Patch "i2c: ismt: Don't duplicate the receive length for block reads" has been added to the 3.18-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    i2c: ismt: Don't duplicate the receive length for block reads

to the 3.18-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     i2c-ismt-don-t-duplicate-the-receive-length-for-block-reads.patch
and it can be found in the queue-3.18 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b6c159a9cb69c2cf0bf59d4e12c3a2da77e4d994 Mon Sep 17 00:00:00 2001
From: Stephen Douthit <stephend@xxxxxxxxxxxxxxxxxx>
Date: Mon, 7 Aug 2017 17:10:59 -0400
Subject: i2c: ismt: Don't duplicate the receive length for block reads

From: Stephen Douthit <stephend@xxxxxxxxxxxxxxxxxx>

commit b6c159a9cb69c2cf0bf59d4e12c3a2da77e4d994 upstream.

According to Table 15-14 of the C2000 EDS (Intel doc #510524) the
rx data pointed to by the descriptor dptr contains the byte count.

desc->rxbytes reports all bytes read on the wire, including the
"byte count" byte.  So if a device sends 4 bytes in response to a
block read, on the wire and in the DMA buffer we see:

count data1 data2 data3 data4
 0x04  0xde  0xad  0xbe  0xef

That's what we want to return in data->block to the next level.

Instead we were actually prefixing that with desc->rxbytes:

bad
count count data1 data2 data3 data4
 0x05  0x04  0xde  0xad  0xbe  0xef

This was discovered while developing a BMC solution relying on the
ipmi_ssif.c driver which was trying to interpret the bogus length
field as part of the IPMI response.

Signed-off-by: Stephen Douthit <stephend@xxxxxxxxxxxxxxxxxx>
Tested-by: Dan Priamo <danp@xxxxxxxxxxxxxxxxxx>
Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
Signed-off-by: Wolfram Sang <wsa@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/i2c/busses/i2c-ismt.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/i2c/busses/i2c-ismt.c
+++ b/drivers/i2c/busses/i2c-ismt.c
@@ -340,8 +340,8 @@ static int ismt_process_desc(const struc
 			break;
 		case I2C_SMBUS_BLOCK_DATA:
 		case I2C_SMBUS_I2C_BLOCK_DATA:
-			memcpy(&data->block[1], dma_buffer, desc->rxbytes);
-			data->block[0] = desc->rxbytes;
+			memcpy(data->block, dma_buffer, desc->rxbytes);
+			data->block[0] = desc->rxbytes - 1;
 			break;
 		}
 		return 0;


Patches currently in stable-queue which might be from stephend@xxxxxxxxxxxxxxxxxx are

queue-3.18/i2c-ismt-don-t-duplicate-the-receive-length-for-block-reads.patch
queue-3.18/i2c-ismt-return-emsgsize-for-block-reads-with-bogus-length.patch



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]