rpms / kernel

Clone
Source Code
GIT

Blame HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch

26 Label_NFS f10 f11 f12 f12-user-myoung-xendom0 f13 f13-2.6.33-master f13-user-steved-pnfs-13 f14 f14-user-kyle-bz664206 f14-user-kyle-f14-2.6.37 f14-user-lkundrak-vaio-brightness-645937 f14-user-steved-pnfs-f14 f15 f15-2.6.39 f15-30-going-on-40 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-pf f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main oneoffs private-jcm-arm-nosmp-kallsyms private-jcm-arm-nosmp-kallsyms-f17 private-nhorman-sgx-v15 rawhide rhbz_1205083 stabilization talos user/steved/f19-lnfs-v3.8 user/steved/f19-lnfs-v3.8-rc7
  1.   3e20b48b94eef42301644ed0c3d50fc826186250
  2.   HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch
Blob History Raw
cb58a1e 
Bugzilla: 1090161
cb58a1e 
Upstream-status: sent https://patchwork.kernel.org/patch/4055781/
cb58a1e
cb58a1e 
From patchwork Thu Apr 24 22:26:38 2014
cb58a1e 
Content-Type: text/plain; charset="utf-8"
cb58a1e 
MIME-Version: 1.0
cb58a1e 
Content-Transfer-Encoding: 7bit
cb58a1e 
Subject: HID: rmi: do not fetch more than 16 bytes in a query
cb58a1e 
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
cb58a1e 
X-Patchwork-Id: 4055781
cb58a1e 
Message-Id: <1398378398-24825-1-git-send-email-benjamin.tissoires@redhat.com>
cb58a1e 
To: Andrew Duggan <aduggan@synaptics.com>,
cb58a1e 
	Christopher Heiny <cheiny@synaptics.com>,
cb58a1e 
	Jiri Kosina <jkosina@suse.cz>, linux-input@vger.kernel.org,
cb58a1e 
	linux-kernel@vger.kernel.org
cb58a1e 
Date: Thu, 24 Apr 2014 18:26:38 -0400
cb58a1e
cb58a1e 
A firmware bug is present on the XPS Haswell edition which silently
cb58a1e 
split the request in two responses when the caller ask for a read of
cb58a1e 
more than 16 bytes.
cb58a1e 
The FW sends the first 16 then the 4 next, but it says that it answered
cb58a1e 
the 20 bytes in the first report.
cb58a1e
cb58a1e 
This occurs only on the retrieving of the min/max of X and Y of the F11
cb58a1e 
function.
cb58a1e 
We only use the first 10 bytes of the Ctrl register, so we can get only
cb58a1e 
those 10 bytes to prevent the bug from happening.
cb58a1e
cb58a1e 
Resolves:
cb58a1e 
https://bugzilla.redhat.com/show_bug.cgi?id=1090161
cb58a1e
cb58a1e 
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
cb58a1e
cb58a1e 
---
cb58a1e 
drivers/hid/hid-rmi.c | 11 ++++++++---
cb58a1e 
 1 file changed, 8 insertions(+), 3 deletions(-)
cb58a1e
cb58a1e 
diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
cb58a1e 
index 7da9509..cee89c9 100644
cb58a1e 
--- a/drivers/hid/hid-rmi.c
cb58a1e 
+++ b/drivers/hid/hid-rmi.c
cb58a1e 
@@ -613,10 +613,15 @@ static int rmi_populate_f11(struct hid_device *hdev)
cb58a1e 
 		}
cb58a1e 
 	}
cb58a1e
cb58a1e 
-	/* retrieve the ctrl registers */
cb58a1e 
-	ret = rmi_read_block(hdev, data->f11.control_base_addr, buf, 20);
cb58a1e 
+	/*
cb58a1e 
+	 * retrieve the ctrl registers
cb58a1e 
+	 * the ctrl register has a size of 20 but a fw bug split it into 16 + 4,
cb58a1e 
+	 * and there is no way to know if the first 20 bytes are here or not.
cb58a1e 
+	 * We use only the first 10 bytes, so get only them.
cb58a1e 
+	 */
cb58a1e 
+	ret = rmi_read_block(hdev, data->f11.control_base_addr, buf, 10);
cb58a1e 
 	if (ret) {
cb58a1e 
-		hid_err(hdev, "can not read ctrl block of size 20: %d.\n", ret);
cb58a1e 
+		hid_err(hdev, "can not read ctrl block of size 10: %d.\n", ret);
cb58a1e 
 		return ret;
cb58a1e 
 	}
cb58a1e
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.