From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:42184 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753409AbdIDJoI (ORCPT ); Mon, 4 Sep 2017 05:44:08 -0400 Subject: Patch "i2c: ismt: Don't duplicate the receive length for block reads" has been added to the 4.4-stable tree To: stephend@adiengineering.com, danp@adiengineering.com, gregkh@linuxfoundation.org, nhorman@tuxdriver.com, wsa@the-dreams.de Cc: , From: Date: Mon, 04 Sep 2017 11:44:08 +0200 Message-ID: <150451824810217@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled i2c: ismt: Don't duplicate the receive length for block reads to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: i2c-ismt-don-t-duplicate-the-receive-length-for-block-reads.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From b6c159a9cb69c2cf0bf59d4e12c3a2da77e4d994 Mon Sep 17 00:00:00 2001 From: Stephen Douthit Date: Mon, 7 Aug 2017 17:10:59 -0400 Subject: i2c: ismt: Don't duplicate the receive length for block reads From: Stephen Douthit commit b6c159a9cb69c2cf0bf59d4e12c3a2da77e4d994 upstream. According to Table 15-14 of the C2000 EDS (Intel doc #510524) the rx data pointed to by the descriptor dptr contains the byte count. desc->rxbytes reports all bytes read on the wire, including the "byte count" byte. So if a device sends 4 bytes in response to a block read, on the wire and in the DMA buffer we see: count data1 data2 data3 data4 0x04 0xde 0xad 0xbe 0xef That's what we want to return in data->block to the next level. Instead we were actually prefixing that with desc->rxbytes: bad count count data1 data2 data3 data4 0x05 0x04 0xde 0xad 0xbe 0xef This was discovered while developing a BMC solution relying on the ipmi_ssif.c driver which was trying to interpret the bogus length field as part of the IPMI response. Signed-off-by: Stephen Douthit Tested-by: Dan Priamo Acked-by: Neil Horman Signed-off-by: Wolfram Sang Signed-off-by: Greg Kroah-Hartman --- drivers/i2c/busses/i2c-ismt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/i2c/busses/i2c-ismt.c +++ b/drivers/i2c/busses/i2c-ismt.c @@ -339,8 +339,8 @@ static int ismt_process_desc(const struc break; case I2C_SMBUS_BLOCK_DATA: case I2C_SMBUS_I2C_BLOCK_DATA: - memcpy(&data->block[1], dma_buffer, desc->rxbytes); - data->block[0] = desc->rxbytes; + memcpy(data->block, dma_buffer, desc->rxbytes); + data->block[0] = desc->rxbytes - 1; break; } return 0; Patches currently in stable-queue which might be from stephend@adiengineering.com are queue-4.4/i2c-ismt-don-t-duplicate-the-receive-length-for-block-reads.patch queue-4.4/i2c-ismt-return-emsgsize-for-block-reads-with-bogus-length.patch