This is a note to let you know that I've just added the patch titled
i2c: ismt: Don't duplicate the receive length for block reads
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
i2c-ismt-don-t-duplicate-the-receive-length-for-block-reads.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From b6c159a9cb69c2cf0bf59d4e12c3a2da77e4d994 Mon Sep 17 00:00:00 2001
From: Stephen Douthit <stephend@xxxxxxxxxxxxxxxxxx>
Date: Mon, 7 Aug 2017 17:10:59 -0400
Subject: i2c: ismt: Don't duplicate the receive length for block reads
From: Stephen Douthit <stephend@xxxxxxxxxxxxxxxxxx>
commit b6c159a9cb69c2cf0bf59d4e12c3a2da77e4d994 upstream.
According to Table 15-14 of the C2000 EDS (Intel doc #510524) the
rx data pointed to by the descriptor dptr contains the byte count.
desc->rxbytes reports all bytes read on the wire, including the
"byte count" byte. So if a device sends 4 bytes in response to a
block read, on the wire and in the DMA buffer we see:
count data1 data2 data3 data4
0x04 0xde 0xad 0xbe 0xef
That's what we want to return in data->block to the next level.
Instead we were actually prefixing that with desc->rxbytes:
bad
count count data1 data2 data3 data4
0x05 0x04 0xde 0xad 0xbe 0xef
This was discovered while developing a BMC solution relying on the
ipmi_ssif.c driver which was trying to interpret the bogus length
field as part of the IPMI response.
Signed-off-by: Stephen Douthit <stephend@xxxxxxxxxxxxxxxxxx>
Tested-by: Dan Priamo <danp@xxxxxxxxxxxxxxxxxx>
Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
Signed-off-by: Wolfram Sang <wsa@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/i2c/busses/i2c-ismt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/i2c/busses/i2c-ismt.c
+++ b/drivers/i2c/busses/i2c-ismt.c
@@ -340,8 +340,8 @@ static int ismt_process_desc(const struc
break;
case I2C_SMBUS_BLOCK_DATA:
case I2C_SMBUS_I2C_BLOCK_DATA:
- memcpy(&data->block[1], dma_buffer, desc->rxbytes);
- data->block[0] = desc->rxbytes;
+ memcpy(data->block, dma_buffer, desc->rxbytes);
+ data->block[0] = desc->rxbytes - 1;
break;
}
return 0;
Patches currently in stable-queue which might be from stephend@xxxxxxxxxxxxxxxxxx are
queue-3.18/i2c-ismt-don-t-duplicate-the-receive-length-for-block-reads.patch
queue-3.18/i2c-ismt-return-emsgsize-for-block-reads-with-bogus-length.patch