From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD29213635E for ; Tue, 28 Apr 2026 11:03:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777374219; cv=none; b=mZKG1F8GFn7xWYlfTt8eJbO9FHpYYskb1jBw/+gunf7/ZOl0CNcshnAUiSdnHoizK/ouCqgbkD+jFomfuYmI0p9M+zME1fu4hdt/XJcWtibtJFQnsR27ENqmqyWm0+UDVH1iz6VNd7z+gFBsua3oozOdb+aWXMPUunlm303r+7o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777374219; c=relaxed/simple; bh=KwHoNDnh1M8bGWb++E31QnOTc/4aQhmway/EsW4NFX0=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=M30W9zenfSfZLPl3yUVEMLb1J4hFWXXuOoP2J4FmZLM6iUnyUvaSEBVbb5X71pPKqff2ArjFUx+sWsl6Hktu0zrn4L1jDP62u5dcokVm036gN8kFAs2PA5u/Aovg6Wh4GeuEy5TmdKWzV7eenlQJ5+Kz3gnF60ey5ke1DmnQsOI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=BZcqSCTI; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=HRx/Ju39; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="BZcqSCTI"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="HRx/Ju39" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777374216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7aTGB+L3zA78hZ8rQ+s8jp1YOahyLWJe2Z95bv9MWHk=; b=BZcqSCTIYjz10MqnHm7mpEf58B7PvmwTrbyIV7HIQdgGG4TUHnuUxInqIkHd80CdbVqyPx q6c0PpmSGwU05QsXM6R4qjRHgeAwkNJC1kbiiB8N8In9zhrwZFxQnyy4td2I0x4M/UmK9i 5ILTQ7cU1VAWJ/5+Scdj7wc03LXH/aw= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-308-99eEaTz4MemwOAknqSR5rw-1; Tue, 28 Apr 2026 07:03:35 -0400 X-MC-Unique: 99eEaTz4MemwOAknqSR5rw-1 X-Mimecast-MFC-AGG-ID: 99eEaTz4MemwOAknqSR5rw_1777374215 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-8ebe2c596c6so1672426185a.1 for ; Tue, 28 Apr 2026 04:03:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1777374215; x=1777979015; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=7aTGB+L3zA78hZ8rQ+s8jp1YOahyLWJe2Z95bv9MWHk=; b=HRx/Ju39vVBUFM7yMb0i+8T6jFN4/AjQHrJzumqNDiU9WsLBSBZE2rnjdxkXmvqRxU PPARpvEkYoOA507kv9hiwnNq/PaJrIsEnhUCx1Snd90g+FKDjpFes1G5aipKIOpEL+QQ +p3o+rqfaAS+7MaEAlX7T7bq4RXcHl/CW93vwqqqoNvG4HFdRtxZeAC2dNNId1FXVpM5 VVfSdZWIY06/gAyS86KyrXOccCn2OzaToopdOLO/+Dzi2vvdO9UxG7G0sRl8RhT2vKVG G9pkRFrb+PNzMCl9DSSc0Pn3jJqVfBc5FO5P/r9fD1Bbo2RLqGICWapMyfspUY1N3JGp 6q4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777374215; x=1777979015; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7aTGB+L3zA78hZ8rQ+s8jp1YOahyLWJe2Z95bv9MWHk=; b=VT/gJAuUhiO9LabDoAkpBIVNwH+g9Q+KpK17hwyDvOPnxPXfCS/2D1Kv+FglA3nt1H Gs97OvDCVajkV6dZduai7OCAiX/YfmbF1cj2H6qRP414WwCn8y5zHI7lImInJGP6nf0y GGR2mtYdW4fAOwNGm6N2YONWTfqorS/7SvSDq/QyRag5ddweV3w3ygy6nH0b3f8C3lpB 1xFE6o0KJqiv3q3P+zZmKLXzTRAy6gTjIvjXUgbTG+rHVMzWZZCo1ZLPj/hLC2cStGAr TSgXM4PQ3agAZ+uyRspxzk51rYwpsZhYp4GfrIa5NHowmyvG1B3+VtyvU8n5pXL9grA2 hjUQ== X-Forwarded-Encrypted: i=1; AFNElJ+dE3N9qNyFxkxFR0Z8R9eWahuSa7dIlgkRJAC/7JMDrwkNVjaUagq5lN3MzbXTmO3MF/mfBOMUvHE+xPk=@vger.kernel.org X-Gm-Message-State: AOJu0YzcZ9CATj6htf/FPL1e6ZLNp926DtlXRgCNqMBktBujVCUwlHqX aacrqtMhTAqtgbjoGSpWV1jJtJuNXTfT8cDDAVaa+MGjF9xCQLo/9MpK+nziWhuoIFrrL9VinZO 2z3/PpoCh4aaF79CA5uLMUyl6h0Ct2bjr+0JzDOnJJOoI4OdtdQ7zlysllM6/ge5NvA== X-Gm-Gg: AeBDietoiufCGtGcMed5siwKKd7YfFGH/3zErySgWdPD2rlEIy8D2XS/OA4jCJW3UHe a3IxICDHadPiYFOs28z23XuJI55mgk84kV0a7K8ZuqVrd+VDd/kscZ02TMLN0fOIcIWItj3xYkS XdbV6X2S2lVxJiA+o+sOvHpXfK8WxAbuRIn7B7Y6fi81Dccxk+xG5RvHfX7GLU/fDyXrucc1PHY YVgjoI3FpnsKZLVX90OImSjY/st3rcx6XXuAm3HZp/O7BIISR5zVv1dlMKw6XwX35e/Zt7Fy7oJ Hm7OnAWjeboBuTccxrOCCsAg/5gn/u5KrNS8HTOwHMXgzOahjL+gTuIGYpQp5PmWtpz+fOJNU70 OpQx+6trW8YF9KAo/0+FobmvD1YgnFOQWkONjj0o8FpVxSTDE56jzO7y4R2gTCS6Prw== X-Received: by 2002:a05:620a:4708:b0:8ee:21b3:2eba with SMTP id af79cd13be357-8f7d9201baemr337410885a.33.1777374214868; Tue, 28 Apr 2026 04:03:34 -0700 (PDT) X-Received: by 2002:a05:620a:4708:b0:8ee:21b3:2eba with SMTP id af79cd13be357-8f7d9201baemr337402685a.33.1777374214349; Tue, 28 Apr 2026 04:03:34 -0700 (PDT) Received: from [192.168.88.32] ([216.128.9.114]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8f7c84b1f71sm150970285a.39.2026.04.28.04.03.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Apr 2026 04:03:33 -0700 (PDT) Message-ID: <73dadef2-4c19-4740-882a-0fcaca6b8bde@redhat.com> Date: Tue, 28 Apr 2026 13:03:30 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH net v2] net: mctp i2c: check length before marking flow active To: "William A. Kennington III" , Jeremy Kerr , Matt Johnston , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Wolfram Sang Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <20260423001517.79219-1-william@wkennington.com> <20260423074741.201460-1-william@wkennington.com> Content-Language: en-US From: Paolo Abeni In-Reply-To: <20260423074741.201460-1-william@wkennington.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 4/23/26 9:46 AM, William A. Kennington III wrote: > Currently, mctp_i2c_get_tx_flow_state() is called before the packet length > sanity check. This function marks a new flow as active in the MCTP core. > > If the sanity check fails, mctp_i2c_xmit() returns early without calling > mctp_i2c_lock_nest(). This results in a mismatched locking state: the > flow is active, but the I2C bus lock was never acquired for it. > > When the flow is later released, mctp_i2c_release_flow() will see the > active state and queue an unlock marker. The TX thread will then > decrement midev->i2c_lock_count from 0, causing it to underflow to -1. > > This underflow permanently breaks the driver's locking logic, allowing > future transmissions to occur without holding the I2C bus lock, leading > to bus collisions and potential hardware hangs. > > Move the mctp_i2c_get_tx_flow_state() call to after the length sanity > check to ensure we only transition the flow state if we are actually > going to proceed with the transmission and locking. > > Fixes: f5b8abf9fc3d ("mctp i2c: MCTP I2C binding driver") > Signed-off-by: William A. Kennington III Note that you should have included Jeremy's ack, and you should have avoided reposting before the 24h grace period. In this specific case, you could have avoided a repost entirely /P