As pointed by KASAN:

	BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff880000038d8c
	Read of size 128 by task systemd-udevd/2536
	page:ffffea0000000800 count:1 mapcount:0 mapping:          (null) index:0x0 compound_mapcount: 0
	flags: 0xffff8000004000(head)
	page dumped because: kasan: bad access detected
	CPU: 1 PID: 2536 Comm: systemd-udevd Not tainted 4.5.0-rc3+ #47
	Hardware name:                  /NUC5i7RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015
	  ffff880000038d8c ffff8803b0f1f1e8 ffffffff81933901 0000000000000080
	  ffff8803b0f1f280 ffff8803b0f1f270 ffffffff815602c5 ffffffff8284cf93
	  ffffffff822ddc00 0000000000000282 0000000000000001 ffff88009c7c6000
	Call Trace:
	  [<ffffffff81933901>] dump_stack+0x85/0xc4
	  [<ffffffff815602c5>] kasan_report_error+0x525/0x550
	  [<ffffffff815606e9>] kasan_report+0x39/0x40
	  [<ffffffff8155f84d>] memcpy+0x1d/0x40
	  [<ffffffffa120cb90>] smscore_set_device_mode+0xee0/0x2560 [smsmdtv]

Such error happens at the memcpy code below:

0x4bc0 is in smscore_set_device_mode (drivers/media/common/siano/smscoreapi.c:975).
970					      sizeof(u32) + payload_size));
971
972			data_msg->mem_addr = mem_address;
973			memcpy(data_msg->payload, payload, payload_size);
974
975			rc = smscore_sendrequest_and_wait(coredev, data_msg,
976					data_msg->x_msg_header.msg_length,
977					&coredev->data_download_done);
978
979			payload += payload_size;

The problem is that the Siano driver uses a header to store the firmware,
with requires a few more bytes than allocated.

Tested with:
	PCTV 77e (2013:0257)
	Hauppauge WinTV MiniStick (2040:5510)
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

We need to initialize the media controller earlier, as the core
will call the smsdvb hotplug during register time. Ok, this is
an async operation, so, when the module is not loaded, the media
controller works.

However, if the module is already loaded, nothing will be
registered at the media controller, as it will load too late.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

All siano modules have a sms_dbg parameter. Now that we're using
the standard pr_debug() macro, we can get rid of it.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

On most cases, sms_info() should actually be pr_debug(), but,
on other places, it should be pr_info().
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

There's no reason to use a macro here. Just replace everything,
and let those debug messages to be activated via dynamic printk.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

Originally, sms_err() would be also displaying the line where
the error occurs, but the messages are clear enough. Also,
the function is always printed. So, no need for it.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

Instead of defining its own set of printk functions, let's
use the common Kernel debug logic provided by pr_foo functions.

As a first step, let's just define the existing macros as the
Kernel ones.
Signed-off-by: NMauro Carvalho Chehab <mchehab@osg.samsung.com>

Instead of allocating a var to store 0 and just return it,
change the code to return 0 directly.
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>

drivers/media/common/siano/smsdvb-main.c:47:5: warning: symbol 'sms_to_guard_interval_table' was not declared. Should it be static?
drivers/media/common/siano/smsdvb-main.c:54:5: warning: symbol 'sms_to_code_rate_table' was not declared. Should it be static?
drivers/media/common/siano/smsdvb-main.c:63:5: warning: symbol 'sms_to_hierarchy_table' was not declared. Should it be static?
drivers/media/common/siano/smsdvb-main.c:70:5: warning: symbol 'sms_to_modulation_table' was not declared. Should it be static?
drivers/media/common/siano/smscoreapi.c:925:35: warning: cast to restricted __le32
drivers/media/common/siano/smscoreapi.c:926:28: warning: cast to restricted __le32
Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>

At this bugzilla and similar ones:
   https://bugzilla.kernel.org/show_bug.cgi?id=60645
Those debug messages were seen as errors, but they're just debug
data, and are OK to appear on sms1100 and sms2270. Re-tag them
to appear only if debug is enabled.
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>
Tested-by: NAndré Roth <neolynx@gmail.com>
Signed-off-by: NMauro Carvalho Chehab <m.chehab@samsung.com>

Ensure release_firmware is called if kmalloc fails.

[mchehab@redhat.com: patch unmangled and converted from -p2 to -p1]
Signed-off-by: NRoberto Alcantara <roberto@eletronica.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

If firmware load fails, report it as an error.
Signed-off-by: NRoberto Alcantara <roberto@eletronica.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

As reported by Dan Carpenter:
	FYI, there are new smatch warnings show up in

	tree:   git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next master
	head:   da17d7bda957ae4697b6abc0793f74fb9b50b58f
	commit: 4c3bdb5e [media] siano: better debug send/receive messages

	drivers/media/common/siano/smscoreapi.c:396 smscore_translate_msg() error: buffer overflow 'siano_msgs' 401 <= 401

While it is almost impossible for this error to happen in
practice, as it would require the siano's firmware to return
an special invalid answer to a message request, fixing it
is trivial. So, let's do it.
Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

drivers/media/common/siano/smsdvb-debugfs.c:51:6: warning: no previous prototype for 'smsdvb_print_dvb_stats' [-Wmissing-prototypes]
drivers/media/common/siano/smsdvb-debugfs.c:154:6: warning: no previous prototype for 'smsdvb_print_isdb_stats' [-Wmissing-prototypes]
drivers/media/common/siano/smsdvb-debugfs.c:244:6: warning: no previous prototype for 'smsdvb_print_isdb_stats_ex' [-Wmissing-prototypes]
drivers/media/common/siano/smscoreapi.c:832:5: warning: no previous prototype for 'smscore_configure_board' [-Wmissing-prototypes]
drivers/media/common/siano/smscoreapi.c:1301:5: warning: no previous prototype for 'smscore_init_device' [-Wmissing-prototypes]
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Fix all other remaining checkpatch.pl compliants on the Siano driver,
except for the 80-cols (soft) limit. Those are harder to fix, and
probably not worth to do right now.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Remove the remaining CamelCase checkpatch.pl compliants.
There are still a few left, but those are due to USB and
DVB APIs.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

It is almost impossible to see a compliant with checkpatch.pl
on those Siano drivers, as there are simply too much violations
on it. So, now that a big change was done, the better is to
cleanup the checkpatch compliants.

Let's first replace all CammelCase symbols found at smscoreapi.h
using camel_case namespace. That removed 144 checkpatch.pl
compliants on this file. Of course, the other files need to be
fixed accordingly.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

This driver can use several firmwares. Provide such info at
module firmware metadata.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

There are too many firmwares there. As we need to add
MODULE_FIMWARE() macros, the better is to define their names
on just one place and use the macros for both cards/device type
tables and MODULE_FIRMWARE().
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

When the driver is tuned into chanel, and it is removed/reinserted,
the message stream data may be arriving during device probe:
	[ 5680.162004] smscore_set_device_mode: set device mode to 6
	[ 5680.162267] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.162391] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.162641] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.162891] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.163016] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.163266] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.163516] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.163640] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.163891] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.164016] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.164265] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.164515] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.164519] smscore_onresponse: Firmware id 6 prots 0x40 ver 8.1
	[ 5680.164766] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.166018] smscore_onresponse: message MSG_SMS_DVBT_BDA_DATA(693) not handled.
	[ 5680.166438] DVB: registering new adapter (Siano Rio Digital Receiver)
Instead of complaining, just silently discard those messages, instead of
complaining.
A proper fix is to put the device on suspend/power down mode when the module
is removed.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

sms_debug() and sms_info() already adds a '\n' at the printed
strings. No need to add more.
That helps to cleanup stuff like:
	[ 4868.205648] smscore_onresponse: message not handled.
	[ 4868.205898] smscore_onresponse: message not handled.
and:
	[ 5467.959769] smscore_onresponse:
	data rate 143069 bytes/secs
While here, provides the message name, when the message is not
handled by the smsmdtv core.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Put this function earlier in the code, to avoid the need of
defining a function stub.
No functional changes.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

There is an special lookup code that is called when
SMS_BOARD_UNKNOWN. The logic there is bogus and will cause
an oops, as .type is SMS_UNKNOWN_TYPE (-1).
As the code would do:
	return smscore_fw_lkup[type][mode];
That would mean that it would try to go past the
smscore_fw_lkup table.
So, just remove that bogus code, simplifying the logic.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Instead of using a global default_mode, passed via modprobe
parameter, use the one defined inside the cards struct.
That will prevent the need of manually specify it for each
board, except, of course, if the user wants to do something
different, on boards that accept multiple types.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

There are two ways to specify firmware for siano devices: a
per-device ID and a per-device type.
The per-device type logic is currently made by a 11x9 string
table, sparsely filled. It is very hard to read the table at
the source code, as there are too much "none" filling there
("none" there is a way to tell NULL).
Instead of using such problematic table, convert it into an
easy to read table, where the unused values will be defaulted
to NULL.
While here, also simplifies a little bit the logic and print
a message if an user-selected mode doesn't exist.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Currently, every time a message is sent or received, the endiannes
need to be fixed on big endian machines. This is currently done
on every call to the send API, and on every msg reception logic.
Instead of doing that, move it to the send/receive functions.
That simplifies the logic and avoids the risk of forgetting to
fix it somewhere.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Newer firmwares seem to require an init device message. Apply
such change from Doron Cohen's patch:
	http://patchwork.linuxtv.org/patch/7889/Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Backported from Doron Cohen's patch:
	http://patchwork.linuxtv.org/patch/7889/Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Based on Doron Cohen's patch:
	http://patchwork.linuxtv.org/patch/7887/Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Some cleanups at smscoreapi. Most are just CodingStyle.
Also, use kzalloc when allocating a new buffer, as it initializes
the allocated space with zero.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Instead of displaying this:
	[   61.869415] smscore_load_firmware_family2: rc=0, postload=0x          (null)
Display, instead:
	[ 1348.441160] smscore_load_firmware_family2: rc=0
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Don't keep in the dark: report the firmware file name after
lookup. That helps to debug what's happening when a firmware is not
found.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

There are new firmwares for sms2xxx devices. Change the firmware
load logic to handle those newer firmwares and devices.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

As there are some changes that seem to be firmware-dependent,
we need to store the firmware version, as we don't want to break
support for existing cards that use a legacy (and sometimes
custom) firmware.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Board #0 is an existing one. Instead of initializing the driver
with it, use a different value to detect if board is unknown.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Instead of printing a message for some random messages, print
it for all sent/received ones. That helps a lot to debug
what's going on.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

The same GPIO config struct was declared twice at the
driver, with different names and different macros:
	struct smscore_config_gpio
	struct smscore_config_gpio
Remove the one that uses CamelCase and fix the references to
its attributes/macros.
No functional changes.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

Siano changed the namespace on more recent API, and re-used some
of the old names. In order to be able to update the API to support
newer chips, the better is to follow this change.
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

kfree on NULL pointer is a no-op.
Signed-off-by: NSyam Sidhardhan <s.syam@samsung.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>

drivers/media/common/siano/smscoreapi.c:1095:26: warning: no previous prototype for 'get_entry' [-Wmissing-prototypes]
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>