Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2401388imu;
        Thu, 24 Jan 2019 12:07:52 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7d/E3BEHxrK5z9I5w6FyEC4X2Xg/QYOImosxTdeBiTFOssNtOPpnIEA3a1ikN2gGvoKxja
X-Received: by 2002:a17:902:e08b:: with SMTP id cb11mr7986202plb.263.1548360472089;
        Thu, 24 Jan 2019 12:07:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548360472; cv=none;
        d=google.com; s=arc-20160816;
        b=AjxE/lK1Fd3Z5jW3OnoM3oQaaogeR/mEbIdYYSv+8UBVZKOE3Fb9z4BM2L1JTbMi3V
         MOsfebuvos6NRRdfrB3cHXQvjZgBqp+u9B0+wwieP0VynwV8yPfwrijY2MYyEcddpYnk
         o1ux1PKei6ZCiPyLSC2XWALDlqa4QgorTNAEemS/DjZ2D3KZINJHVz4WrI4vbNw3VNtU
         DlBArPeoIzM8kbjFocjxL8FTqoHC811TDoeb3fztdvGkKuinZfCuNGjEcz3B6GTsSDEk
         pCp+zkbN1JbEX3qKgS72fDC5aBasvtMjbc6BnAKqnvkyHt3RORt1F+h8+UU6xjkqdIls
         HYjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=uNUriUeITqIA1AjQoinJC4+KRrvZzGIU870AHRWudt0=;
        b=Jc339yc74FBb2KgSgqBP+nGd4ohcGdPXa1z8/i4YKAis5tEyPINgMJ785fEy5+ADYD
         rmkBsO5zS76++6OZNXPGGhghzeNZvG/oaOSHOKC/vjUaAtg//gD44dzwkRTiRm++udZo
         dniETr6uS3gQzRrThfT+HhqpEkA1cS6yyz17iJs/UH1FNL4d7dHR5T4yiV0PZyHPgZfE
         BfNc8PkvTCe66EY559XHbPoKwRx2ZdzhpN4zrlJcqIUMhJPwGVonQGTkht4Nf7aXVIAw
         fcf7BStyhu5zvJZAYX6RPOAqbtQTP9E0ntc8LeWIE2lgkWYzBS4DgHCarByS8IyRW3gE
         lNpw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=EQxd6eR7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q19si21588600pfh.138.2019.01.24.12.07.37;
        Thu, 24 Jan 2019 12:07:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=EQxd6eR7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730728AbfAXUGt (ORCPT <rfc822;ivid.suvarna@gmail.com>
        + 99 others); Thu, 24 Jan 2019 15:06:49 -0500
Received: from mail.kernel.org ([198.145.29.99]:57970 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730954AbfAXTa1 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 Jan 2019 14:30:27 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 5FF89218D4;
        Thu, 24 Jan 2019 19:30:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1548358226;
        bh=/6bSmZRmU5XBdQkov0x7CGBHi24RuIKxJNWisy6fIeA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=EQxd6eR7b45DZSw4cSBIJ0jMAAy9YRtir59Rt1d/aRfSV8RbS5t7Vc6HuOOojvmuB
         l39VzNQe+g3nv1LIS1UZyOD86F8jEK3V7yOxqyeiGxZX4wj+KlqXQ/gX/4Z2BxoEiF
         so/F0tJd9zK7cMN047gRVC7QEGUV17qzZ4YsVKvo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Corey Minyard <cminyard@mvista.com>
Subject: [PATCH 4.9 38/39] ipmi:ssif: Fix handling of multi-part return messages
Date:   Thu, 24 Jan 2019 20:20:41 +0100
Message-Id: <20190124190449.721717915@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190124190448.232316246@linuxfoundation.org>
References: <20190124190448.232316246@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Corey Minyard <cminyard@mvista.com>

commit 7d6380cd40f7993f75c4bde5b36f6019237e8719 upstream.

The block number was not being compared right, it was off by one
when checking the response.

Some statistics wouldn't be incremented properly in some cases.

Check to see if that middle-part messages always have 31 bytes of
data.

Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org # 4.4
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/ipmi/ipmi_ssif.c |   25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -641,8 +641,9 @@ static void msg_done_handler(struct ssif
 
 		/* Remove the multi-part read marker. */
 		len -= 2;
+		data += 2;
 		for (i = 0; i < len; i++)
-			ssif_info->data[i] = data[i+2];
+			ssif_info->data[i] = data[i];
 		ssif_info->multi_len = len;
 		ssif_info->multi_pos = 1;
 
@@ -670,8 +671,19 @@ static void msg_done_handler(struct ssif
 		}
 
 		blocknum = data[0];
+		len--;
+		data++;
+
+		if (blocknum != 0xff && len != 31) {
+		    /* All blocks but the last must have 31 data bytes. */
+			result = -EIO;
+			if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
+				pr_info("Received middle message <31\n");
 
-		if (ssif_info->multi_len + len - 1 > IPMI_MAX_MSG_LENGTH) {
+			goto continue_op;
+		}
+
+		if (ssif_info->multi_len + len > IPMI_MAX_MSG_LENGTH) {
 			/* Received message too big, abort the operation. */
 			result = -E2BIG;
 			if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
@@ -680,16 +692,14 @@ static void msg_done_handler(struct ssif
 			goto continue_op;
 		}
 
-		/* Remove the blocknum from the data. */
-		len--;
 		for (i = 0; i < len; i++)
-			ssif_info->data[i + ssif_info->multi_len] = data[i + 1];
+			ssif_info->data[i + ssif_info->multi_len] = data[i];
 		ssif_info->multi_len += len;
 		if (blocknum == 0xff) {
 			/* End of read */
 			len = ssif_info->multi_len;
 			data = ssif_info->data;
-		} else if (blocknum + 1 != ssif_info->multi_pos) {
+		} else if (blocknum != ssif_info->multi_pos) {
 			/*
 			 * Out of sequence block, just abort.  Block
 			 * numbers start at zero for the second block,
@@ -717,6 +727,7 @@ static void msg_done_handler(struct ssif
 		}
 	}
 
+ continue_op:
 	if (result < 0) {
 		ssif_inc_stat(ssif_info, receive_errors);
 	} else {
@@ -724,8 +735,6 @@ static void msg_done_handler(struct ssif
 		ssif_inc_stat(ssif_info, received_message_parts);
 	}
 
-
- continue_op:
 	if (ssif_info->ssif_debug & SSIF_DEBUG_STATE)
 		pr_info(PFX "DONE 1: state = %d, result=%d.\n",
 			ssif_info->ssif_state, result);