From 699871fdc6bf1bed6d919732820183e57faeaddc Mon Sep 17 00:00:00 2001
From: Markus Fritsche <fritsche.markus@gmail.com>
Date: Thu, 23 Apr 2026 20:04:11 +0200
Subject: [PATCH] bes2600: drop BES2600_WRITE_DPD_TO_FILE kernel_*() file paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

bes_chardev.c carried three functions gated behind the
BES2600_WRITE_DPD_TO_FILE Kconfig/make-flag (default off):

  - bes2600_chrdev_write_dpd_data_to_file()
      filp_open(O_CREAT | O_TRUNC | O_RDWR) + kernel_write()
      writing a raw DPD calibration blob back to
      BES2600_DPD_PATH (default /data/cfg/bes2600_dpd.bin, an
      Android-AOSP path).

  - bes2600_chrdev_read_and_check_dpd_data()
      filp_open(O_RDONLY) + kernel_read() reading the DPD blob
      from either BES2600_DPD_GOLDEN_PATH (/data/cfg/…) or
      BES2600_DEFAULT_DPD_PATH (/lib/firmware/bes2600_dpd.bin),
      followed by a CRC/version sanity check.

  - bes2600_chrdev_dpd_is_vaild() (sic), the CRC/version helper
    used only by the read path.

Plus the bes_cdev.no_dpd field, its module_param, and two
intrusion sites in bes2600_chrdev_get_dpd_data() and
bes2600_chrdev_update_dpd_data() that invoke the above.

The Makefile defaults BES2600_WRITE_DPD_TO_FILE=n, so in a stock
build all of this is dead code. It is still a standing upstream
blocker for exactly the same reasons as the factory-txt write
path removed in the preceding patch:

  - filp_open() + kernel_read()/kernel_write() bypass the
    firmware-class abstraction and LSM-governed access control
    that apply to /lib/firmware/.
  - The write target /data/cfg/ is an Android AOSP convention
    that does not exist on a Linux distribution and cannot be
    created by the kernel anyway.
  - A runtime DPD re-calibration is intended to reduce TX EVM
    after temperature or aging drift; persisting the result via
    kernel_write() is fundamentally a userspace concern (debugfs
    dump + userspace tool is the expected route).

Remove the entire #ifdef BES2600_WRITE_DPD_TO_FILE block from
bes_chardev.c (including the inner #ifdef inside
bes2600_chrdev_read_and_check_dpd_data() guarding a
DPD_BIN_FILE_SIZE size check that only applied to the read-back-
its-own-write case), the no_dpd field and module_param, and the
two invocation sites. Drop the Kconfig/make-flag and the three
associated PATH macros from the Makefile. Net: -155 lines, no
remaining filp_open/kernel_read/kernel_write anywhere in
bes_chardev.c.

The in-memory DPD state path is unchanged: bes2600_chrdev_get_dpd_
buffer() still allocates a kmalloc'd buffer used by the firmware-
download path, bes2600_chrdev_update_dpd_data() still validates
the buffer's CRC and transitions bes2600_cdev.wait_state on
success, and bes2600_chrdev_free_dpd_data() still releases the
buffer on unload. Only the file-I/O side-channel is removed.

Signed-off-by: Markus Fritsche <fritsche.markus@gmail.com>
---
 bes2600/Makefile      |  12 ----
 bes2600/bes_chardev.c | 143 ------------------------------------------
 2 files changed, 155 deletions(-)

diff --git a/drivers/staging/bes2600/Makefile b/drivers/staging/bes2600/Makefile
index 2c1a850..0dd3606 100644
--- a/drivers/staging/bes2600/Makefile
+++ b/drivers/staging/bes2600/Makefile
@@ -28,7 +28,6 @@ CONFIG_BES2600_WIFI_BOOT_ON             ?= y
 CONFIG_BES2600_BT_BOOT_ON               ?= n
 
 BES2600_GPIO_WAKEUP_AP                  ?= n
-BES2600_WRITE_DPD_TO_FILE               ?= n
 BES2600_TX_MORE_RETRY                   ?= n
 
 # bes evb
@@ -93,12 +92,6 @@ ccflags-y += -DBES_UNIFIED_PM
 ccflags-y += -DBES_SDIO_OPTIMIZED_LEN
 ccflags-y += -DBES2600_HOST_TIMESTAMP_DEBUG
 
-ifeq ($(BES2600_WRITE_DPD_TO_FILE),y)
-BES2600_DPD_PATH ?= /data/cfg/bes2600_dpd.bin
-BES2600_DEFAULT_DPD_PATH ?= /lib/firmware/bes2600_dpd.bin
-BES2600_DPD_GOLDEN_PATH ?= /data/cfg/bes2600_dpd_golden.bin
-endif
-
 ifeq ($(BES2600_DUMP_FW_DPD_LOG),y)
 BES2600_DPD_LOG_PATH ?= /data/applog/bes2600_dpd_log.log
 endif
@@ -135,9 +128,6 @@ ccflags-y += $(call boolen_flag,BSS_LOSS_CHECK,y)
 ccflags-y += $(call string_flag,BES2600_LOAD_FW_TOOL_PATH)
 ccflags-y += $(call string_flag,BES2600_LOAD_FW_TOOL_DEVICE)
 ccflags-y += $(call string_flag,BES2600_DRV_VERSION)
-ccflags-y += $(call string_flag,BES2600_DPD_PATH)
-ccflags-y += $(call string_flag,BES2600_DEFAULT_DPD_PATH)
-ccflags-y += $(call string_flag,BES2600_DPD_GOLDEN_PATH)
 
 ccflags-y += $(call boolen_flag,BES2600_INDEPENDENT_EVB,y)
 ccflags-y += $(call boolen_flag,BES2600_INTEGRATED_MODULE_V1,y)
@@ -159,8 +149,6 @@ ccflags-y += $(call boolen_flag,FACTORY_SAVE_MULTI_PATH,y)
 ccflags-y += $(call boolen_flag,FACTORY_CRC_CHECK,y)
 
 ccflags-y += $(call boolen_flag,BES2600_GPIO_WAKEUP_AP,y)
-ccflags-y += $(call boolen_flag,BES2600_WRITE_DPD_TO_FILE,y)
-
 ccflags-y += $(call boolen_flag,BES2600_DUMP_FW_DPD_LOG,y)
 ccflags-y += $(call string_flag,BES2600_DPD_LOG_PATH)
 
diff --git a/drivers/staging/bes2600/bes_chardev.c b/drivers/staging/bes2600/bes_chardev.c
index e2e4f1b..a02d6d9 100644
--- a/drivers/staging/bes2600/bes_chardev.c
+++ b/drivers/staging/bes2600/bes_chardev.c
@@ -63,9 +63,6 @@ struct bes_cdev {
 	struct delayed_work probe_timeout_work;
 	enum bus_probe_state bus_probe;
 	struct work_struct wifi_force_close_work;
-#ifdef BES2600_WRITE_DPD_TO_FILE
-	int no_dpd;
-#endif
 	enum pend_read_op read_flag;
 	enum wakeup_event wakeup_by_event;	/* used to filter unwanted event wakeup reason report */
 	u16 wakeup_state; /* for userspace check wakeup reason */
@@ -85,9 +82,6 @@ struct bes2600_op_map {
 
 static struct bes_cdev bes2600_cdev;
 module_param_named(fw_type, bes2600_cdev.fw_type, int, 0644);
-#ifdef BES2600_WRITE_DPD_TO_FILE
-module_param_named(no_dpd, bes2600_cdev.no_dpd, int, 0644);
-#endif
 
 extern int bes2600_register_net_dev(struct sbus_priv *bus_priv);
 extern int bes2600_unregister_net_dev(struct sbus_priv *bus_priv);
@@ -269,137 +263,8 @@ static int bes2600_chrdev_check_system_close_internal(void)
 
 
 
-#ifdef BES2600_WRITE_DPD_TO_FILE
-static int bes2600_chrdev_write_dpd_data_to_file(const char *path, void *buffer, int size)
-{
-	int ret = 0;
-	struct file *fp;
-
-	if (buffer == NULL || size == 0)
-		return 0;
-
-	fp = filp_open(path, O_TRUNC | O_CREAT | O_RDWR, S_IRUSR);
-	if (IS_ERR(fp)) {
-		bes_err("BES2600 : can't open %s\n",path);
-		return -1;
-	}
-
-	ret = kernel_write(fp, buffer, size, &fp->f_pos);
-	if (ret < 0)
-		bes_err("write dpd to file failed\n");
-
-	filp_close(fp,NULL);
-
-	bes_devel("write dpd to %s\n", path);
-
-	return ret;
-}
-
-static bool bes2600_chrdev_dpd_is_vaild(u8 *dpd_data)
-{
-	u32 cal_crc = 0;
-	u32 dpd_crc = le32_to_cpup((__le32 *)(dpd_data));
-	u32 dpd_ver = le32_to_cpup((__le32 *)(dpd_data + DPD_VERSION_OFFSET));
-
-	/* check version */
-	if (dpd_ver < DPD_CUR_VERSION)
-		return false;
-
-	cal_crc ^= 0xffffffffL;
-	cal_crc = crc32_le(cal_crc, dpd_data + 4, DPD_BIN_SIZE - 4);
-	cal_crc ^= 0xffffffffL;
-
-	/* check if the dpd data is valid */
-	if (cal_crc != dpd_crc) {
-		bes_err(
-			"bes2600 dpd data from file check failed, calc_crc:0x%08x dpd_crc: 0x%08x\n",
-			cal_crc, dpd_crc);
-		return false;
-	}
-
-	return true;
-}
-
-static int bes2600_chrdev_read_and_check_dpd_data(const char *file, u8 **data, u32 *len)
-{
-	int ret = 0;
-	u8* read_data = NULL;
-	struct file *fp;
-
-	/* open file */
-	fp = filp_open(file, O_RDONLY, 0);//S_IRUSR
-	if (IS_ERR(fp)) {
-		bes_devel("BES2600 : can't open %s\n",file);
-		return -1;
-	}
-
-#ifdef BES2600_WRITE_DPD_TO_FILE
-	if (fp->f_inode->i_size != DPD_BIN_FILE_SIZE) {
-		bes_err(
-			"bes2600 dpd data file size check failed, read_size: %lld file_size: %d\n",
-			fp->f_inode->i_size, DPD_BIN_FILE_SIZE);
-		filp_close(fp, NULL);
-		return -1;
-	}
-#endif
-
-	/* allocate memory for storing reading data */
-	read_data = kmalloc(fp->f_inode->i_size, GFP_KERNEL);
-	if (read_data == NULL) {
-		bes_devel("%s alloc mem fail\n", __func__);
-		goto err1;
-	}
-
-	/* read data  from file */
-	ret = kernel_read(fp, read_data, fp->f_inode->i_size, &fp->f_pos);
-	if (ret < DPD_BIN_SIZE) {
-		bes_err("%s read fail, ret=%d\n", __func__, ret);
-		goto err2;
-	}
-
-	/* check dpd version and crc */
-	if (!bes2600_chrdev_dpd_is_vaild(read_data))
-		goto err2;
-
-	/* close file */
-	filp_close(fp, NULL);
-
-	/* copy data to external */
-	*data = read_data;
-	*len = DPD_BIN_SIZE;;
-
-	/* output debug information */
-	bes_devel("read dpd data from %s\n", file);
-
-	return 0;
-
-err2:
-	kfree(read_data);
-err1:
-	filp_close(fp, NULL);
-	*data = NULL;
-	*len = 0;
-	return -1;
-}
-#endif
-
 const u8* bes2600_chrdev_get_dpd_data(u32 *len)
 {
-#ifdef BES2600_WRITE_DPD_TO_FILE
-	if (!bes2600_cdev.dpd_calied && bes2600_cdev.no_dpd) {
-		/* read dpd data from file that stores factory dpd calibration data */
-		if ((bes2600_chrdev_read_and_check_dpd_data(BES2600_DPD_GOLDEN_PATH,
-		   	&bes2600_cdev.dpd_data, &bes2600_cdev.dpd_len) < 0) &&
-		   (bes2600_chrdev_read_and_check_dpd_data(BES2600_DEFAULT_DPD_PATH,
-			&bes2600_cdev.dpd_data, &bes2600_cdev.dpd_len) < 0)) {
-			bes_err("%s read dpd data fail\n", __func__);
-			return NULL;
-		} else {
-			bes2600_cdev.dpd_calied = true;
-		}
-	}
-#endif
-
 	if (!bes2600_cdev.dpd_calied)
 		return NULL;
 	if (len)
@@ -460,14 +325,6 @@ int bes2600_chrdev_update_dpd_data(void)
 	}
 	spin_unlock(&bes2600_cdev.status_lock);
 
-#ifdef BES2600_WRITE_DPD_TO_FILE
-	/* write dpd data to file */
-	memset(bes2600_cdev.dpd_data + DPD_BIN_SIZE, 0, DPD_BIN_FILE_SIZE - DPD_BIN_SIZE);
-	bes2600_chrdev_write_dpd_data_to_file(BES2600_DPD_PATH,
-		bes2600_cdev.dpd_data, DPD_BIN_FILE_SIZE);
-#endif
-
-
 	return 0;
 }
 
-- 
2.53.0