fix by keeping the old header pointer.

The patch fixes totally broken networking on WRT54GL router (both LAN and
WLAN interfaces fail to probe).

Fixes: 1f330c327900 ("drivers/firmware/broadcom/bcm47xx_nvram.c: use __ioread32_copy() instead of open-coding")
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Cc: Rafal Milecki <zajec5@gmail.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: <stable@vger.kernel.org> [4.4.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Aaro Koskinen and committed by

Linus Torvalds 10 years ago 4c11e554 b0f84ac3

+2 -3

1 changed file

expand all

drivers

firmware

broadcom

bcm47xx_nvram.c

+2 -3

drivers/firmware/broadcom/bcm47xx_nvram.c

··· 94 94 95 95 found: 96 96 __ioread32_copy(nvram_buf, header, sizeof(*header) / 4); 97 - header = (struct nvram_header *)nvram_buf; 98 - nvram_len = header->len; 97 + nvram_len = ((struct nvram_header *)(nvram_buf))->len; 99 98 if (nvram_len > size) { 100 99 pr_err("The nvram size according to the header seems to be bigger than the partition on flash\n"); 101 100 nvram_len = size; 102 101 } 103 102 if (nvram_len >= NVRAM_SPACE) { 104 103 pr_err("nvram on flash (%i bytes) is bigger than the reserved space in memory, will just copy the first %i bytes\n", 105 - header->len, NVRAM_SPACE - 1); 104 + nvram_len, NVRAM_SPACE - 1); 106 105 nvram_len = NVRAM_SPACE - 1; 107 106 } 108 107 /* proceed reading data after header */