From 1987145253e2835b248c2a5e20dc0b8dfd60e5be Mon Sep 17 00:00:00 2001 From: patrick Date: Thu, 25 Feb 2021 23:59:54 +0000 Subject: [PATCH] The firmware replaces the last 32-bit on RAM with a shared DRAM address. While the for-loop checks that thie value has changed since we wrote to it, the timeout-condition checked for non-zero, which is wrong. This means that we didn't realize the firmware wasn't started. While there, make sure the shared DRAM address is inside the chip's address space. --- sys/dev/pci/if_bwfm_pci.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/dev/pci/if_bwfm_pci.c b/sys/dev/pci/if_bwfm_pci.c index 848869694b8..079b984a2fd 100644 --- a/sys/dev/pci/if_bwfm_pci.c +++ b/sys/dev/pci/if_bwfm_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bwfm_pci.c,v 1.42 2021/02/25 23:55:41 patrick Exp $ */ +/* $OpenBSD: if_bwfm_pci.c,v 1.43 2021/02/25 23:59:54 patrick Exp $ */ /* * Copyright (c) 2010-2016 Broadcom Corporation * Copyright (c) 2017 Patrick Wildt @@ -788,10 +788,16 @@ bwfm_pci_load_microcode(struct bwfm_pci_softc *sc, const u_char *ucode, size_t s if (shared != written) break; } - if (!shared) { + if (shared == written) { printf("%s: firmware did not come up\n", DEVNAME(sc)); return 1; } + if (shared < bwfm->sc_chip.ch_rambase || + shared >= bwfm->sc_chip.ch_rambase + bwfm->sc_chip.ch_ramsize) { + printf("%s: invalid shared RAM address 0x%08x\n", DEVNAME(sc), + shared); + return 1; + } sc->sc_shared_address = shared; return 0; -- 2.20.1