07.02.2019 18:23, Sowjanya Komatineni пишет:
>
>> It became apparent to me that there is a problem here. The size of dma_buf
>> is 4096 bytes and maximum message length is 4096 too, we have pushed 12
>> bytes packet_header to the buffer >and now there are 4084 bytes left for the
>> message in the buffer. Hence transfer of 4KB will cause buffer overflow and
>> either crash kernel or corrupt memory. One solution is to just always >push
>> packet_header using PIO, other to reduce max_write_len or increase dma_buf
>> size.
>
> Yes, This is known to me and I will add separate patch for this to update
> quirks to take care for t186 and t194 to exclude packet hdr lengths
> There was separate patch when quirks were added and it got merged already
> from 5.0-rc1 but don’t want to sneak that here. Will send separate patch to
> take care of this.
> Need to update quirk to exclude packet header
>
No. This is a bug of this patch, it must be fixed in this patch as well.
Please include this snippet into the next version of this patch.
diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
index 7921d3e6237d..0ed8162a37e4 100644
--- a/drivers/i2c/busses/i2c-tegra.c
+++ b/drivers/i2c/busses/i2c-tegra.c
@@ -1293,7 +1293,7 @@ static const struct i2c_algorithm tegra_i2c_algo = {
static const struct i2c_adapter_quirks tegra_i2c_quirks = {
.flags = I2C_AQ_NO_ZERO_LEN,
.max_read_len = 4096,
- .max_write_len = 4096,
+ .max_write_len = 4096 - I2C_PACKET_HEADER_SIZE,
};
static const struct i2c_adapter_quirks tegra194_i2c_quirks = {
@@ -1545,7 +1545,7 @@ static int tegra_i2c_probe(struct platform_device *pdev)
i2c_dev->is_dvc = of_device_is_compatible(pdev->dev.of_node,
"nvidia,tegra20-i2c-dvc");
i2c_dev->adapter.quirks = i2c_dev->hw->quirks;
- i2c_dev->dma_buf_size = i2c_dev->adapter.quirks->max_write_len;
+ i2c_dev->dma_buf_size = i2c_dev->adapter.quirks->max_read_len;
init_completion(&i2c_dev->msg_complete);
init_completion(&i2c_dev->dma_complete);
spin_lock_init(&i2c_dev->xfer_lock);
