lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170814193105.cosdlbf5gypazlzn@ninjato>
Date:   Mon, 14 Aug 2017 21:31:05 +0200
From:   Wolfram Sang <wsa@...-dreams.de>
To:     Stephen Douthit <stephend@...engineering.com>
Cc:     seth.heasley@...el.com, nhorman@...driver.com,
        danp@...engineering.com, linux-i2c@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] i2c: ismt: Fix length handling for SMBus block reads

On Mon, Aug 07, 2017 at 05:10:58PM -0400, Stephen Douthit wrote:
> Hello all,
> 
> We ran into an issue where the ipmi_ssif and i2c-ismt drivers don't
> agree on the format for data returned by i2c_smbus_read_block_data()
> 
> Looking at the traffic on the wire with a beagle analyzer:
> -----
> Packet Details   (Values in hex; [S] = Start condition;
>                   [P] = Stop condition; * = No Ack)
> [S] <10:R> 12 1C 01 00 00 80 02 1C 02 8F BE 12 00 25 12 41 01 00 00* [P]
> -----
> 
> Looking at the matching kernel trace:
> -----
> kssif0010-759   [001] ....  1435.891090: smbus_read: i2c-0 a=010 f=0000 c=3 BLOCK_DATA
> kssif0010-759   [001] ....  1436.202906: smbus_reply: i2c-0 a=010 f=0000 c=3 BLOCK_DATA l=20 [13-12-1c-01-00-00-80-02-1c-02-8f-be-12-00-25-12-41-01-00-00]
> kssif0010-759   [001] ....  1436.202908: smbus_result: i2c-0 a=010 f=0000 c=3 BLOCK_DATA rd res=0
> -----
> 
> So basically the byte count already precedes the data in the dma_buffer,
> then the driver sticks desc->rxbytes in front of this resulting in the
> trace above.
> 
> The first patch tackles this.
> 
> The second patch in the series adds a sanity check on the byte count
> supplied by the slave device.  This might be a nice to have, but is
> probably less critical.

Both patches look good to me. Seth, Neil, do you agree?


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ