From: matthieu castet <castet.matthieu@free.fr>
To: Patrick Boettcher <patrick.boettcher@desy.de>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>,
linux-media@vger.kernel.org, DVB list <linux-dvb@linuxtv.org>
Subject: [PATCH] DIBUSB_MC : fix i2c to not corrupt eeprom in case of strange read pattern
Date: Sat, 16 May 2009 15:08:29 +0200 [thread overview]
Message-ID: <4A0EBACD.6070601@free.fr> (raw)
In-Reply-To: <498215A8.3020203@free.fr>
[-- Attachment #1: Type: text/plain, Size: 458 bytes --]
Hi,
dibusb_i2c_xfer seems to do things very dangerous :
it assumes that it get only write/read request or write request.
That means that read can be understood as write. For example a program
doing
file = open("/dev/i2c-x", O_RDWR);
ioctl(file, I2C_SLAVE, 0x50)
read(file, data, 10)
will corrupt the eeprom as it will be understood as a write.
I attach a possible (untested) patch.
Matthieu
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
[-- Attachment #2: dibusb_i2c --]
[-- Type: text/plain, Size: 927 bytes --]
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Index: linux-2.6/drivers/media/dvb/dvb-usb/dibusb-common.c
===================================================================
--- linux-2.6.orig/drivers/media/dvb/dvb-usb/dibusb-common.c 2009-02-09 20:36:03.000000000 +0100
+++ linux-2.6/drivers/media/dvb/dvb-usb/dibusb-common.c 2009-02-09 20:38:21.000000000 +0100
@@ -133,14 +133,18 @@
for (i = 0; i < num; i++) {
/* write/read request */
- if (i+1 < num && (msg[i+1].flags & I2C_M_RD)) {
+ if (i+1 < num && (msg[i].flags & I2C_M_RD) == 0
+ && (msg[i+1].flags & I2C_M_RD)) {
if (dibusb_i2c_msg(d, msg[i].addr, msg[i].buf,msg[i].len,
msg[i+1].buf,msg[i+1].len) < 0)
break;
i++;
- } else
+ } else if ((msg[i].flags & I2C_M_RD) == 0) {
if (dibusb_i2c_msg(d, msg[i].addr, msg[i].buf,msg[i].len,NULL,0) < 0)
break;
+ }
+ else
+ break;
}
mutex_unlock(&d->i2c_mutex);
next prev parent reply other threads:[~2009-05-16 13:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-07 11:36 [linux-dvb] [PATCH] Support faulty USB IDs on DIBUSB_MC matthieu castet
2009-01-19 20:38 ` matthieu castet
2009-01-29 9:47 ` Mauro Carvalho Chehab
2009-01-29 10:19 ` Patrick Boettcher
2009-01-29 12:05 ` Mauro Carvalho Chehab
2009-01-29 13:08 ` Patrick Boettcher
2009-01-29 13:34 ` Mauro Carvalho Chehab
2009-01-29 20:05 ` matthieu castet
2009-01-29 20:46 ` matthieu castet
2009-02-09 19:40 ` matthieu castet
2009-02-09 19:44 ` [linux-dvb] " Devin Heitmueller
2009-02-09 20:16 ` matthieu castet
2009-02-09 20:32 ` Devin Heitmueller
2009-02-09 19:51 ` Devin Heitmueller
2009-05-16 13:08 ` matthieu castet [this message]
2009-05-20 8:42 ` [PATCH] DIBUSB_MC : fix i2c to not corrupt eeprom in case of strange read pattern Patrick Boettcher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A0EBACD.6070601@free.fr \
--to=castet.matthieu@free.fr \
--cc=linux-dvb@linuxtv.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
--cc=patrick.boettcher@desy.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox