07.02.2019 18:23, Sowjanya Komatineni пишет: > >> It became apparent to me that there is a problem here. The size of dma_buf >> is 4096 bytes and maximum message length is 4096 too, we have pushed 12 >> bytes packet_header to the buffer >and now there are 4084 bytes left for the >> message in the buffer. Hence transfer of 4KB will cause buffer overflow and >> either crash kernel or corrupt memory. One solution is to just always >push >> packet_header using PIO, other to reduce max_write_len or increase dma_buf >> size. > > Yes, This is known to me and I will add separate patch for this to update > quirks to take care for t186 and t194 to exclude packet hdr lengths > There was separate patch when quirks were added and it got merged already > from 5.0-rc1 but don’t want to sneak that here. Will send separate patch to > take care of this. > Need to update quirk to exclude packet header >
No. This is a bug of this patch, it must be fixed in this patch as well. Please include this snippet into the next version of this patch. diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c index 7921d3e6237d..0ed8162a37e4 100644 --- a/drivers/i2c/busses/i2c-tegra.c +++ b/drivers/i2c/busses/i2c-tegra.c @@ -1293,7 +1293,7 @@ static const struct i2c_algorithm tegra_i2c_algo = { static const struct i2c_adapter_quirks tegra_i2c_quirks = { .flags = I2C_AQ_NO_ZERO_LEN, .max_read_len = 4096, - .max_write_len = 4096, + .max_write_len = 4096 - I2C_PACKET_HEADER_SIZE, }; static const struct i2c_adapter_quirks tegra194_i2c_quirks = { @@ -1545,7 +1545,7 @@ static int tegra_i2c_probe(struct platform_device *pdev) i2c_dev->is_dvc = of_device_is_compatible(pdev->dev.of_node, "nvidia,tegra20-i2c-dvc"); i2c_dev->adapter.quirks = i2c_dev->hw->quirks; - i2c_dev->dma_buf_size = i2c_dev->adapter.quirks->max_write_len; + i2c_dev->dma_buf_size = i2c_dev->adapter.quirks->max_read_len; init_completion(&i2c_dev->msg_complete); init_completion(&i2c_dev->dma_complete); spin_lock_init(&i2c_dev->xfer_lock);