William A. Kennington III 4ca07b9239 net: mctp i2c: check length before marking flow active ... Currently, mctp_i2c_get_tx_flow_state() is called before the packet length sanity check. This function marks a new flow as active in the MCTP core. If the sanity check fails, mctp_i2c_xmit() returns early without calling mctp_i2c_lock_nest(). This results in a mismatched locking state: the flow is active, but the I2C bus lock was never acquired for it. When the flow is later released, mctp_i2c_release_flow() will see the active state and queue an unlock marker. The TX thread will then decrement midev->i2c_lock_count from 0, causing it to underflow to -1. This underflow permanently breaks the driver's locking logic, allowing future transmissions to occur without holding the I2C bus lock, leading to bus collisions and potential hardware hangs. Move the mctp_i2c_get_tx_flow_state() call to after the length sanity check to ensure we only transition the flow state if we are actually going to proceed with the transmission and locking. Fixes: f5b8abf9fc ("mctp i2c: MCTP I2C binding driver") Signed-off-by: William A. Kennington III <william@wkennington.com> Acked-by: Jeremy Kerr <jk@codeconstruct.com.au> Link: https://patch.msgid.link/20260423074741.201460-1-william@wkennington.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>		2026-04-28 13:11:53 +02:00
..
Kconfig	net: mctp: Add MCTP USB transport driver	2025-02-21 16:45:21 -08:00
Makefile	net: mctp: Add MCTP USB transport driver	2025-02-21 16:45:21 -08:00
mctp-i2c.c	net: mctp i2c: check length before marking flow active	2026-04-28 13:11:53 +02:00
mctp-i3c.c	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
mctp-serial.c	net: mctp: Expose transport binding identifier via IFLA attribute	2024-11-09 09:04:54 -08:00
mctp-usb.c	net: mctp: fix device leak on probe failure	2026-03-06 15:38:21 -08:00