| Message ID | 1436379459-8263-1-git-send-email-ellen@cumulusnetworks.com (mailing list archive) |
|---|---|
| State | New, archived |
| Delegated to: | Jiri Kosina |
| Headers | show |
On Wed, 8 Jul 2015, Ellen Wang wrote: > cp2112_i2c_xfer() only reads up to 61 bytes, returning EIO > on longers reads. The fix is to wrap a loop around > cp2112_read() to pick up all the returned data. > > Signed-off-by: Ellen Wang <ellen@cumulusnetworks.com> > --- > This is the updated patch with a check for 0 return from > cp2112_read(). I tested it with a suitable delay in the loop > to trigger the cp2112_raw_event() overrun bug, which must > be fixed before this patch is applied. Now applied to for-4.3/cp2112 (which is based on for-4.2/upstream-fixes, where the overrun in ->raw_event() callback is fixed). So please send any potential updates as followups on top of this patch.
On Thu, Jul 9, 2015 at 8:17 PM, Jiri Kosina <jkosina@suse.com> wrote: > On Wed, 8 Jul 2015, Ellen Wang wrote: > >> cp2112_i2c_xfer() only reads up to 61 bytes, returning EIO >> on longers reads. The fix is to wrap a loop around >> cp2112_read() to pick up all the returned data. >> >> Signed-off-by: Ellen Wang <ellen@cumulusnetworks.com> >> --- >> This is the updated patch with a check for 0 return from >> cp2112_read(). I tested it with a suitable delay in the loop >> to trigger the cp2112_raw_event() overrun bug, which must >> be fixed before this patch is applied. > > Now applied to for-4.3/cp2112 (which is based on for-4.2/upstream-fixes, > where the overrun in ->raw_event() callback is fixed). So please send any > potential updates as followups on top of this patch. > It works as expected. Either Tested-by: Antonio Borneo <borneo.antonio@gmail.com> and/or Reviewed-by: Antonio Borneo <borneo.antonio@gmail.com> Regards, Antonio -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/hid/hid-cp2112.c b/drivers/hid/hid-cp2112.c index 3318de6..80e3488 100644 --- a/drivers/hid/hid-cp2112.c +++ b/drivers/hid/hid-cp2112.c @@ -509,13 +509,30 @@ static int cp2112_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, if (!(msgs->flags & I2C_M_RD)) goto finish; - ret = cp2112_read(dev, msgs->buf, msgs->len); - if (ret < 0) - goto power_normal; - if (ret != msgs->len) { - hid_warn(hdev, "short read: %d < %d\n", ret, msgs->len); - ret = -EIO; - goto power_normal; + for (count = 0; count < msgs->len;) { + ret = cp2112_read(dev, msgs->buf + count, msgs->len - count); + if (ret < 0) + goto power_normal; + if (ret == 0) { + hid_err(hdev, "read returned 0\n"); + ret = -EIO; + goto power_normal; + } + count += ret; + if (count > msgs->len) { + /* + * The hardware returned too much data. + * This is mostly harmless because cp2112_read() + * has a limit check so didn't overrun our + * buffer. Nevertheless, we return an error + * because something is seriously wrong and + * it shouldn't go unnoticed. + */ + hid_err(hdev, "long read: %d > %zd\n", + ret, msgs->len - count + ret); + ret = -EIO; + goto power_normal; + } } finish:
cp2112_i2c_xfer() only reads up to 61 bytes, returning EIO on longers reads. The fix is to wrap a loop around cp2112_read() to pick up all the returned data. Signed-off-by: Ellen Wang <ellen@cumulusnetworks.com> --- This is the updated patch with a check for 0 return from cp2112_read(). I tested it with a suitable delay in the loop to trigger the cp2112_raw_event() overrun bug, which must be fixed before this patch is applied. --- drivers/hid/hid-cp2112.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-)