lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 17 Jul 2020 09:02:34 -0700
From:   'Dmitry Torokhov' <>
To:     jingle <>
Cc:     'linux-kernel' <>,
        'linux-input' <>,
        'phoenix' <>,
        "'josh.chen'" <>,
        "'kai.heng.feng'" <>
Subject: Re: [PATCH 2/2] Input: elan_i2c - Modify the IAP related functio n
 for page sizes 128, 512 bytes.

Hi Jingle,

On Fri, Jul 17, 2020 at 04:31:58PM +0800, jingle wrote:
> Hi Dmitry:
> 1. 
> In this function elan_get_fwinfo().
> +static int elan_get_fwinfo(u16 ic_type, u8 iap_version, u8 pattern,
> +			   u16 *validpage_count, u32 *signature_address,
> +			   u16 *page_size)
>  {
> -	switch (ic_type) {
> +	u16 type = pattern >= 0x01 ? ic_type : iap_version;
> +
> +	switch (type) {
> This iap_version in pattern0 is read from this command
> ETP_I2C_IAP_VERSION_CMD_OLD ,it is not from this command
> So u16 type = pattern >= 0x01 ? ic_type : iap_version; <- wrong
> 2. In this "static int elan_i2c_prepare_fw_update(struct i2c_client *client,
> u16 ic_type, u8 iap_version)" function.
> The ic is old pattern must be modify correct ic_type. (cmd is

I see. It looks like there is some confusion on my part between IAP
version, IC type, and the commands that we want to use. Please let me
know if I understand this correctly:

- For patterns >=1 (newer)
  IAP version is retrieved with ETP_I2C_IAP_VERSION_CMD
  IC type is fetched with ETP_I2C_IC_TYPE_CMD
  Version comes from ETP_I2C_NSM_VERSION_CMD

- For pattern 0 (old)
  Before your patches
    IAP version was using ETP_I2C_IAP_VERSION_CMD (and you are saying
    it is wrong)
    Version comes from 1st byte of ETP_I2C_OSM_VERSION_CMD
    IC type comes from 2nd byte of ETP_I2C_OSM_VERSION_CMD (and you are
    saying it is some other bit of data - what is it then?)

  After your patches
    IAP version is retrieved with ETP_I2C_IAP_VERSION_CMD_OLD
    Version comes from 1st byte of ETP_I2C_OSM_VERSION_CMD
    IC type is retrieved with ETP_I2C_IAP_VERSION_CMD (should we rename
    it then?)

So the difference is where the the IC type is coming from for old
patterns. However, as I mentioned, we have the following body of code:

static int elan_check_ASUS_special_fw(struct elan_tp_data *data)
	if (data->ic_type == 0x0E) {
		switch (data->product_id) {
		case 0x05 ... 0x07:
		case 0x09:
		case 0x13:
			return true;
	} else if (data->ic_type == 0x08 && data->product_id == 0x26) {
		/* ASUS EeeBook X205TA */
		return true;

	return false;

And before your patches ic_type here would be the 2nd byte of response
to ETP_I2C_OSM_VERSION_CMD for older devices and my concern that
replacing it with data from ETP_I2C_IAP_VERSION_CMD would break these

We need to reconcile what we have in this function with what you are
proposing for firmware update code.


Powered by blists - more mailing lists