wimax/i2400m: be smarter about copying command buffer to bm_cmd_buf
Because some underlying bus APIs (like USB) don't like data buffers in
the stack or vmalloced areas, the i2400m driver provides a scratch
buffer (i2400m->bm_cmd_buf) for said low-level drivers to copy command
data to before passing it to said API. This is only used during boot
mode.
However, at some the code was copying the buffer even when the command
was already specified in said buffer. This is ok, but it needs to be
more careful. As thus, change so that:
(a) the copy happens only if command buffer is not the scratch buffer
(b) use memmove() in case there is overlapping
Signed-off-by: Inaky Perez-Gonzalez <inaky@linux.intel.com>
diff --git a/drivers/net/wimax/i2400m/fw.c b/drivers/net/wimax/i2400m/fw.c
index 55bd69e..0018cdb 100644
--- a/drivers/net/wimax/i2400m/fw.c
+++ b/drivers/net/wimax/i2400m/fw.c
@@ -343,7 +343,6 @@
BUG_ON(i2400m->boot_mode == 0);
if (cmd != NULL) { /* send the command */
- memcpy(i2400m->bm_cmd_buf, cmd, cmd_size);
result = i2400m->bus_bm_cmd_send(i2400m, cmd, cmd_size, flags);
if (result < 0)
goto error_cmd_send;
diff --git a/drivers/net/wimax/i2400m/sdio-fw.c b/drivers/net/wimax/i2400m/sdio-fw.c
index c8dc538..8e02541 100644
--- a/drivers/net/wimax/i2400m/sdio-fw.c
+++ b/drivers/net/wimax/i2400m/sdio-fw.c
@@ -118,7 +118,8 @@
if (cmd_size > I2400M_BM_CMD_BUF_SIZE)
goto error_too_big;
- memcpy(i2400m->bm_cmd_buf, _cmd, cmd_size); /* Prep command */
+ if (_cmd != i2400m->bm_cmd_buf)
+ memmove(i2400m->bm_cmd_buf, _cmd, cmd_size);
cmd = i2400m->bm_cmd_buf;
if (cmd_size_a > cmd_size) /* Zero pad space */
memset(i2400m->bm_cmd_buf + cmd_size, 0, cmd_size_a - cmd_size);
diff --git a/drivers/net/wimax/i2400m/usb-fw.c b/drivers/net/wimax/i2400m/usb-fw.c
index a2250e4..f162c81 100644
--- a/drivers/net/wimax/i2400m/usb-fw.c
+++ b/drivers/net/wimax/i2400m/usb-fw.c
@@ -172,7 +172,8 @@
result = -E2BIG;
if (cmd_size > I2400M_BM_CMD_BUF_SIZE)
goto error_too_big;
- memcpy(i2400m->bm_cmd_buf, _cmd, cmd_size);
+ if (_cmd != i2400m->bm_cmd_buf)
+ memmove(i2400m->bm_cmd_buf, _cmd, cmd_size);
cmd = i2400m->bm_cmd_buf;
if (cmd_size_a > cmd_size) /* Zero pad space */
memset(i2400m->bm_cmd_buf + cmd_size, 0, cmd_size_a - cmd_size);