Re: [PATCH] i2c: smbus: make i2c_smbus_read_block_data() safer

Next message: Aksh Garg: "Re: [PATCH] PCI: cadence: skip the link polling when endpoint not connected"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: synaptics-rmi4 - bound the SMBus block read to the caller buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dmitry Torokhov

Date: Tue Jun 23 2026 - 01:24:18 EST

On Thu, Oct 17, 2024 at 05:28:48PM -0700, Dmitry Torokhov wrote:
> i2c_smbus_read_block_data() is dangerous to use because it may deliver
> up to I2C_SMBUS_BLOCK_MAX (32) bytes, which may be surprising to the
> caller. Callers tend to allocate buffers of sizes big enough to hold
> data from a well-behaving device and do not expect that
> i2c_smbus_read_block_data() may attempt to write more data than
> expected.
>
> To make i2c_smbus_read_block_data() safer to use change it so that
> it accepts size of the supplied buffer as another argument and ensure
> that it will not copy more data than the size of the buffer.
>
> To allow users to gradually transition to the new API employ some
> macro trickery allowing calling i2c_smbus_read_block_data() with either
> 3 or 4 arguments. When called with 3 arguments it is assumed that
> the buffer size is I2C_SMBUS_BLOCK_MAX bytes. Once everyone is
> transitioned to the 4 argument form the macros should be removed.
>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>

Wolfram, any chance we could get this in? I am getting patches for OOB
access because of the unexpected behavior and I'd like to fix them
without doing extra memcpy().

Thanks.

--
Dmitry