diff options
| author | Eudean Sun <eudean@arista.com> | 2017-11-21 13:43:24 -0500 |
|---|---|---|
| committer | Jiri Kosina <jkosina@suse.cz> | 2017-11-21 15:39:45 -0500 |
| commit | 542134c0375b5ca2b1d18490c02b8a20bfdd8d74 (patch) | |
| tree | 5e00d617d6608e4914dcf7ac381b6e170ee0ca85 | |
| parent | 20df15783a44a289aaa8c8f83b3f715f9040c9c2 (diff) | |
HID: cp2112: Fix I2C_BLOCK_DATA transactions
The existing driver erroneously treats I2C_BLOCK_DATA and BLOCK_DATA
commands the same.
For I2C_BLOCK_DATA reads, the length of the read is provided in
data->block[0], but the length itself should not be sent to the slave. In
contrast, for BLOCK_DATA reads no length is specified since the length
will be the first byte returned from the slave. When copying data back
to the data buffer, for an I2C_BLOCK_DATA read we have to take care not to
overwrite data->block[0] to avoid overwriting the length. A BLOCK_DATA
read doesn't have this concern since the first byte returned by the device
is the length and belongs in data->block[0].
For I2C_BLOCK_DATA writes, the length is also provided in data->block[0],
but the length itself is not sent to the slave (in contrast to BLOCK_DATA
writes where the length prefixes the data sent to the slave).
This was tested on physical hardware using i2cdump with the i and s flags
to test the behavior of I2C_BLOCK_DATA reads and BLOCK_DATA reads,
respectively. Writes were not tested but the I2C_BLOCK_DATA write change
is pretty simple to verify by inspection.
Signed-off-by: Eudean Sun <eudean@arista.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
| -rw-r--r-- | drivers/hid/hid-cp2112.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/drivers/hid/hid-cp2112.c b/drivers/hid/hid-cp2112.c index 68cdc962265b..271f31461da4 100644 --- a/drivers/hid/hid-cp2112.c +++ b/drivers/hid/hid-cp2112.c | |||
| @@ -696,8 +696,16 @@ static int cp2112_xfer(struct i2c_adapter *adap, u16 addr, | |||
| 696 | (u8 *)&word, 2); | 696 | (u8 *)&word, 2); |
| 697 | break; | 697 | break; |
| 698 | case I2C_SMBUS_I2C_BLOCK_DATA: | 698 | case I2C_SMBUS_I2C_BLOCK_DATA: |
| 699 | size = I2C_SMBUS_BLOCK_DATA; | 699 | if (read_write == I2C_SMBUS_READ) { |
| 700 | /* fallthrough */ | 700 | read_length = data->block[0]; |
| 701 | count = cp2112_write_read_req(buf, addr, read_length, | ||
| 702 | command, NULL, 0); | ||
| 703 | } else { | ||
| 704 | count = cp2112_write_req(buf, addr, command, | ||
| 705 | data->block + 1, | ||
| 706 | data->block[0]); | ||
| 707 | } | ||
| 708 | break; | ||
| 701 | case I2C_SMBUS_BLOCK_DATA: | 709 | case I2C_SMBUS_BLOCK_DATA: |
| 702 | if (I2C_SMBUS_READ == read_write) { | 710 | if (I2C_SMBUS_READ == read_write) { |
| 703 | count = cp2112_write_read_req(buf, addr, | 711 | count = cp2112_write_read_req(buf, addr, |
| @@ -785,6 +793,9 @@ static int cp2112_xfer(struct i2c_adapter *adap, u16 addr, | |||
| 785 | case I2C_SMBUS_WORD_DATA: | 793 | case I2C_SMBUS_WORD_DATA: |
| 786 | data->word = le16_to_cpup((__le16 *)buf); | 794 | data->word = le16_to_cpup((__le16 *)buf); |
| 787 | break; | 795 | break; |
| 796 | case I2C_SMBUS_I2C_BLOCK_DATA: | ||
| 797 | memcpy(data->block + 1, buf, read_length); | ||
| 798 | break; | ||
| 788 | case I2C_SMBUS_BLOCK_DATA: | 799 | case I2C_SMBUS_BLOCK_DATA: |
| 789 | if (read_length > I2C_SMBUS_BLOCK_MAX) { | 800 | if (read_length > I2C_SMBUS_BLOCK_MAX) { |
| 790 | ret = -EPROTO; | 801 | ret = -EPROTO; |