Re: [PATCH] i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer

[Sven Eckelmann <sven@narfation.org>]

[-- Attachment #1: Type: text/plain, Size: 1614 bytes --]

On Monday, 4 August 2025 11:17:47 CEST Wolfram Sang wrote:
> Yes, we can do that. In general, it doesn't make sense to add this check
> when the ultimate goal is to support SMBus v3 which doesn't need the
> check anymore. But if it is blocking further development, we can apply
> this. The check will be removed when SMBus v3 support comes in.

Yes, when I2C_SMBUS_BLOCK_MAX becomes >= 255 bytes, such a check would not 
be necessary. But this driver is already in Linux 6.13 - and in this version, 
I2C_SMBUS_BLOCK_MAX is just 32 bytes. So, just from the code perspective, it 
would be interesting for Linux stable to get this fixed in longterm kernel 
6.15 (and also the most recent Linux 6.16.y).

If you want to have an argument against this patch then it would be the the 
hardware limitation of this i2c host controller. It only allows to transfer up 
to 16 bytes. But then you could also argue that there might be variants which 
will not have this limitation anymore. And Jonas is already trying to make the 
driver more flexible [1] - the future will only show whether this will ever be 
a relevant check (before I2C_SMBUS_BLOCK_MAX is large enough to make this 
check obsolete).

Btw. I've already picked it up in my patchset [2] to avoid conflicts with this 
patch. And since they (2-4) fix broken functionality in Linux 6.13, this patch 
becomes a requirement for backporting those fixes to the stable kernels.

Kind regards,
	Sven

[1] https://lore.kernel.org/r/20250729075145.2972-1-jelonek.jonas@gmail.com
[2] https://lore.kernel.org/r/20250804-i2c-rtl9300-multi-byte-v3-0-e20607e1b28c@narfation.org

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 228 bytes --]