]> git.karo-electronics.de Git - mv-sheeva.git/blobdiff - drivers/staging/bcm/Bcmchar.c
projects / mv-sheeva.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'v2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
[mv-sheeva.git] / drivers / staging / bcm / Bcmchar.c
diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index fead9c56162e1f629648ca1a8d94aca0887e8cc1..31674ea1cd480d2926d556e4ff46289906d678f0 100644 (file)
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -12,7 +12,7 @@
 *
 * Returns        - Zero(Success)
 ****************************************************************/
-static struct class *bcm_class = NULL;
+
 static int bcm_char_open(struct inode *inode, struct file * filp)
 {
        PMINI_ADAPTER           Adapter = NULL;
@@ -93,7 +93,7 @@ static int bcm_char_release(struct inode *inode, struct file *filp)
     /*Stop Queuing the control response Packets*/
     atomic_dec(&Adapter->ApplicationRunning);
 
-    bcm_kfree(pTarang);
+    kfree(pTarang);
 
        /* remove this filp from the asynchronously notified filp's */
     filp->private_data = NULL;
@@ -102,11 +102,11 @@ static int bcm_char_release(struct inode *inode, struct file *filp)
 
 static ssize_t bcm_char_read(struct file *filp, char __user *buf, size_t size, loff_t *f_pos)
 {
-    PPER_TARANG_DATA pTarang = (PPER_TARANG_DATA)filp->private_data;
+       PPER_TARANG_DATA pTarang = filp->private_data;
        PMINI_ADAPTER   Adapter = pTarang->Adapter;
-    struct sk_buff* Packet = NULL;
-    UINT            PktLen = 0;
-       int                     wait_ret_val=0;
+       struct sk_buff* Packet = NULL;
+       ssize_t         PktLen = 0;
+       int             wait_ret_val=0;
 
        wait_ret_val = wait_event_interruptible(Adapter->process_read_wait_queue,
                (pTarang->RxAppControlHead || Adapter->device_removed));
@@ -139,14 +139,16 @@ static ssize_t bcm_char_read(struct file *filp, char __user *buf, size_t size, l
        if(Packet)
        {
                PktLen = Packet->len;
-               if(copy_to_user(buf, Packet->data, PktLen))
+               if(copy_to_user(buf, Packet->data, min_t(size_t, PktLen, size)))
                {
-                       bcm_kfree_skb(Packet);
+                       dev_kfree_skb(Packet);
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "\nReturning from copy to user failure \n");
                        return -EFAULT;
                }
-               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Read %d Bytes From Adapter packet = 0x%p by process %d!\n", PktLen, Packet, current->pid);
-               bcm_kfree_skb(Packet);
+               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,
+                               "Read %zd Bytes From Adapter packet = %p by process %d!\n",
+                               PktLen, Packet, current->pid);
+               dev_kfree_skb(Packet);
        }
 
     BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "<====\n");
@@ -155,15 +157,12 @@ static ssize_t bcm_char_read(struct file *filp, char __user *buf, size_t size, l
 
 static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
 {
-    PPER_TARANG_DATA  pTarang = (PPER_TARANG_DATA)filp->private_data;
-       void __user *argp = (void __user *)argp;
+       PPER_TARANG_DATA  pTarang = filp->private_data;
+       void __user *argp = (void __user *)arg;
        PMINI_ADAPTER   Adapter = pTarang->Adapter;
        INT                     Status = STATUS_FAILURE;
-       IOCTL_BUFFER    IoBuffer={};
-#ifndef BCM_SHM_INTERFACE
-    int timeout = 0;
-#endif
-
+       int timeout = 0;
+       IOCTL_BUFFER    IoBuffer;
 
        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Parameters Passed to control IOCTL cmd=0x%X arg=0x%lX", cmd, arg);
 
@@ -204,50 +203,41 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
 
        Status = vendorextnIoctl(Adapter, cmd, arg);
        if(Status != CONTINUE_COMMON_PATH )
-       {
                 return Status;
-       }
 
        switch(cmd){
                // Rdms for Swin Idle...
                case IOCTL_BCM_REGISTER_READ_PRIVATE:
                {
                        RDM_BUFFER  sRdmBuffer = {0};
-                       PCHAR temp_buff = NULL;
-                       UINT Bufflen = 0;
+                       PCHAR temp_buff;
+                       UINT Bufflen;
+
                        /* Copy Ioctl Buffer structure */
-                       if(copy_from_user((PCHAR)&IoBuffer, argp,
-                               sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
+                       if (IoBuffer.InputLength > sizeof(sRdmBuffer))
+                               return -EINVAL;
 
+                       if(copy_from_user(&sRdmBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
+
+                       /* FIXME: need to restrict BuffLen */
                        Bufflen = IoBuffer.OutputLength + (4 - IoBuffer.OutputLength%4)%4;
-                       temp_buff = (PCHAR)kmalloc(Bufflen, GFP_KERNEL);
+                       temp_buff = kmalloc(Bufflen, GFP_KERNEL);
                        if(!temp_buff)
-                       {
-                               return STATUS_FAILURE;
-                       }
-                       if(copy_from_user(&sRdmBuffer, IoBuffer.InputBuffer,
-                               IoBuffer.InputLength))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                               return -ENOMEM;
+
                        Status = rdmalt(Adapter, (UINT)sRdmBuffer.Register,
                                        (PUINT)temp_buff, Bufflen);
-                       if(Status != STATUS_SUCCESS)
-                       {
-                               bcm_kfree(temp_buff);
-                               return Status;
-                       }
-                       if(copy_to_user(IoBuffer.OutputBuffer,
-                               (PCHAR)temp_buff, (UINT)IoBuffer.OutputLength))
+                       if(Status == STATUS_SUCCESS)
                        {
-                               Status = -EFAULT;
+                               if(copy_to_user(IoBuffer.OutputBuffer, temp_buff, IoBuffer.OutputLength))
+                                       Status = -EFAULT;
                        }
-                       bcm_kfree(temp_buff);
+
+                       kfree(temp_buff);
                        break;
                }
                case IOCTL_BCM_REGISTER_WRITE_PRIVATE:
@@ -256,19 +246,16 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        UINT uiTempVar=0;
                        /* Copy Ioctl Buffer structure */
 
-                       if(copy_from_user(&IoBuffer, argp,
-                               sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
+                       if (IoBuffer.InputLength > sizeof(sWrmBuffer))
+                               return -EINVAL;
+
                        /* Get WrmBuffer structure */
-                       if(copy_from_user(&sWrmBuffer, IoBuffer.InputBuffer,
-                               IoBuffer.InputLength))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_from_user(&sWrmBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
+
                        uiTempVar = sWrmBuffer.Register & EEPROM_REJECT_MASK;
                        if(!((Adapter->pstargetparams->m_u32Customize) & VSG_MODE) &&
                                ((uiTempVar == EEPROM_REJECT_REG_1)||
@@ -277,8 +264,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                (uiTempVar == EEPROM_REJECT_REG_4)))
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "EEPROM Access Denied, not in VSG Mode\n");
-                               Status = -EFAULT;
-                               break;
+                               return -EFAULT;
                        }
                        Status = wrmalt(Adapter, (UINT)sWrmBuffer.Register,
                                                (PUINT)sWrmBuffer.Data, sizeof(ULONG));
@@ -305,56 +291,39 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                (Adapter->bPreparingForLowPowerMode ==TRUE))
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Device in Idle Mode, Blocking Rdms\n");
-                               Status = -EACCES;
-                               break;
+                               return -EACCES;
                        }
                        /* Copy Ioctl Buffer structure */
-                       if(copy_from_user(&IoBuffer, argp,
-                               sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
+                       if (IoBuffer.InputLength > sizeof(sRdmBuffer))
+                               return -EINVAL;
 
-                       temp_buff = (PCHAR)kmalloc(IoBuffer.OutputLength, GFP_KERNEL);
+                       if(copy_from_user(&sRdmBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
+
+                       /* FIXME: don't trust user supplied length */
+                       temp_buff = kmalloc(IoBuffer.OutputLength, GFP_KERNEL);
                        if(!temp_buff)
-                       {
                                return STATUS_FAILURE;
-                       }
-                       if(copy_from_user(&sRdmBuffer, IoBuffer.InputBuffer,
-                               IoBuffer.InputLength))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
 
-                       if(
-#if !defined(BCM_SHM_INTERFACE)
-                               (((ULONG)sRdmBuffer.Register & 0x0F000000) != 0x0F000000) ||
-#endif
-                                       ((ULONG)sRdmBuffer.Register & 0x3)
-                         )
+                       if((((ULONG)sRdmBuffer.Register & 0x0F000000) != 0x0F000000) ||
+                          ((ULONG)sRdmBuffer.Register & 0x3))
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "RDM Done On invalid Address : %x Access Denied.\n",
                                        (int)sRdmBuffer.Register);
-                               Status = -EINVAL;
-                               break;
+                               return -EINVAL;
                        }
 
                        uiTempVar = sRdmBuffer.Register & EEPROM_REJECT_MASK;
                        Status = rdmaltWithLock(Adapter, (UINT)sRdmBuffer.Register,
                                                (PUINT)temp_buff, IoBuffer.OutputLength);
-                       if(Status != STATUS_SUCCESS)
-                       {
-                               bcm_kfree(temp_buff);
-                               return Status;
-                       }
-                       if(copy_to_user(IoBuffer.OutputBuffer,
-                               (PCHAR)temp_buff, (UINT)IoBuffer.OutputLength))
-                       {
-                               Status = -EFAULT;
-                       }
-                       bcm_kfree(temp_buff);
+                       if(Status == STATUS_SUCCESS)
+                               if(copy_to_user(IoBuffer.OutputBuffer, temp_buff, IoBuffer.OutputLength))
+                                       Status = -EFAULT;
+
+                       kfree(temp_buff);
                        break;
                }
                case IOCTL_BCM_REGISTER_WRITE:
@@ -367,36 +336,28 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                (Adapter->bPreparingForLowPowerMode ==TRUE))
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Device in Idle Mode, Blocking Wrms\n");
-                               Status = -EACCES;
-                               break;
+                               return -EACCES;
                        }
+
                        /* Copy Ioctl Buffer structure */
-                       if(copy_from_user((PCHAR)&IoBuffer, argp,
-                                       sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
+                       if (IoBuffer.InputLength > sizeof(sWrmBuffer))
+                               return -EINVAL;
+
                        /* Get WrmBuffer structure */
-                       if(copy_from_user(&sWrmBuffer, IoBuffer.InputBuffer,
-                               IoBuffer.InputLength))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
-                       if(
-#if !defined(BCM_SHM_INTERFACE)
+                       if(copy_from_user(&sWrmBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
 
-                               (((ULONG)sWrmBuffer.Register & 0x0F000000) != 0x0F000000) ||
-#endif
-                                       ((ULONG)sWrmBuffer.Register & 0x3)
-                        )
+                       if( (((ULONG)sWrmBuffer.Register & 0x0F000000) != 0x0F000000) ||
+                                       ((ULONG)sWrmBuffer.Register & 0x3) )
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "WRM Done On invalid Address : %x Access Denied.\n",
                                                (int)sWrmBuffer.Register);
-                               Status = -EINVAL;
-                               break;
+                               return -EINVAL;
                        }
+
                        uiTempVar = sWrmBuffer.Register & EEPROM_REJECT_MASK;
                        if(!((Adapter->pstargetparams->m_u32Customize) & VSG_MODE) &&
                                ((uiTempVar == EEPROM_REJECT_REG_1)||
@@ -406,8 +367,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                (cmd == IOCTL_BCM_REGISTER_WRITE))
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "EEPROM Access Denied, not in VSG Mode\n");
-                               Status = -EFAULT;
-                               break;
+                               return -EFAULT;
                        }
 
                        Status = wrmaltWithLock(Adapter, (UINT)sWrmBuffer.Register,
@@ -436,19 +396,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                (Adapter->bPreparingForLowPowerMode ==TRUE))
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"GPIO Can't be set/clear in Low power Mode");
-                               Status = -EACCES;
-                               break;
+                               return -EACCES;
                        }
                        if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                   }
+                               return -EFAULT;
+                       if (IoBuffer.InputLength > sizeof(gpio_info))
+                               return -EINVAL;
                        if(copy_from_user(&gpio_info, IoBuffer.InputBuffer, IoBuffer.InputLength))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                               return -EFAULT;
                        uiBit  = gpio_info.uiGpioNumber;
                        uiOperation = gpio_info.uiGpioValue;
 
@@ -517,8 +472,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                break;
                case BCM_LED_THREAD_STATE_CHANGE_REQ:
                {
-
-                       USER_THREAD_REQ threadReq = {0};
+                       USER_THREAD_REQ threadReq = { 0 };
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"User made LED thread InActive");
 
                        if((Adapter->IdleMode == TRUE) ||
@@ -529,21 +483,16 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                Status = -EACCES;
                                break;
                        }
-                       Status =copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                       if(Status)
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying the IOBufer from user space err:%d",Status);
-                               Status = -EFAULT;
-                               break;
-                       }
 
-                       Status= copy_from_user(&threadReq, IoBuffer.InputBuffer, IoBuffer.InputLength);
-                       if(Status)
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying the InputBuffer from user space err:%d",Status);
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
+                       if (IoBuffer.InputLength > sizeof(threadReq))
+                               return -EINVAL;
+
+                       if (copy_from_user(&threadReq, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
+
                        //if LED thread is running(Actively or Inactively) set it state to make inactive
                        if(Adapter->LEDInfo.led_thread_running)
                        {
@@ -572,19 +521,13 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        if((Adapter->IdleMode == TRUE) ||
                                (Adapter->bShutStatus ==TRUE) ||
                                (Adapter->bPreparingForLowPowerMode ==TRUE))
-                       {
-                               Status = -EACCES;
-                               break;
-                       }
-                       if(copy_from_user((PCHAR)&IoBuffer, argp, sizeof(IOCTL_BUFFER))) {
-                               Status = -EFAULT;
-                               break;
-                       }
-                if(copy_from_user(&gpio_info, IoBuffer.InputBuffer, IoBuffer.InputLength))
-                {
-                    Status = -EFAULT;
-                    break;
-                }
+                               return -EACCES;
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+                       if (IoBuffer.InputLength > sizeof(gpio_info))
+                               return -EINVAL;
+                       if(copy_from_user(&gpio_info, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
                 uiBit  = gpio_info.uiGpioNumber;
                                  //Set the gpio output register
                                Status = rdmaltWithLock(Adapter, (UINT)GPIO_PIN_STATE_REGISTER,
@@ -608,25 +551,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if((Adapter->IdleMode == TRUE) ||
                                (Adapter->bShutStatus ==TRUE) ||
                                (Adapter->bPreparingForLowPowerMode ==TRUE))
-                               {
-                                       Status = -EINVAL;
-                                       break;
-                               }
-                               Status = copy_from_user( (PCHAR)&IoBuffer, argp, sizeof( IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying the IOBufer from user space err:%d",Status);
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                                       return -EINVAL;
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                                       return -EFAULT;
+                               if (IoBuffer.InputLength > sizeof(gpio_multi_info))
+                                       return -EINVAL;
+                               if (copy_from_user(&gpio_multi_info, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                                       return -EFAULT;
 
-                               Status = copy_from_user( &gpio_multi_info, IoBuffer.InputBuffer, IoBuffer.InputLength);
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying the IOBufer Contents from user space err:%d",Status);
-                                       Status = -EFAULT;
-                                       break;
-                               }
                                if(IsReqGpioIsLedInNVM(Adapter,pgpio_multi_info[WIMAX_IDX].uiGPIOMask)== FALSE)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Sorry, Requested GPIO<0x%X> is not correspond to NVM LED bit map<0x%X>!!!",pgpio_multi_info[WIMAX_IDX].uiGPIOMask,Adapter->gpioBitMap);
@@ -686,7 +618,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying Content to IOBufer for user space err:%d",Status);
-                                       Status = -EFAULT;
                                        break;
                                }
                        }
@@ -700,25 +631,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        if((Adapter->IdleMode == TRUE) ||
                                (Adapter->bShutStatus ==TRUE) ||
                                (Adapter->bPreparingForLowPowerMode ==TRUE))
-                       {
-                                       Status = -EINVAL;
-                                       break;
-                       }
-                       Status = copy_from_user(&IoBuffer, argp, sizeof( IOCTL_BUFFER));
-                       if(Status)
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying the IOBufer from user space err:%d",Status);
-                               Status = -EFAULT;
-                               break;
-                       }
+                                       return -EINVAL;
 
-                       Status = copy_from_user( &gpio_multi_mode, IoBuffer.InputBuffer, IoBuffer.InputLength);
-                       if(Status)
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying the IOBufer Contents from user space err:%d",Status);
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+                       if (IoBuffer.InputLength > sizeof(gpio_multi_mode))
+                               return -EINVAL;
+                       if (copy_from_user(&gpio_multi_mode, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               return -EFAULT;
 
                        Status = rdmaltWithLock( Adapter, ( UINT) GPIO_MODE_REGISTER, ( PUINT) ucResetValue, sizeof( UINT));
                        if( STATUS_SUCCESS != Status)
@@ -769,7 +689,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        if(Status)
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Failed while copying Content to IOBufer for user space err:%d",Status);
-                               Status = -EFAULT;
                                break;
                        }
                }
@@ -783,24 +702,20 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                case IOCTL_IDLE_REQ:
                {
                        PVOID pvBuffer=NULL;
+
                        /* Copy Ioctl Buffer structure */
-                       if(copy_from_user(&IoBuffer, argp,
-                                                       sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
-                       pvBuffer=kmalloc(IoBuffer.InputLength, GFP_KERNEL);
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
+                       /* FIXME: don't accept any length from user */
+                       pvBuffer = kmalloc(IoBuffer.InputLength, GFP_KERNEL);
                        if(!pvBuffer)
-                       {
                                return -ENOMEM;
-                       }
 
-                       if(copy_from_user(pvBuffer, IoBuffer.InputBuffer,
-                                       IoBuffer.InputLength))
+                       if(copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
                        {
                                Status = -EFAULT;
-                               bcm_kfree(pvBuffer);
+                               kfree(pvBuffer);
                                break;
                        }
 
@@ -820,10 +735,9 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        Status = CopyBufferToControlPacket(Adapter, (PVOID)pvBuffer);
                cntrlEnd:
                        up(&Adapter->LowPowerModeSync);
-                       bcm_kfree(pvBuffer);
+                       kfree(pvBuffer);
                        break;
                }
-#ifndef BCM_SHM_INTERFACE
                case IOCTL_BCM_BUFFER_DOWNLOAD_START:
                {
                        INT NVMAccess = down_trylock(&Adapter->NVMRdmWrmLock) ;
@@ -844,7 +758,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                Status = reset_card_proc(Adapter);
                                if(Status)
                                {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "reset_card_proc Failed!\n");
+                                       pr_err(PFX "%s: reset_card_proc Failed!\n", Adapter->dev->name);
                                        up(&Adapter->fw_download_sema);
                                        up(&Adapter->NVMRdmWrmLock);
                                        break;
@@ -862,7 +776,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                }
                case IOCTL_BCM_BUFFER_DOWNLOAD:
                        {
-                               FIRMWARE_INFO   *psFwInfo=NULL;
+                               FIRMWARE_INFO   *psFwInfo = NULL;
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Starting the firmware download PID =0x%x!!!!\n", current->pid);
                        do{
                                if(!down_trylock(&Adapter->fw_download_sema))
@@ -871,29 +785,23 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        Status=-EINVAL;
                                        break;
                                }
+
                                /* Copy Ioctl Buffer structure */
                                if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "copy_from_user 1 failed\n");
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                                       return -EFAULT;
+
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Length for FW DLD is : %lx\n",
                                                                                IoBuffer.InputLength);
-                               psFwInfo=kmalloc(sizeof(*psFwInfo), GFP_KERNEL);
+
+                               if (IoBuffer.InputLength > sizeof(FIRMWARE_INFO))
+                                       return -EINVAL;
+
+                               psFwInfo = kmalloc(sizeof(*psFwInfo), GFP_KERNEL);
                                if(!psFwInfo)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Failed to allocate buffer!!!!\n");
-                                       Status = -ENOMEM;
-                                       break;
-                               }
-                               if(copy_from_user(psFwInfo, IoBuffer.InputBuffer,
-                                                       IoBuffer.InputLength))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy_from_user 2 failed\n");
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                                       return -ENOMEM;
+
+                               if(copy_from_user(psFwInfo, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                                       return -EFAULT;
 
                                if(!psFwInfo->pvMappedFirmwareAddress ||
                                                (psFwInfo->u32FirmwareLength == 0))
@@ -929,7 +837,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                          if(Status != STATUS_SUCCESS)
                                        up(&Adapter->fw_download_sema);
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, OSAL_DBG, DBG_LVL_ALL, "IOCTL: Firmware File Uploaded\n");
-                               bcm_kfree(psFwInfo);
+                               kfree(psFwInfo);
                                break;
                        }
                case IOCTL_BCM_BUFFER_DOWNLOAD_STOP:
@@ -946,7 +854,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                Adapter->bBinDownloaded=TRUE;
                                Adapter->bCfgDownloaded=TRUE;
                                atomic_set(&Adapter->CurrNumFreeTxDesc, 0);
-                               atomic_set(&Adapter->RxRollOverCount, 0);
+
                                Adapter->CurrNumRecvDescs=0;
                                Adapter->downloadDDR = 0;
 
@@ -999,7 +907,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        up(&Adapter->NVMRdmWrmLock);
                        break;
                }
-#endif
                case IOCTL_BE_BUCKET_SIZE:
                        Status = 0;
                        if (get_user(Adapter->BEBucketSize, (unsigned long __user *)arg))
@@ -1050,22 +957,16 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        break;
 
                case IOCTL_GET_PACK_INFO:
-                       if(copy_to_user(argp, &Adapter->PackInfo,
-                               sizeof(PacketInfo)*NO_OF_QUEUES))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_to_user(argp, &Adapter->PackInfo, sizeof(PacketInfo)*NO_OF_QUEUES))
+                               return -EFAULT;
                        Status = STATUS_SUCCESS;
                        break;
                case IOCTL_BCM_SWITCH_TRANSFER_MODE:
                {
                        UINT uiData = 0;
                        if(copy_from_user(&uiData, argp, sizeof(UINT)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                               return -EFAULT;
+
                        if(uiData)      /* Allow All Packets */
                        {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "IOCTL_BCM_SWITCH_TRANSFER_MODE: ETH_PACKET_TUNNELING_MODE\n");
@@ -1084,22 +985,16 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                {
                        /* Copy Ioctl Buffer structure */
                        if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
-                       if(copy_to_user(IoBuffer.OutputBuffer,
-                               VER_FILEVERSION_STR, (UINT)IoBuffer.OutputLength))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
+                               return -EFAULT;
+
+                       if(copy_to_user(IoBuffer.OutputBuffer, VER_FILEVERSION_STR, IoBuffer.OutputLength))
+                               return -EFAULT;
                        Status = STATUS_SUCCESS;
                        break;
                }
                case IOCTL_BCM_GET_CURRENT_STATUS:
                {
-                       LINK_STATE plink_state;
+                       LINK_STATE link_state;
 
                        /* Copy Ioctl Buffer structure */
                        if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
@@ -1108,19 +1003,19 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                Status = -EFAULT;
                                break;
                        }
-                       if (IoBuffer.OutputLength != sizeof(plink_state)) {
+                       if (IoBuffer.OutputLength != sizeof(link_state)) {
                                Status = -EINVAL;
                                break;
                        }
 
-                       if (copy_from_user(&plink_state, (void __user *)arg, sizeof(plink_state))) {
-                               Status = -EFAULT;
-                               break;
-                       }
-                       plink_state.bIdleMode = (UCHAR)Adapter->IdleMode;
-                       plink_state.bShutdownMode = Adapter->bShutStatus;
-                       plink_state.ucLinkStatus = (UCHAR)Adapter->LinkStatus;
-                       if (copy_to_user(IoBuffer.OutputBuffer, &plink_state, IoBuffer.OutputLength)) {
+                       memset(&link_state, 0, sizeof(link_state));
+                       link_state.bIdleMode = Adapter->IdleMode;
+                       link_state.bShutdownMode = Adapter->bShutStatus;
+                       link_state.ucLinkStatus = Adapter->LinkStatus;
+
+                       if (copy_to_user(IoBuffer.OutputBuffer, &link_state,
+                                        min_t(size_t, sizeof(link_state), IoBuffer.OutputLength)))
+                       {
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy_to_user Failed..\n");
                                Status = -EFAULT;
                                break;
@@ -1131,17 +1026,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
         case IOCTL_BCM_SET_MAC_TRACING:
         {
             UINT  tracing_flag;
+
             /* copy ioctl Buffer structure */
-                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                       {
-                               Status = -EFAULT;
-                               break;
-                       }
-                       if(copy_from_user(&tracing_flag, IoBuffer.InputBuffer,sizeof(UINT)))
-            {
-                               Status = -EFAULT;
-                               break;
-                       }
+           if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                   return -EFAULT;
+
+           if(copy_from_user(&tracing_flag,IoBuffer.InputBuffer,sizeof(UINT)))
+                   return -EFAULT;
+
             if (tracing_flag)
                 Adapter->pTarangs->MacTracingEnabled = TRUE;
             else
@@ -1151,72 +1043,53 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                case IOCTL_BCM_GET_DSX_INDICATION:
                {
                        ULONG ulSFId=0;
-                       if(copy_from_user((PCHAR)&IoBuffer, argp,
-                                       sizeof(IOCTL_BUFFER)))
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Invalid IO buffer!!!" );
-                               Status = -EFAULT;
-                               break;
-                       }
+                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                               return -EFAULT;
+
                        if(IoBuffer.OutputLength < sizeof(stLocalSFAddIndicationAlt))
                        {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Mismatch req: %lx needed is =0x%zx!!!",
-                                       IoBuffer.OutputLength, sizeof(stLocalSFAddIndicationAlt));
+                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,
+                                               "Mismatch req: %lx needed is =0x%zx!!!",
+                                               IoBuffer.OutputLength, sizeof(stLocalSFAddIndicationAlt));
                                return -EINVAL;
                        }
-                       if(copy_from_user(&ulSFId, IoBuffer.InputBuffer,
-                                       sizeof(ulSFId)))
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Invalid SFID!!! %lu", ulSFId );
-                               Status = -EFAULT;
-                               break;
-                       }
+
+                       if(copy_from_user(&ulSFId, IoBuffer.InputBuffer, sizeof(ulSFId)))
+                               return -EFAULT;
+
                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Get DSX Data SF ID is =%lx\n", ulSFId );
-                       get_dsx_sf_data_to_application(Adapter, ulSFId,
-                               IoBuffer.OutputBuffer);
+                       get_dsx_sf_data_to_application(Adapter, ulSFId, IoBuffer.OutputBuffer);
                        Status=STATUS_SUCCESS;
                }
                break;
                case IOCTL_BCM_GET_HOST_MIBS:
                {
-                       PCHAR temp_buff;
+                       PVOID temp_buff;
 
                        if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy_from user for IoBuff failed\n");
-                               Status = -EFAULT;
-                               break;
-                       }
+                               return -EFAULT;
 
                        if(IoBuffer.OutputLength != sizeof(S_MIBS_HOST_STATS_MIBS))
                        {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Length Check failed %lu %zd\n", IoBuffer.OutputLength,
-                                                                                       sizeof(S_MIBS_HOST_STATS_MIBS));
-                       return -EINVAL;
+                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,
+                                               "Length Check failed %lu %zd\n",
+                                               IoBuffer.OutputLength, sizeof(S_MIBS_HOST_STATS_MIBS));
+                               return -EINVAL;
                        }
 
-                       temp_buff = (PCHAR)kmalloc(IoBuffer.OutputLength, GFP_KERNEL);
-
+                       /* FIXME: HOST_STATS are too big for kmalloc (122048)! */
+                       temp_buff = kzalloc(sizeof(S_MIBS_HOST_STATS_MIBS), GFP_KERNEL);
                        if(!temp_buff)
-                       {
                                return STATUS_FAILURE;
-                       }
-
-                       Status = ProcessGetHostMibs(Adapter,
-                                       (PUCHAR)temp_buff, IoBuffer.OutputLength);
 
-               Status = GetDroppedAppCntrlPktMibs((PVOID)temp_buff,
-                                                                       (PPER_TARANG_DATA)filp->private_data);
+                       Status = ProcessGetHostMibs(Adapter, temp_buff);
+                       GetDroppedAppCntrlPktMibs(temp_buff, pTarang);
 
-                       if(copy_to_user(IoBuffer.OutputBuffer,(PCHAR)temp_buff,
-                               sizeof(S_MIBS_HOST_STATS_MIBS)))
-                       {
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy to user failed\n");
-                               bcm_kfree(temp_buff);
-                               return -EFAULT;
-                       }
+                       if (Status != STATUS_FAILURE)
+                               if(copy_to_user(IoBuffer.OutputBuffer, temp_buff, sizeof(S_MIBS_HOST_STATS_MIBS)))
+                                       Status = -EFAULT;
 
-                       bcm_kfree(temp_buff);
+                       kfree(temp_buff);
                        break;
                }
 
@@ -1226,10 +1099,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                Adapter->usIdleModePattern = ABORT_IDLE_MODE;
                                Adapter->bWakeUpDevice = TRUE;
                                wake_up(&Adapter->process_rx_cntrlpkt);
-                               #if 0
-                               Adapter->bTriedToWakeUpFromlowPowerMode = TRUE;
-                               InterfaceAbortIdlemode (Adapter, Adapter->usIdleModePattern);
-                               #endif
                        }
                        Status = STATUS_SUCCESS;
                        break;
@@ -1248,24 +1117,20 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        Status = -EACCES;
                                        break;
                                }
+
                                /* Copy Ioctl Buffer structure */
-                               if(copy_from_user((PCHAR)&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                               {
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                               if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                                       return -EFAULT;
 
-                               pvBuffer=kmalloc(IoBuffer.InputLength, GFP_KERNEL);
+                               /* FIXME: restrict length */
+                               pvBuffer = kmalloc(IoBuffer.InputLength, GFP_KERNEL);
                                if(!pvBuffer)
-                               {
                                        return -ENOMEM;
-                                       break;
-                               }
 
                                /* Get WrmBuffer structure */
-                if(copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
+                               if(copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength))
                                {
-                                       bcm_kfree(pvBuffer);
+                                       kfree(pvBuffer);
                                        Status = -EFAULT;
                                        break;
                                }
@@ -1275,7 +1140,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(((ULONG)pBulkBuffer->Register & 0x0F000000) != 0x0F000000 ||
                                        ((ULONG)pBulkBuffer->Register & 0x3))
                                {
-                                       bcm_kfree(pvBuffer);
+                                       kfree(pvBuffer);
                     BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0,"WRM Done On invalid Address : %x Access Denied.\n",(int)pBulkBuffer->Register);
                                        Status = -EINVAL;
                                        break;
@@ -1290,7 +1155,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        (uiTempVar == EEPROM_REJECT_REG_4)) &&
                                        (cmd == IOCTL_BCM_REGISTER_WRITE))
                                {
-                                       bcm_kfree(pvBuffer);
+                                       kfree(pvBuffer);
                     BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0,"EEPROM Access Denied, not in VSG Mode\n");
                                        Status = -EFAULT;
                                        break;
@@ -1306,30 +1171,19 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "WRM Failed\n");
                                }
 
-                               bcm_kfree(pvBuffer);
+                               kfree(pvBuffer);
                                break;
                        }
 
                case IOCTL_BCM_GET_NVM_SIZE:
-                       {
-
                        if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                       {
-                               //IOLog("failed NVM first");
-                               Status = -EFAULT;
-                               break;
-                       }
+                               return -EFAULT;
+
                        if(Adapter->eNVMType == NVM_EEPROM || Adapter->eNVMType == NVM_FLASH ) {
-                               if(copy_to_user(IoBuffer.OutputBuffer,
-                                       (unsigned char *)&Adapter->uiNVMDSDSize, (UINT)sizeof(UINT)))
-                               {
-                                               Status = -EFAULT;
-                                               return Status;
-                               }
+                               if(copy_to_user(IoBuffer.OutputBuffer, &Adapter->uiNVMDSDSize, sizeof(UINT)))
+                                       return -EFAULT;
                        }
-
                        Status = STATUS_SUCCESS ;
-                       }
                        break;
 
                case IOCTL_BCM_CAL_INIT :
@@ -1338,40 +1192,26 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                UINT uiSectorSize = 0 ;
                                if(Adapter->eNVMType == NVM_FLASH)
                                {
-                                       Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                                       if(Status)
-                                       {
-                                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Copy From User space failed. status :%d", Status);
+                                       if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
                                                return -EFAULT;
-                                       }
-                                       if (get_user(uiSectorSize, (unsigned int __user *)IoBuffer.InputBuffer))
+
+                                       if (copy_from_user(&uiSectorSize, IoBuffer.InputBuffer, sizeof(UINT)))
                                                return -EFAULT;
 
                                        if((uiSectorSize < MIN_SECTOR_SIZE) || (uiSectorSize > MAX_SECTOR_SIZE))
                                        {
-
-                                               Status = copy_to_user(IoBuffer.OutputBuffer,
-                                                                       (unsigned char *)&Adapter->uiSectorSize ,
-                                                                       (UINT)sizeof(UINT));
-                                               if(Status)
-                                               {
-                                                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Coping the sector size to use space failed. status:%d",Status);
-                                                               return -EFAULT;
-                                               }
+                                               if (copy_to_user(IoBuffer.OutputBuffer, &Adapter->uiSectorSize,
+                                                                sizeof(UINT)))
+                                                       return -EFAULT;
                                        }
                                        else
                                        {
                                                if(IsFlash2x(Adapter))
                                                {
-                                                       Status = copy_to_user(IoBuffer.OutputBuffer,
-                                                                       (unsigned char *)&Adapter->uiSectorSize ,
-                                                                       (UINT)sizeof(UINT));
-                                                       if(Status)
-                                                       {
-                                                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Coping the sector size to use space failed. status:%d",Status);
-                                                                       return -EFAULT;
-                                                       }
-
+                                                       if (copy_to_user(IoBuffer.OutputBuffer,
+                                                                        &Adapter->uiSectorSize ,
+                                                                        sizeof(UINT)))
+                                                           return -EFAULT;
                                                }
                                                else
                                                {
@@ -1395,25 +1235,19 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        }
                        break;
         case IOCTL_BCM_SET_DEBUG :
+#ifdef DEBUG
             {
                 USER_BCM_DBG_STATE sUserDebugState;
 
 //                             BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0, "Entered the ioctl %x \n", IOCTL_BCM_SET_DEBUG );
 
                                BCM_DEBUG_PRINT (Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "In SET_DEBUG ioctl\n");
-                               Status = copy_from_user((PCHAR)&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0, "Copy from user failed\n");
-                                       Status = -EFAULT;
-                                       break;
-                               }
-                               Status = copy_from_user(&sUserDebugState,IoBuffer.InputBuffer, sizeof(USER_BCM_DBG_STATE));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0,  "Copy of IoBuffer.InputBuffer failed");
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
                                        return -EFAULT;
-                               }
+
+                               if (copy_from_user(&sUserDebugState, IoBuffer.InputBuffer, sizeof(USER_BCM_DBG_STATE)))
+                                       return -EFAULT;
+
 
                                BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0, "IOCTL_BCM_SET_DEBUG: OnOff=%d Type = 0x%x ",
                                sUserDebugState.OnOff, sUserDebugState.Type);
@@ -1436,15 +1270,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                 BCM_SHOW_DEBUG_BITMAP(Adapter);
 
                        }
+#endif
                        break;
                case IOCTL_BCM_NVM_READ:
                case IOCTL_BCM_NVM_WRITE:
                        {
-
-                               NVM_READWRITE  stNVMReadWrite = {};
+                               NVM_READWRITE  stNVMReadWrite;
                                PUCHAR pReadData = NULL;
-                               void __user * pBuffertobeCopied = NULL;
-                               ULONG ulDSDMagicNumInUsrBuff = 0 ;
+                               ULONG ulDSDMagicNumInUsrBuff = 0;
                                struct timeval tv0, tv1;
                                memset(&tv0,0,sizeof(struct timeval));
                                memset(&tv1,0,sizeof(struct timeval));
@@ -1469,21 +1302,12 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                        /* Copy Ioctl Buffer structure */
 
                                if(copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"copy_from_user failed\n");
-                                       Status = -EFAULT;
-                                       break;
-                               }
-                               if(IOCTL_BCM_NVM_READ == cmd)
-                                       pBuffertobeCopied = IoBuffer.OutputBuffer;
-                               else
-                                       pBuffertobeCopied = IoBuffer.InputBuffer;
+                                       return -EFAULT;
 
-                               if(copy_from_user(&stNVMReadWrite, pBuffertobeCopied,sizeof(NVM_READWRITE)))
-                               {
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                               if(copy_from_user(&stNVMReadWrite,
+                                                 (IOCTL_BCM_NVM_READ == cmd) ? IoBuffer.OutputBuffer : IoBuffer.InputBuffer,
+                                                 sizeof(NVM_READWRITE)))
+                                       return -EFAULT;
 
                                //
                                // Deny the access if the offset crosses the cal area limit.
@@ -1496,18 +1320,15 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        break;
                                }
 
-                               pReadData =(PCHAR)kmalloc(stNVMReadWrite.uiNumBytes, GFP_KERNEL);
-
+                               pReadData = kzalloc(stNVMReadWrite.uiNumBytes, GFP_KERNEL);
                                if(!pReadData)
                                        return -ENOMEM;
 
-                               memset(pReadData,0,stNVMReadWrite.uiNumBytes);
-
                                if(copy_from_user(pReadData, stNVMReadWrite.pBuffer,
                                                        stNVMReadWrite.uiNumBytes))
                                {
                                        Status = -EFAULT;
-                                       bcm_kfree(pReadData);
+                                       kfree(pReadData);
                                        break;
                                }
 
@@ -1522,7 +1343,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        {
                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Device is in Idle/Shutdown Mode\n");
                                                up(&Adapter->NVMRdmWrmLock);
-                                               bcm_kfree(pReadData);
+                                               kfree(pReadData);
                                                return -EACCES;
                                        }
 
@@ -1533,13 +1354,12 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
 
                                        if(Status != STATUS_SUCCESS)
                                                {
-                                                       bcm_kfree(pReadData);
+                                                       kfree(pReadData);
                                                        return Status;
                                                }
-                                       if(copy_to_user(stNVMReadWrite.pBuffer,
-                                                       pReadData, (UINT)stNVMReadWrite.uiNumBytes))
+                                       if(copy_to_user(stNVMReadWrite.pBuffer,pReadData, stNVMReadWrite.uiNumBytes))
                                                {
-                                                       bcm_kfree(pReadData);
+                                                       kfree(pReadData);
                                                        Status = -EFAULT;
                                                }
                                }
@@ -1554,7 +1374,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        {
                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Device is in Idle/Shutdown Mode\n");
                                                up(&Adapter->NVMRdmWrmLock);
-                                               bcm_kfree(pReadData);
+                                               kfree(pReadData);
                                                return -EACCES;
                                        }
 
@@ -1582,7 +1402,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                                        {
                                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"DSD Sig is present neither in Flash nor User provided Input..");
                                                                up(&Adapter->NVMRdmWrmLock);
-                                                               bcm_kfree(pReadData);
+                                                               kfree(pReadData);
                                                                return Status;
                                                        }
 
@@ -1591,7 +1411,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                                        {
                                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"DSD Sig is present neither in Flash nor User provided Input..");
                                                                up(&Adapter->NVMRdmWrmLock);
-                                                               bcm_kfree(pReadData);
+                                                               kfree(pReadData);
                                                                return Status;
                                                        }
                                                }
@@ -1608,7 +1428,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
 
                                        if(Status != STATUS_SUCCESS)
                                        {
-                                               bcm_kfree(pReadData);
+                                               kfree(pReadData);
                                                return Status;
                                        }
                                }
@@ -1616,7 +1436,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, " timetaken by Write/read :%ld msec\n",(tv1.tv_sec - tv0.tv_sec)*1000 +(tv1.tv_usec - tv0.tv_usec)/1000);
 
 
-                               bcm_kfree(pReadData);
+                               kfree(pReadData);
                                Status = STATUS_SUCCESS;
                        }
                        break;
@@ -1629,7 +1449,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                UINT BuffSize = 0;
                                UINT ReadBytes = 0;
                                UINT ReadOffset = 0;
-                               char __user *OutPutBuff = NULL;
+                               void __user *OutPutBuff;
 
                                if(IsFlash2x(Adapter) != TRUE)
                                {
@@ -1638,20 +1458,12 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                }
 
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "IOCTL_BCM_FLASH2X_SECTION_READ Called");
-                               Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
                                        return -EFAULT;
-                               }
 
                                //Reading FLASH 2.x READ structure
-                               Status = copy_from_user(&sFlash2xRead, IoBuffer.InputBuffer,sizeof(FLASH2X_READWRITE));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of Input Buffer failed");
+                               if (copy_from_user(&sFlash2xRead, IoBuffer.InputBuffer,sizeof(FLASH2X_READWRITE)))
                                        return -EFAULT;
-                               }
 
 
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"\nsFlash2xRead.Section :%x" ,sFlash2xRead.Section);
@@ -1687,7 +1499,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Device is in Idle/Shutdown Mode\n");
                                        up(&Adapter->NVMRdmWrmLock);
-                                       bcm_kfree(pReadBuff);
+                                       kfree(pReadBuff);
                                        return -EACCES;
                                }
 
@@ -1715,7 +1527,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        if(Status)
                                        {
                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Copy to use failed with status :%d", Status);
-                                               Status = -EFAULT;
                                                break;
                                        }
                                        NOB = NOB - ReadBytes;
@@ -1727,15 +1538,15 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
 
                                }
                                up(&Adapter->NVMRdmWrmLock);
-                               bcm_kfree(pReadBuff);
+                               kfree(pReadBuff);
 
                         }
                         break ;
                case IOCTL_BCM_FLASH2X_SECTION_WRITE :
                         {
                                FLASH2X_READWRITE sFlash2xWrite = {0};
-                               PUCHAR pWriteBuff = NULL;
-                               void __user *InputAddr = NULL;
+                               PUCHAR pWriteBuff;
+                               void __user *InputAddr;
                                UINT NOB = 0;
                                UINT BuffSize = 0;
                                UINT WriteOffset = 0;
@@ -1752,33 +1563,17 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
 
 
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, " IOCTL_BCM_FLASH2X_SECTION_WRITE Called");
-                               Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
                                        return -EFAULT;
-                               }
 
                                //Reading FLASH 2.x READ structure
-                               Status = copy_from_user(&sFlash2xWrite, IoBuffer.InputBuffer, sizeof(FLASH2X_READWRITE));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Reading of output Buffer from IOCTL buffer fails");
+                               if (copy_from_user(&sFlash2xWrite, IoBuffer.InputBuffer, sizeof(FLASH2X_READWRITE)))
                                        return -EFAULT;
-                               }
 
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"\nsFlash2xRead.Section :%x" ,sFlash2xWrite.Section);
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"\nsFlash2xRead.offset :%d" ,sFlash2xWrite.offset);
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"\nsFlash2xRead.numOfBytes :%x" ,sFlash2xWrite.numOfBytes);
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"\nsFlash2xRead.bVerify :%x\n" ,sFlash2xWrite.bVerify);
-                               #if 0
-                               if((sFlash2xWrite.Section == ISO_IMAGE1) ||(sFlash2xWrite.Section == ISO_IMAGE2) ||
-                                       (sFlash2xWrite.Section == DSD0) || (sFlash2xWrite.Section == DSD1) || (sFlash2xWrite.Section == DSD2))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"ISO/DSD Image write is not allowed....  ");
-                                       return STATUS_FAILURE ;
-                               }
-                               #endif
                                if((sFlash2xWrite.Section != VSA0) && (sFlash2xWrite.Section != VSA1) &&
                                        (sFlash2xWrite.Section != VSA2) )
                                {
@@ -1798,12 +1593,10 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                else
                                        BuffSize = NOB ;
 
-                               pWriteBuff = (PCHAR)kmalloc(BuffSize, GFP_KERNEL);
+                               pWriteBuff = kmalloc(BuffSize, GFP_KERNEL);
                                if(pWriteBuff == NULL)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Memory allocation failed for Flash 2.x Read Structure");
                                        return -ENOMEM;
-                               }
+
 
                                //extracting the remainder of the given offset.
                                WriteBytes = Adapter->uiSectorSize ;
@@ -1820,7 +1613,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Device is in Idle/Shutdown Mode\n");
                                        up(&Adapter->NVMRdmWrmLock);
-                                       bcm_kfree(pWriteBuff);
+                                       kfree(pWriteBuff);
                                        return -EACCES;
                                }
 
@@ -1831,7 +1624,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        if(Status)
                                        {
                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Copy to user failed with status :%d", Status);
-                                               Status = -EFAULT;
                                                break ;
                                        }
                                        BCM_DEBUG_PRINT_BUFFER(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,pWriteBuff,WriteBytes);
@@ -1859,28 +1651,22 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                }       while(NOB > 0);
                                BcmFlash2xWriteSig(Adapter,sFlash2xWrite.Section);
                                up(&Adapter->NVMRdmWrmLock);
-                               bcm_kfree(pWriteBuff);
+                               kfree(pWriteBuff);
                         }
                         break ;
                case IOCTL_BCM_GET_FLASH2X_SECTION_BITMAP :
                         {
 
-                               PFLASH2X_BITMAP psFlash2xBitMap = NULL ;
+                                PFLASH2X_BITMAP psFlash2xBitMap;
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "IOCTL_BCM_GET_FLASH2X_SECTION_BITMAP Called");
 
-                               Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
                                        return -EFAULT;
-                               }
+
                                if(IoBuffer.OutputLength != sizeof(FLASH2X_BITMAP))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Structure size mismatch Lib :0x%lx Driver :0x%zx ",IoBuffer.OutputLength, sizeof(FLASH2X_BITMAP));
-                                       break;
-                               }
+                                       return -EINVAL;
 
-                               psFlash2xBitMap = (PFLASH2X_BITMAP)kzalloc(sizeof(FLASH2X_BITMAP), GFP_KERNEL);
+                               psFlash2xBitMap = kzalloc(sizeof(FLASH2X_BITMAP), GFP_KERNEL);
                                if(psFlash2xBitMap == NULL)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Memory is not available");
@@ -1895,20 +1681,16 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Device is in Idle/Shutdown Mode\n");
                                        up(&Adapter->NVMRdmWrmLock);
-                                       bcm_kfree(psFlash2xBitMap);
+                                       kfree(psFlash2xBitMap);
                                        return -EACCES;
                                }
 
                                BcmGetFlash2xSectionalBitMap(Adapter, psFlash2xBitMap);
                                up(&Adapter->NVMRdmWrmLock);
-                               Status = copy_to_user(IoBuffer.OutputBuffer, psFlash2xBitMap, sizeof(FLASH2X_BITMAP));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "copying Flash2x bitMap failed");
-                                       bcm_kfree(psFlash2xBitMap);
-                                       return -EFAULT;
-                               }
-                               bcm_kfree(psFlash2xBitMap);
+                               if (copy_to_user(IoBuffer.OutputBuffer, psFlash2xBitMap, sizeof(FLASH2X_BITMAP)))
+                                       Status = -EFAULT;
+
+                               kfree(psFlash2xBitMap);
                         }
                         break ;
                case IOCTL_BCM_SET_ACTIVE_SECTION :
@@ -1926,14 +1708,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
-                                       return -EFAULT;
+                                       return Status;
                                }
 
                                Status = copy_from_user(&eFlash2xSectionVal,IoBuffer.InputBuffer, sizeof(INT));
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of flash section val failed");
-                                       return -EFAULT;
+                                       return Status;
                                }
 
                                down(&Adapter->NVMRdmWrmLock);
@@ -1961,29 +1743,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                Adapter->bAllDSDWriteAllow = FALSE ;
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"IOCTL_BCM_IDENTIFY_ACTIVE_SECTION called");
 
-                               #if 0
-                               SECTION_TYPE section = 0 ;
-
-
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "IOCTL_BCM_IDENTIFY_ACTIVE_SECTION Called");
-                               Status = copy_from_user((PCHAR)&IoBuffer, (PCHAR)arg, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Copy of IOCTL BUFFER failed");
-                                       return -EFAULT;
-                               }
-                               Status = copy_from_user((PCHAR)section,(PCHAR)&IoBuffer, sizeof(INT));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Copy of section type failed failed");
-                                       return -EFAULT;
-                               }
-                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Read Section :%d", section);
-                               if(section == DSD)
-                                       Adapter->ulFlashCalStart = Adapter->uiActiveDSDOffsetAtFwDld ;
-                               else
-                                       Status = STATUS_FAILURE ;
-                               #endif
                                Status = STATUS_SUCCESS ;
                         }
                         break ;
@@ -2004,14 +1763,14 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed Status :%d", Status);
-                                       return -EFAULT;
+                                       return Status;
                                }
 
-                               Status = copy_from_user(&sCopySectStrut,IoBuffer.InputBuffer, sizeof(FLASH2X_COPY_SECTION));
+                               Status = copy_from_user(&sCopySectStrut, IoBuffer.InputBuffer, sizeof(FLASH2X_COPY_SECTION));
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of Copy_Section_Struct failed with Status :%d", Status);
-                                       return -EFAULT;
+                                       return Status;
                                }
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Source SEction :%x", sCopySectStrut.SrcSection);
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Destination SEction :%x", sCopySectStrut.DstSection);
@@ -2082,7 +1841,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
-                                       Status = -EFAULT;
                                        break;
                                }
                                if(Adapter->eNVMType != NVM_FLASH)
@@ -2095,35 +1853,18 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                {
 
                                        if(IoBuffer.OutputLength < sizeof(FLASH2X_CS_INFO))
-                                       {
-                                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0," Passed buffer size:0x%lX is insufficient for the CS structure.. \nRequired size :0x%zx ",IoBuffer.OutputLength, sizeof(FLASH2X_CS_INFO));
-                                               Status = -EINVAL;
-                                               break;
-                                       }
+                                               return -EINVAL;
 
-                                       Status = copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlash2xCSInfo, sizeof(FLASH2X_CS_INFO));
-                                       if(Status)
-                                       {
-                                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "copying Flash2x cs info failed");
-                                               Status = -EFAULT;
-                                               break;
-                                       }
+                                       if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlash2xCSInfo, sizeof(FLASH2X_CS_INFO)))
+                                               return -EFAULT;
                                }
                                else
                                {
                                        if(IoBuffer.OutputLength < sizeof(FLASH_CS_INFO))
-                                       {
-                                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0," Passed buffer size:0x%lX is insufficient for the CS structure.. Required size :0x%zx ",IoBuffer.OutputLength, sizeof(FLASH_CS_INFO));
-                                               Status = -EINVAL;
-                                               break;
-                                       }
-                                       Status = copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(FLASH_CS_INFO));
-                                       if(Status)
-                                       {
-                                               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "copying Flash CS info failed");
-                                               Status = -EFAULT;
-                                               break;
-                                       }
+                                               return -EINVAL;
+
+                                       if (copy_to_user(IoBuffer.OutputBuffer, Adapter->psFlashCSInfo, sizeof(FLASH_CS_INFO)))
+                                               return -EFAULT;
 
                                 }
                          }
@@ -2145,13 +1886,13 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
-                                       return -EFAULT;
+                                       return Status;
                                }
-                               Status = copy_from_user(&eFlash2xSectionVal,IoBuffer.InputBuffer, sizeof(INT));
+                               Status = copy_from_user(&eFlash2xSectionVal, IoBuffer.InputBuffer, sizeof(INT));
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of flash section val failed");
-                                       return -EFAULT;
+                                       return Status;
                                }
 
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Read Section :%d", eFlash2xSectionVal);
@@ -2181,13 +1922,13 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                case IOCTL_BCM_NVM_RAW_READ :
                         {
 
-                               NVM_READWRITE  stNVMRead = {};
+                                NVM_READWRITE stNVMRead;
                                INT NOB ;
                                INT BuffSize ;
                                INT ReadOffset = 0;
                                UINT ReadBytes = 0 ;
-                               PUCHAR pReadBuff = NULL ;
-                               char __user *OutPutBuff = NULL ;
+                               PUCHAR pReadBuff;
+                               void __user *OutPutBuff;
 
                                if(Adapter->eNVMType != NVM_FLASH)
                                {
@@ -2204,10 +1945,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                }
 
                                if(copy_from_user(&stNVMRead, IoBuffer.OutputBuffer,sizeof(NVM_READWRITE)))
-                               {
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                                       return -EFAULT;
 
                                NOB = stNVMRead.uiNumBytes;
                                //In Raw-Read max Buff size : 64MB
@@ -2217,11 +1955,10 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                else
                                        BuffSize = NOB ;
 
-                               ReadOffset = stNVMRead.uiOffset ;
+                               ReadOffset = stNVMRead.uiOffset;
                                OutPutBuff = stNVMRead.pBuffer;
 
-
-                               pReadBuff = (PCHAR)kzalloc(BuffSize , GFP_KERNEL);
+                               pReadBuff = kzalloc(BuffSize , GFP_KERNEL);
                                if(pReadBuff == NULL)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Memory allocation failed for Flash 2.x Read Structure");
@@ -2235,7 +1972,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                        (Adapter->bPreparingForLowPowerMode ==TRUE))
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"Device is in Idle/Shutdown Mode\n");
-                                       bcm_kfree(pReadBuff);
+                                       kfree(pReadBuff);
                                        up(&Adapter->NVMRdmWrmLock);
                                        return -EACCES;
                                }
@@ -2256,13 +1993,12 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                                break;
                                        }
 
-                                       BCM_DEBUG_PRINT_BUFFER(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,pReadBuff, ReadBytes);
+                                       BCM_DEBUG_PRINT_BUFFER(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,pReadBuff,ReadBytes);
 
                                        Status = copy_to_user(OutPutBuff, pReadBuff,ReadBytes);
                                        if(Status)
                                        {
                                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"Copy to use failed with status :%d", Status);
-                                               Status = -EFAULT;
                                                break;
                                        }
                                        NOB = NOB - ReadBytes;
@@ -2275,7 +2011,7 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                }
                                Adapter->bFlashRawRead = FALSE ;
                                up(&Adapter->NVMRdmWrmLock);
-                               bcm_kfree(pReadBuff);
+                               kfree(pReadBuff);
                                break ;
                         }
 
@@ -2288,7 +2024,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"copy of Ioctl buffer is failed from user space");
-                                       Status = -EFAULT;
                                        break;
                                }
 
@@ -2296,7 +2031,6 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                if(Status)
                                {
                                        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"copy of control bit mask failed from user space");
-                                       Status = -EFAULT;
                                        break;
                                }
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"\n Got user defined cntrl msg bit mask :%lx", RxCntrlMsgBitMask);
@@ -2315,71 +2049,44 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                                DevInfo.u32NVMType = Adapter->eNVMType;
                                DevInfo.u32InterfaceType = BCM_USB;
 
-                               Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                                       return -EFAULT;
+
                                if(IoBuffer.OutputLength < sizeof(DevInfo))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"User Passed buffer length is less than actural buffer size");
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"user passed buffer size :0x%lX, expected size :0x%zx",IoBuffer.OutputLength, sizeof(DevInfo));
-                                       Status = -EINVAL;
-                                       break;
-                               }
-                               Status = copy_to_user(IoBuffer.OutputBuffer, &DevInfo, sizeof(DevInfo));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"copying Dev info structure to user space buffer failed");
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                                       return -EINVAL;
+
+                               if (copy_to_user(IoBuffer.OutputBuffer, &DevInfo, sizeof(DevInfo)))
+                                       return -EFAULT;
                        }
                        break ;
 
                        case IOCTL_BCM_TIME_SINCE_NET_ENTRY:
                        {
                                ST_TIME_ELAPSED stTimeElapsedSinceNetEntry = {0};
-                               struct timeval tv = {0} ;
 
                                BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"IOCTL_BCM_TIME_SINCE_NET_ENTRY called");
 
-                               Status = copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0, "Copy of IOCTL BUFFER failed");
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                               if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER)))
+                                       return -EFAULT;
+
                                if(IoBuffer.OutputLength < sizeof(ST_TIME_ELAPSED))
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"User Passed buffer length:0x%lx is less than expected buff size :0x%zX",IoBuffer.OutputLength,sizeof(ST_TIME_ELAPSED));
-                                       Status = -EINVAL;
-                                       break;
-                               }
+                                       return -EINVAL;
 
-                               //stTimeElapsedSinceNetEntry.ul64TimeElapsedSinceNetEntry = Adapter->liTimeSinceLastNetEntry;
-                               do_gettimeofday(&tv);
-                               stTimeElapsedSinceNetEntry.ul64TimeElapsedSinceNetEntry = tv.tv_sec - Adapter->liTimeSinceLastNetEntry;
+                               stTimeElapsedSinceNetEntry.ul64TimeElapsedSinceNetEntry = get_seconds() - Adapter->liTimeSinceLastNetEntry;
 
-                               Status = copy_to_user(IoBuffer.OutputBuffer, &stTimeElapsedSinceNetEntry, sizeof(ST_TIME_ELAPSED));
-                               if(Status)
-                               {
-                                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_PRINTK, 0, 0,"copying ST_TIME_ELAPSED structure to user space buffer failed");
-                                       Status = -EFAULT;
-                                       break;
-                               }
+                               if (copy_to_user(IoBuffer.OutputBuffer, &stTimeElapsedSinceNetEntry, sizeof(ST_TIME_ELAPSED)))
+                                       return -EFAULT;
 
                        }
                        break;
 
-               default:
-            BCM_DEBUG_PRINT (Adapter, DBG_TYPE_PRINTK, 0, 0, "wrong input %x",cmd);
-                       BCM_DEBUG_PRINT (Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "In default ioctl %d\n", cmd);
-                        Status = STATUS_FAILURE;
+               case IOCTL_CLOSE_NOTIFICATION:
+                       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL,"IOCTL_CLOSE_NOTIFICATION");
+                       break;
 
+               default:
+                       pr_info(DRV_NAME ": unknown ioctl cmd=%#x\n", cmd);
+                       Status = STATUS_FAILURE;
                        break;
        }
        return Status;
@@ -2395,59 +2102,37 @@ static struct file_operations bcm_fops = {
        .llseek = no_llseek,
 };
 
+extern struct class *bcm_class;
 
 int register_control_device_interface(PMINI_ADAPTER Adapter)
 {
+
        if(Adapter->major>0)
-       return Adapter->major;
-    Adapter->major = register_chrdev(0, "tarang", &bcm_fops);
-    if(Adapter->major < 0)
-    {
-       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL, "register_chrdev:Failed to registering WiMax control char device!");
-        return Adapter->major;
-    }
-
-       bcm_class = NULL;
-       bcm_class = class_create (THIS_MODULE, "tarang");
-       if(IS_ERR (bcm_class))
-       {
-       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL, "Unable to create class\n");
-        unregister_chrdev(Adapter->major, "tarang");
-               Adapter->major = 0;
-               return -ENODEV;
+               return Adapter->major;
+
+       Adapter->major = register_chrdev(0, DEV_NAME, &bcm_fops);
+       if(Adapter->major < 0) {
+               pr_err(DRV_NAME ": could not created character device\n");
+               return Adapter->major;
        }
+
        Adapter->pstCreatedClassDevice = device_create (bcm_class, NULL,
-                                                               MKDEV(Adapter->major, 0),
-#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,26)
-                                                               NULL    ,
-#endif
-                                                               "tarang");
+                                                       MKDEV(Adapter->major, 0), Adapter,
+                                                       DEV_NAME);
 
-       if(IS_ERR(Adapter->pstCreatedClassDevice))
-       {
-               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL, "class device did not get created : %ld", PTR_ERR(Adapter->pstCreatedClassDevice) );
+       if(IS_ERR(Adapter->pstCreatedClassDevice)) {
+               pr_err(DRV_NAME ": class device create failed\n");
+               unregister_chrdev(Adapter->major, DEV_NAME);
+               return PTR_ERR(Adapter->pstCreatedClassDevice);
        }
-       BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL, "Got Major No: %d", Adapter->major);
-    return 0;
+                       
+       return 0;
 }
 
 void unregister_control_device_interface(PMINI_ADAPTER Adapter)
 {
-       if(Adapter->major > 0)
-       {
-        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL, "destroying class device");
+       if(Adapter->major > 0) {
                device_destroy (bcm_class, MKDEV(Adapter->major, 0));
+               unregister_chrdev(Adapter->major, DEV_NAME);
        }
-    if(!IS_ERR(bcm_class))
-       {
-        BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL, "destroying created class ");
-        class_destroy (bcm_class);
-               bcm_class = NULL;
-       }
-       if(Adapter->major > 0)
-       {
-               BCM_DEBUG_PRINT(Adapter,DBG_TYPE_INITEXIT, DRV_ENTRY, DBG_LVL_ALL,"unregistering character interface");
-        unregister_chrdev(Adapter->major, "tarang");
-       }
-
 }
Linux for Marvell Sheeva based platforms