diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2014-05-03 09:08:12 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2014-05-03 09:11:16 -0400 |
| commit | 1d2b6a1bba3fccacc66bdf556eadefc662417e3c (patch) | |
| tree | 43658beb6ea60e6146e26928fdd2f8b514102282 /HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch | |
| parent | 551aab62b808e07531299ac6f9f049f3c0d0a6a2 (diff) | |
| download | kernel-1d2b6a1bba3fccacc66bdf556eadefc662417e3c.tar.gz kernel-1d2b6a1bba3fccacc66bdf556eadefc662417e3c.tar.xz kernel-1d2b6a1bba3fccacc66bdf556eadefc662417e3c.zip | |
Add patch to fix HID rmi driver from Benjamin Tissoires (rhbz 1090161)
Diffstat (limited to 'HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch')
| -rw-r--r-- | HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch b/HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch new file mode 100644 index 000000000..972a1b142 --- /dev/null +++ b/HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch @@ -0,0 +1,60 @@ +Bugzilla: 1090161 +Upstream-status: sent https://patchwork.kernel.org/patch/4055781/ + +From patchwork Thu Apr 24 22:26:38 2014 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Subject: HID: rmi: do not fetch more than 16 bytes in a query +From: Benjamin Tissoires <benjamin.tissoires@redhat.com> +X-Patchwork-Id: 4055781 +Message-Id: <1398378398-24825-1-git-send-email-benjamin.tissoires@redhat.com> +To: Andrew Duggan <aduggan@synaptics.com>, + Christopher Heiny <cheiny@synaptics.com>, + Jiri Kosina <jkosina@suse.cz>, linux-input@vger.kernel.org, + linux-kernel@vger.kernel.org +Date: Thu, 24 Apr 2014 18:26:38 -0400 + +A firmware bug is present on the XPS Haswell edition which silently +split the request in two responses when the caller ask for a read of +more than 16 bytes. +The FW sends the first 16 then the 4 next, but it says that it answered +the 20 bytes in the first report. + +This occurs only on the retrieving of the min/max of X and Y of the F11 +function. +We only use the first 10 bytes of the Ctrl register, so we can get only +those 10 bytes to prevent the bug from happening. + +Resolves: +https://bugzilla.redhat.com/show_bug.cgi?id=1090161 + +Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> + +--- +drivers/hid/hid-rmi.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c +index 7da9509..cee89c9 100644 +--- a/drivers/hid/hid-rmi.c ++++ b/drivers/hid/hid-rmi.c +@@ -613,10 +613,15 @@ static int rmi_populate_f11(struct hid_device *hdev) + } + } + +- /* retrieve the ctrl registers */ +- ret = rmi_read_block(hdev, data->f11.control_base_addr, buf, 20); ++ /* ++ * retrieve the ctrl registers ++ * the ctrl register has a size of 20 but a fw bug split it into 16 + 4, ++ * and there is no way to know if the first 20 bytes are here or not. ++ * We use only the first 10 bytes, so get only them. ++ */ ++ ret = rmi_read_block(hdev, data->f11.control_base_addr, buf, 10); + if (ret) { +- hid_err(hdev, "can not read ctrl block of size 20: %d.\n", ret); ++ hid_err(hdev, "can not read ctrl block of size 10: %d.\n", ret); + return ret; + } + |