drivers/char/ipmi/ssif_bmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Move smbus_cmd assignment to the end of process_smbus_cmd() to ensure
the new command is not lost when complete_response() is triggered.
Fixes: dd2bc5cc9e25 ("ipmi: ssif_bmc: Add SSIF BMC driver")
Signed-off-by: Cosmo Chou <chou.cosmo@gmail.com>
---
drivers/char/ipmi/ssif_bmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
index a14fafc583d4..7a4f52987a7d 100644
--- a/drivers/char/ipmi/ssif_bmc.c
+++ b/drivers/char/ipmi/ssif_bmc.c
@@ -579,7 +579,6 @@ static void process_request_part(struct ssif_bmc_ctx *ssif_bmc)
static void process_smbus_cmd(struct ssif_bmc_ctx *ssif_bmc, u8 *val)
{
/* SMBUS command can vary (single or multi-part) */
- ssif_bmc->part_buf.smbus_cmd = *val;
ssif_bmc->msg_idx = 1;
memset(&ssif_bmc->part_buf.payload[0], 0, MAX_PAYLOAD_PER_TRANSACTION);
@@ -596,6 +595,7 @@ static void process_smbus_cmd(struct ssif_bmc_ctx *ssif_bmc, u8 *val)
if (ssif_bmc->aborting)
ssif_bmc->aborting = false;
}
+ ssif_bmc->part_buf.smbus_cmd = *val;
}
static void on_read_requested_event(struct ssif_bmc_ctx *ssif_bmc, u8 *val)
--
2.34.1
On 01/01/2025 23:54, Cosmo Chou wrote:
> Move smbus_cmd assignment to the end of process_smbus_cmd() to ensure
> the new command is not lost when complete_response() is triggered.
>
Thanks Cosmo for the catch.
And, IMHO, the root cause is the memset() on part buffer called in
complete_response() is not quite correct. In the current implementation,
the complete_response() should only be called when the READ is
completed, ie: only on I2C_SLAVE_STOP of READ transaction, otherwise all
the info of current on-going request will be mistakenly cleared as in
this case.
This patch is good and I wonder if we can make this a bit further as below?
diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
index a14fafc583d4..310f17dd9511 100644
--- a/drivers/char/ipmi/ssif_bmc.c
+++ b/drivers/char/ipmi/ssif_bmc.c
@@ -292,7 +292,6 @@ static void complete_response(struct ssif_bmc_ctx
*ssif_bmc)
ssif_bmc->nbytes_processed = 0;
ssif_bmc->remain_len = 0;
ssif_bmc->busy = false;
- memset(&ssif_bmc->part_buf, 0, sizeof(struct ssif_part_buffer));
wake_up_all(&ssif_bmc->wait_queue);
}
@@ -744,9 +743,11 @@ static void on_stop_event(struct ssif_bmc_ctx
*ssif_bmc, u8 *val)
ssif_bmc->aborting = true;
}
} else if (ssif_bmc->state == SSIF_RES_SENDING) {
- if (ssif_bmc->is_singlepart_read || ssif_bmc->block_num
== 0xFF)
+ if (ssif_bmc->is_singlepart_read || ssif_bmc->block_num
== 0xFF) {
+ memset(&ssif_bmc->part_buf, 0, sizeof(struct
ssif_part_buffer));
/* Invalidate response buffer to denote it is
sent */
complete_response(ssif_bmc);
+ }
ssif_bmc->state = SSIF_READY;
}
Thanks and Happy New Year.
- Quan
On Fri, Jan 03, 2025 at 10:44:46AM +0700, Quan Nguyen wrote:
>
>
> On 01/01/2025 23:54, Cosmo Chou wrote:
> > Move smbus_cmd assignment to the end of process_smbus_cmd() to ensure
> > the new command is not lost when complete_response() is triggered.
> >
>
> Thanks Cosmo for the catch.
>
> And, IMHO, the root cause is the memset() on part buffer called in
> complete_response() is not quite correct. In the current implementation, the
> complete_response() should only be called when the READ is completed, ie:
> only on I2C_SLAVE_STOP of READ transaction, otherwise all the info of
> current on-going request will be mistakenly cleared as in this case.
>
> This patch is good and I wonder if we can make this a bit further as below?
Yes, this is probably more future proof.
Can you send me a formal patch, with a "Found-by:" for Cosmo? I'll
replace Cosmo's patch.
Thanks,
-corey
>
> diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
> index a14fafc583d4..310f17dd9511 100644
> --- a/drivers/char/ipmi/ssif_bmc.c
> +++ b/drivers/char/ipmi/ssif_bmc.c
> @@ -292,7 +292,6 @@ static void complete_response(struct ssif_bmc_ctx
> *ssif_bmc)
> ssif_bmc->nbytes_processed = 0;
> ssif_bmc->remain_len = 0;
> ssif_bmc->busy = false;
> - memset(&ssif_bmc->part_buf, 0, sizeof(struct ssif_part_buffer));
> wake_up_all(&ssif_bmc->wait_queue);
> }
>
> @@ -744,9 +743,11 @@ static void on_stop_event(struct ssif_bmc_ctx
> *ssif_bmc, u8 *val)
> ssif_bmc->aborting = true;
> }
> } else if (ssif_bmc->state == SSIF_RES_SENDING) {
> - if (ssif_bmc->is_singlepart_read || ssif_bmc->block_num ==
> 0xFF)
> + if (ssif_bmc->is_singlepart_read || ssif_bmc->block_num ==
> 0xFF) {
> + memset(&ssif_bmc->part_buf, 0, sizeof(struct
> ssif_part_buffer));
> /* Invalidate response buffer to denote it is sent
> */
> complete_response(ssif_bmc);
> + }
> ssif_bmc->state = SSIF_READY;
> }
>
> Thanks and Happy New Year.
> - Quan
On 03/01/2025 20:01, Corey Minyard wrote: > On Fri, Jan 03, 2025 at 10:44:46AM +0700, Quan Nguyen wrote: >> >> >> On 01/01/2025 23:54, Cosmo Chou wrote: >>> Move smbus_cmd assignment to the end of process_smbus_cmd() to ensure >>> the new command is not lost when complete_response() is triggered. >>> >> >> Thanks Cosmo for the catch. >> >> And, IMHO, the root cause is the memset() on part buffer called in >> complete_response() is not quite correct. In the current implementation, the >> complete_response() should only be called when the READ is completed, ie: >> only on I2C_SLAVE_STOP of READ transaction, otherwise all the info of >> current on-going request will be mistakenly cleared as in this case. >> >> This patch is good and I wonder if we can make this a bit further as below? > > Yes, this is probably more future proof. > > Can you send me a formal patch, with a "Found-by:" for Cosmo? I'll > replace Cosmo's patch. > Thanks Corey, Will send the formal patch later. Thanks, -- Quan
On Thu, Jan 02, 2025 at 12:54:31AM +0800, Cosmo Chou wrote:
> Move smbus_cmd assignment to the end of process_smbus_cmd() to ensure
> the new command is not lost when complete_response() is triggered.
Ok, I see, patch is applied. Thank you.
Quan, I assume this is ok. Please double-check it for me.
-corey
>
> Fixes: dd2bc5cc9e25 ("ipmi: ssif_bmc: Add SSIF BMC driver")
> Signed-off-by: Cosmo Chou <chou.cosmo@gmail.com>
> ---
> drivers/char/ipmi/ssif_bmc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/ipmi/ssif_bmc.c b/drivers/char/ipmi/ssif_bmc.c
> index a14fafc583d4..7a4f52987a7d 100644
> --- a/drivers/char/ipmi/ssif_bmc.c
> +++ b/drivers/char/ipmi/ssif_bmc.c
> @@ -579,7 +579,6 @@ static void process_request_part(struct ssif_bmc_ctx *ssif_bmc)
> static void process_smbus_cmd(struct ssif_bmc_ctx *ssif_bmc, u8 *val)
> {
> /* SMBUS command can vary (single or multi-part) */
> - ssif_bmc->part_buf.smbus_cmd = *val;
> ssif_bmc->msg_idx = 1;
> memset(&ssif_bmc->part_buf.payload[0], 0, MAX_PAYLOAD_PER_TRANSACTION);
>
> @@ -596,6 +595,7 @@ static void process_smbus_cmd(struct ssif_bmc_ctx *ssif_bmc, u8 *val)
> if (ssif_bmc->aborting)
> ssif_bmc->aborting = false;
> }
> + ssif_bmc->part_buf.smbus_cmd = *val;
> }
>
> static void on_read_requested_event(struct ssif_bmc_ctx *ssif_bmc, u8 *val)
> --
> 2.34.1
>
On 03/01/2025 10:20, Corey Minyard wrote: > On Thu, Jan 02, 2025 at 12:54:31AM +0800, Cosmo Chou wrote: >> Move smbus_cmd assignment to the end of process_smbus_cmd() to ensure >> the new command is not lost when complete_response() is triggered. > > Ok, I see, patch is applied. Thank you. > > Quan, I assume this is ok. Please double-check it for me. > Yes, Corey, This patch looks good to me and I think this can be improved a bit further in my reply for Cosmo. - Quan
© 2016 - 2026 Red Hat, Inc.