On success i2c_master_send() returns the number of bytes written. The
call from iio_write_channel_info(), however, expects the return value to
be zero on success.
This bug causes incorrect consumption of the sysfs buffer in
iio_write_channel_info(). When writing more than two characters to
out_voltage0_raw, the ad5446 write handler is called multiple times
causing unexpected behavior.
Fixes: 3ec36a2cf0d5 ("iio:ad5446: Add support for I2C based DACs")
Signed-off-by: Pekka Korpinen <[email protected]>
---
v1->v2: Check against expected result, otherwise -EIO. Add Fixes tag.
A similar bug was fixed for ad5064.c in 2015 - commit 03fe472ef33b
("iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success").
drivers/iio/dac/ad5446.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/iio/dac/ad5446.c b/drivers/iio/dac/ad5446.c
index 488ec69967d6..e50718422411 100644
--- a/drivers/iio/dac/ad5446.c
+++ b/drivers/iio/dac/ad5446.c
@@ -531,8 +531,15 @@ static int ad5622_write(struct ad5446_state *st, unsigned val)
{
struct i2c_client *client = to_i2c_client(st->dev);
__be16 data = cpu_to_be16(val);
+ int ret;
+
+ ret = i2c_master_send(client, (char *)&data, sizeof(data));
+ if (ret < 0)
+ return ret;
+ if (ret != sizeof(data))
+ return -EIO;
- return i2c_master_send(client, (char *)&data, sizeof(data));
+ return 0;
}
/*
--
2.33.0
On Thu, 14 Oct 2021 20:37:38 +0300
Pekka Korpinen <[email protected]> wrote:
> On success i2c_master_send() returns the number of bytes written. The
> call from iio_write_channel_info(), however, expects the return value to
> be zero on success.
>
> This bug causes incorrect consumption of the sysfs buffer in
> iio_write_channel_info(). When writing more than two characters to
> out_voltage0_raw, the ad5446 write handler is called multiple times
> causing unexpected behavior.
>
> Fixes: 3ec36a2cf0d5 ("iio:ad5446: Add support for I2C based DACs")
> Signed-off-by: Pekka Korpinen <[email protected]>
Hi Pekka,
No need to resend a patch so soon. Feel free to just sent a 'bump'
type message in reply to the original posting.
Anyhow, I've picked that up today anyway (and only noticed this whilst
marking it applied in patchwork).
Thanks,
Jonathan
> ---
> v1->v2: Check against expected result, otherwise -EIO. Add Fixes tag.
>
> A similar bug was fixed for ad5064.c in 2015 - commit 03fe472ef33b
> ("iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success").
>
> drivers/iio/dac/ad5446.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iio/dac/ad5446.c b/drivers/iio/dac/ad5446.c
> index 488ec69967d6..e50718422411 100644
> --- a/drivers/iio/dac/ad5446.c
> +++ b/drivers/iio/dac/ad5446.c
> @@ -531,8 +531,15 @@ static int ad5622_write(struct ad5446_state *st, unsigned val)
> {
> struct i2c_client *client = to_i2c_client(st->dev);
> __be16 data = cpu_to_be16(val);
> + int ret;
> +
> + ret = i2c_master_send(client, (char *)&data, sizeof(data));
> + if (ret < 0)
> + return ret;
> + if (ret != sizeof(data))
> + return -EIO;
>
> - return i2c_master_send(client, (char *)&data, sizeof(data));
> + return 0;
> }
>
> /*