[PATCH] firmware: socfpga: Fix a bug in fpgamgr_program_write_buf()

[Andrey Smirnov]

Fix a bug in fpgamgr_program_write_buf() where .rbf file whose length
is not a multiple of 4 would cause an integer overflow which would
result in infinite loop.

Signed-off-by: Andrey Smirnov <andrew.smirnov at gmail.com>
---
 drivers/firmware/socfpga.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/drivers/firmware/socfpga.c b/drivers/firmware/socfpga.c
index a5dc607..75fb050 100644
--- a/drivers/firmware/socfpga.c
+++ b/drivers/firmware/socfpga.c
@@ -321,14 +321,32 @@ static int fpgamgr_program_write_buf(struct firmware_handler *fh, const void *bu
 		size_t size)
 {
 	struct fpgamgr *mgr = container_of(fh, struct fpgamgr, fh);
-	const uint32_t *buf32 = buf;
+	const uint8_t *buffer = buf;
+	uint32_t word;
+	size_t chunk_size;
+	size_t offset = 0;
 
 	/* write to FPGA Manager AXI data */
 	while (size) {
-		writel(*buf32, mgr->regs_data);
+		chunk_size = min(size, sizeof(uint32_t));
+		size -= chunk_size;
+
+		if (likely(chunk_size == sizeof(uint32_t))) {
+			word = *(uint32_t *)(buffer + offset);
+			offset += sizeof(uint32_t);
+		} else {
+			word = buffer[offset++];
+			word <<= 8;
+			chunk_size--;
+
+			while (chunk_size--) {
+				word |= buffer[offset++];
+				word <<= 8;
+			}
+		}
+
+		writel(word, mgr->regs_data);
 		readl(mgr->regs + FPGAMGRREGS_MON_GPIO_EXT_PORTA_ADDRESS);
-		buf32++;
-		size -= sizeof(uint32_t);
 	}
 
 	return 0;
-- 
2.1.0